tequilaOS/platform_device_qcom_sepolicy-legacy-um
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
2787 commits 1 branch 0 tags 4.7 MiB
Commit graph

2787 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vijay Agrawal
9e590042e9 sepolicy: Give read/write permission to vender_gles_data_file 
Add sepolicy for untrusted_app_25, priv_app.te, domain.te
to read/write vender_gles_data_file to access system_server,
surfaceflinger, bootanim, system_app, platform_app,
priv_app, radio, shell

04-11 21:12:48.359  8395  8395 W RenderThread: type=1400
audit(0.0:1058): avc: denied { read } for
name="esx_config.txt" dev="dm-0" ino=295474
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:vendor_data_file:s0 tclass=file
permissive=0 app=com.qualcomm.adrenotest.

CRs-Fixed:2436094, 2441817

Change-Id: I15dc9873cd38bbca9f955917d57b3da2a5b056b7
Signed-off-by: Vijay Agrawal <vijaagra@codeaurora.org>
 2019-05-14 11:01:35 +05:30
qctecmdr
162144eeba Merge "Add loopback vendor service domain" 2019-05-13 11:35:20 -07:00
Eric Chang
044af9fdc0 Add loopback vendor service domain 
Change-Id: I48600bd2d41f9f145a01f4af06f0312dc74f0ec0
 2019-05-13 10:14:53 -07:00
Ashwani Jha
c00a363079 sepolicy: Add sepolicy rules for qvrservice. 
Sepolicy rules to give access to qvrservice and external apk that uses
qvr runtime.

Change-Id: I86e5056112b62c65b0bd7a6ec00fdc2afc5f2b88
 2019-05-13 09:17:07 -07:00
shoudil
0ab001b27a sepolicy: allow property settable for vendor_init 
Allow property ro.vendor.qti.va_aosp settable for vendor_init.
Help ODM properties get loaded successfully.

Change-Id: Ie3005a625957673c150aba40373572278329bf0a
CRs-Fixed: 2451592
 2019-05-13 18:12:04 +08:00
qctecmdr
4ca4564abe Merge "sepolicy: Add access policy for charger files" 2019-05-12 22:15:07 -07:00
Umang Agrawal
c0b750ecef sepolicy: Add access policy for charger files 
Add labels for charger related sysfs devices and script, and add policy
for charger script to access charger devices.

Change-Id: I4cbea169bd75a8f6474d6390614f43dd6ed5efc2
 2019-05-10 11:55:15 +05:30
qctecmdr
56ec9c4e76 Merge "sepolicy: Added hal_perf_hwservice permisions" 2019-05-09 11:52:26 -07:00
qctecmdr
f8546824b2 Merge "sepolicy: Define security context for "ro.build.software.version"" 2019-05-09 10:01:31 -07:00
qctecmdr
bd80cd6bfa Merge "sepolicy : addressed dumpstate related denials." 2019-05-09 08:15:09 -07:00
qctecmdr
65d2e95aab Merge "sepolicy: Add sepolicy for hal_memtrack to read sysfs_kgsl_proc" 2019-05-09 05:50:26 -07:00
Devi Sandeep Endluri V V
ec15b57f88 sepolicy: Define security context for "ro.build.software.version" 
All vendor init process would have access to vendor_default_prop.
Define security context for "ro.build.software.version" as
vendor_default_prop.

Change-Id: I5b1f1698dcbb3d914a66c540f31f7624c707a72e
 2019-05-09 04:12:47 -07:00
qctecmdr
a608767889 Merge "sepolicy: Declared FastCV libs as sp-hal" 2019-05-09 04:01:18 -07:00
qctecmdr
2906183b07 Merge "sepolicy: Declaring opencl.so as sp-hal for all the targets." 2019-05-09 02:10:34 -07:00
qctecmdr
58bd346722 Merge "sepolicy: Add rule for imsrcsd to communicate with radio" 2019-05-09 00:25:19 -07:00
qctecmdr
7e71c0fd5c Merge "sepolicy: Add policy for USB HAL" 2019-05-08 22:30:10 -07:00
qctecmdr
9d00341c38 Merge "qva: Add sepolicy support for wifilearner service and IWifiStats HAL." 2019-05-08 16:51:58 -07:00
kranthi
abea04783c sepolicy: Add sepolicy for hal_memtrack to read sysfs_kgsl_proc 
Add sepolicy for hal_memtrack_default to read kgsl memory.

avc: denied { read } for comm="memtrack@1.0-se"
name="gpumem_mapped"dev="sysfs" ino=82422
scontext=u:r:hal_memtrack_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0.

