Commit graph

3638 commits

Author SHA1 Message Date
87b5499ba7 legacy-um: Time for tequila! 2024-09-07 21:29:18 +00:00
Naseer Ahmed
a0cc2d5fd8 sepolicy: Add memtrack HAL
Change-Id: I96aba595b174dcdf8949e17cd13f97d1c76af1d4
2024-07-13 10:30:37 +08:00
Bruno Martins
84869e5cb4 legacy: Add common telephony rules
Seen across msm4.4 and msm4.9 families.

Change-Id: I47a049dc72e30363b728aa8c25f4571c3b25045b
2024-04-14 16:34:29 +00:00
Ankit Siddhapura
b7e999e50c sepolicy: fix domain for com.qualcomm.telephony
fixed `E SELinux : selinux_android_setcontext:  Error setting context for
app with uid 10133, seinfo platform:targetSdkVersion=31:complete: Invalid argument

Change-Id: I9c14ebd9413e877d29a99b07534aed0ac3108610
2024-04-02 21:55:13 +00:00
Bruno Martins
d3dc18a45c legacy: Allow communication between rild and data module
Fixes full IWLAN mode on msm8998 devices.

Change-Id: Id7cb510336f6ee28033d7683cc2c01b29db6c6a2
2024-03-31 02:47:12 +01:00
Michael Bestas
7eabf65ff9
Merge tag 'LA.UM.12.2.1.r1-02900-sdm660.0' into staging/lineage-21.0_merge-LA.UM.12.2.1.r1-02900-sdm660.0
"LA.UM.12.2.1.r1-02900-sdm660.0"

* tag 'LA.UM.12.2.1.r1-02900-sdm660.0':
  Sepolicy : Allow vendor_init to access bluetooth prop.
  Add sepolicy dir and sock permissions to location module
  location AVC denials during user profile switch

 Conflicts:
	legacy/vendor/common/property_contexts

Change-Id: Ic870aa5f9abe177e4d8c00a1bf3d9b66b67e3d75
2024-03-29 12:08:16 +02:00
Michael Bestas
a55fc3cc31
legacy: Allow USB HAL get vendor_usb_prop
Similar to hal_usb_qti.

Change-Id: If0f608f8f2c59a21f89ffebc118e56c559a90755
2024-03-22 13:44:03 +01:00
Linux Build Service Account
f7b43c73fc Merge 781cfc8b70 on remote branch
Change-Id: I14db31b322d381a2eefde3dab9fd83520aa478d7
2024-02-20 04:36:52 -08:00
Neelu Maheshwari
781cfc8b70 Sepolicy : Allow vendor_init to access bluetooth prop.
Change-Id: I393b039b87ac8d717f42640030c1e5d01049ab70
2024-02-08 23:56:36 -08:00
Linux Build Service Account
dabe110bf0 Merge "Add sepolicy dir and sock permissions to location module" into sepolicy.lnx.12.0.c2 2024-01-30 21:10:00 -08:00
Harikrishnan Hariharan
e1c8914c62 Add sepolicy dir and sock permissions to location module
Allow location module to have directory read, write
and socket create permissions in /data/vendor/ path.

CRs-Fixed: 2205732
Change-Id: I4a75623b562337e13b121bacf86af0f97f457916
2024-01-25 09:06:34 +05:30
Nilesh Gharde
8273b09de3 location AVC denials during user profile switch
CRs-fixed: 3713029
Change-Id: Ie20f60a981769278dc1fda195e55f27942cd6a78
2024-01-23 03:12:55 -08:00
Bruno Martins
18b608b651 Merge tag 'LA.UM.12.2.1.r1-02500-sdm660.0' of https://git.codelinaro.org/clo/la/device/qcom/sepolicy into lineage-21.0-legacy-um
"LA.UM.12.2.1.r1-02500-sdm660.0"

* tag 'LA.UM.12.2.1.r1-02500-sdm660.0' of https://git.codelinaro.org/clo/la/device/qcom/sepolicy:
  sepolicy : Allow apps to have read access to vendor_display_prop
  sepolicy:qcc: add qcc path to dropbox
  sepolicy:qcc : switch to platform app
  Sepolicy : dontaudit to vendor.hw.fm.init property
  SE Policy change to fix avc denial for qcrild socket
  Avc denials on sdm660 from location, hal_gnss_qti
  sepolicy: Add file context for Widevine DRM
  sepolicy: Add file context for DRM
  sepolicy: Fix qcc avc denial issue
  sepolicy:donotaudit for com.qualcomm.location
  Sepolicy rules to allow Gnss Hal to access ssgtz
  sepolicy rules to allow Gnss Hal to access RIL Srv
  Allow vendor_location_xtwifi_client to access ssgtzd socket

 Conflicts:
	generic/vendor/common/file_contexts
	legacy/vendor/common/vendor_init.te

Change-Id: Ibcd6a15e0ee9ab5bee6da5bafb41702e67549e30
2024-01-09 10:36:03 +00:00
Linux Build Service Account
696224d4c9 Merge 8569f71b88 on remote branch
Change-Id: I1c1e45d37872a1c5a0e8ff18582e942fbd7cb504
2023-12-22 00:49:45 -08:00
Neelu Maheshwari
8569f71b88 sepolicy : Allow apps to have read access to vendor_display_prop
Change-Id: Ib2793107a54fa1a2df60ac872645277a9a0b2415
2023-11-27 23:29:02 -08:00
Michael Bestas
4bf4c11974
Revert "sepolicy: Label idle_state node"
This reverts commit 4479f08d19.

Change-Id: Iecfb9e94e65e45597a43256eb877fb8c8a8f4717