CRs-Fixed: 2421195

Change-Id: I254df836754b5ebc09f44f7053edf85867a963a5
 2019-05-08 15:22:59 +05:30
Richa Agarwal
7d6fb60768 sepolicy: Added hal_perf_hwservice permisions 
Added hal_perf_hwservice permisions for
qtidataservices_app.te file

Change-Id: Ib480a503c1652e0650bda4aff07085ff894178d6
 2019-05-08 14:02:21 +05:30
Pavan Kumar M
58d519cbcc Add permission to set/get persist.vendor.net.doxlat 
- Add permission for rild to set and get the property
  persist.vendor.net.doxlat

- Revoke set_prop permission to system_server.

- Define domain for DataConnection HAL

Change-Id: I143bfffa8af61d087d8210516c57a211e25f0a1d
CRs-Fixed: 2425156
 2019-05-07 21:06:28 -07:00
Veerendranath Jakkam
d64f108c0e qva: Add sepolicy support for wifilearner service and IWifiStats HAL. 
This commit defines required seploicy rules for wifilearner service
and IWifiStats HAL.

CRs-Fixed: 2444187
Change-Id: I42d84567f253b42b42ce27138cb25df89246c604
 2019-05-07 21:28:25 +05:30
Suman Voora
50a3807ca7 sepolicy: Declared FastCV libs as sp-hal 
Updated the permissions for cvp,scve hals
          Needed CV libs to be accessed by the apks.
Change-Id: Ic65a1e4bd75d4d978200fe62e23ddc354a7e83f2
 2019-05-07 16:08:39 +05:30
Ravi Kumar Siddojigari
432d4af4c9 sepolicy : addressed dumpstate related denials. 
As part of CTS testing its expected no denails should be seen
from dumpstate domain during testing so addressing generic
permission issue.

test :testNoBugreportDenials

Change-Id: I27178e6b4180d53cd5f6574bf71fe54819b10454
 2019-05-07 00:37:11 -07:00
qctecmdr
518a386347 Merge "sepolicy: Add required sepolicy for vulkan.adreno.so" 2019-05-06 11:25:08 -07:00
qctecmdr
e46c882b62 Merge "sepolicy: remove violators which are not to be used" 2019-05-06 03:50:36 -07:00
qctecmdr
c6c1f9df62 Merge "sepolicy: Add wakelock capability for rcsservice" 2019-05-05 21:57:18 -07:00
qctecmdr
fb28767493 Merge "sepolicy :: Adding PanoramaTracking interface in hwservice" 2019-05-05 21:56:18 -07:00
qctecmdr
38ceae6f6b Merge "sepolicy: Add policy to allow access to rmnet_mhi0 RPS entry" 2019-05-05 21:55:16 -07:00
qctecmdr
eba70922ee Merge "sepolicy: GPU permission for halcamera" 2019-05-05 21:54:19 -07:00
qctecmdr
e36a6e565c Merge "sepolicy: add permission for charger" 2019-05-05 21:48:28 -07:00
qctecmdr
b461848bbe Merge "sepolicy: Allow the write access to persist property" 2019-05-05 21:47:17 -07:00
qctecmdr
6cc069c44c Merge "Allow vendor_init to set disable_spu property" 2019-05-05 21:46:19 -07:00
qctecmdr
6f9f6654cf Merge "sepolicy: Add sepolicy rules for qg device" 2019-05-05 21:45:12 -07:00
qctecmdr
5bc74aa235 Merge "Adding sepolicy rules to qva folder" 2019-05-05 21:44:28 -07:00
qctecmdr
a82887e992 Merge "sepolicy: Add interface entry for WFD HAL" 2019-05-05 21:42:15 -07:00
qctecmdr
ec7072156a Merge "sepolicy: allow mediacodec to access audio devices" 2019-05-04 21:04:12 -07:00
Rama Krishna Nunna
bc8a16ed8b Camera: Add permission to access camera library for passthrough hidl 
- Gralloc needs to access Camera library
- Adding necessary permissions

Change-Id: Id1d1740dd10fcc4ca393f909348297ac13beba39
 2019-05-03 16:25:45 -07:00
Devi Sandeep Endluri V V
e8c9a38c08 sepolicy: Add rule for imsrcsd to communicate with radio 
Change-Id: I6d1c45b5d92347957b4f2813e267dda5049c4d9d
 2019-05-03 03:01:08 -07:00
qctecmdr
68595637d5 Merge "sepolicy : Permit system_server to read vendor display properties" 2019-05-03 01:13:39 -07:00
Sumit LNU
bfb6285e8a sepolicy :: Adding PanoramaTracking interface in hwservice 
Failure VtsTrebleVendorVintfTest tests failed as
vendor.qti.hardware.scve.panorama@1.0::IPanoramaTracking
not available

Change-Id: I6c64ab6ce120c45d43479ab663c11f7650d35f05
 2019-05-03 11:09:28 +05:30
Jack Pham
f9bd0b096a sepolicy: Add policy for USB HAL 
Add rules for hal_usb_qti service, which is part of hal_usb
and hal_usb_gadget domains defined by system policy. Grant
access to needed properties and files.

Change-Id: I1e03ad1e63f5c70788f04e52833f6d09cc76eca8
 2019-05-02 11:17:41 -07:00
Ravi Kumar Siddojigari
a26eb5586a sepolicy: remove violators which are not to be used 
As part of security hardening  following  violators are
been removed
1. untrusted_app_visible_hwservice_violators
2. data_between_core_and_vendor_violators

Security testing check for violators sharing data between core and
vendor so removed the violator exception  in vendor_init.

hwservice are not to be exposed to untrusted app so remove hal_perf
for this list untrusted_app_visible_hwservice_violators list

Test:
testNoExemptionsForDataBetweenCoreAndVendor
testNoUntrustedAppVisiblehwservice

Change-Id: I76f26848a0f148b1b332f68fd05f7632f9399af6
 2019-05-02 16:46:14 +05:30
Jaihind Yadav
5955fb1335 sepolicy : remove sysfs_net related entries which are duplicate 
Following paths on sysfs are now labeled in system side
file_contexts  so removing the duplicate entries from
vendor side genfs_contexts .

/module/tcp_cubic/parameters
/devices/virtual/net
Change-Id: I4c872ca3e14da9a73b1adbfd9671c3df1a0046c8
 2019-05-02 14:39:44 +05:30
Barani Muthukumaran
99a68bb7fe Allow vendor_init to set disable_spu property 
vendor.gatekeeper.disable_spu is added to /vendor/build.prop,
allowing vendor_init to set this property to ensure the
property can be read by gatekeeper and through getprop

Change-Id: Icb9362e330573eec9d96f5bb8d5bb0aeae1f8b76
 2019-05-01 17:23:01 -07:00
Subbaraman Narayanamurthy
060ac51eda sepolicy: add permission for charger 
Add the necessary permission for charger binary to support offmode
charging.

Change-Id: I6b173c07e221b50b51f3381f8d0b490535ae73ae
 2019-05-01 15:37:18 -07:00
Kiran Gunda
28b52b4bc4 sepolicy: Allow the write access to persist property 
Add the set_prop for the hvdcp_opti to have a write access to the
persist property.

Change-Id: Id15a2529faa74e2fc96cec9a9d02d2dd84145d34
Signed-off-by: Kiran Gunda <kgunda@codeaurora.org>
 2019-05-01 06:28:38 -07:00
Subash Abhinov Kasiviswanathan
78217eca78 sepolicy: Add policy to allow access to rmnet_mhi0 RPS entry 
This is needed to set the receive packet steering entry.
Fixes the following denial -

avc: denied { read write } for comm="netmgrd" name="rps_cpus"
dev="sysfs" ino=79460 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

CRs-fixed: 2425568
Change-Id: Idc94fbef7ed922a6d2376fd82bdb6cb45ff0d536
 2019-04-30 16:23:20 -06:00
Ramjee Singh
5bd9b9abe0 sepolicy: allow mediacodec to access audio devices 
Mediacodec needs to access audio devices to use OMX HW decoders and
encoders. Allow mediacodec to access audio devices.

Change-Id: I6706f989d8e90607bd3134a88268322451122b15
 2019-04-30 05:11:50 -07:00
Mathew Joseph Karimpanal
b32d150dc9 sepolicy : Permit system_server to read vendor display properties 
Permit system_server to read vendor.display.xxx properties.

Change-Id: I4fb74c2edabd6203304b256bb87cb84517dcad58
CRs-fixed: 2444569
 2019-04-30 17:29:19 +05:30
Indranil
f3baa43a0d sepolicy: Add interface entry for WFD HAL 
Change-Id: I3c52c6f7c5de4ea2d324012ce08bbe9a0c2d6d84
 2019-04-29 19:13:29 +05:30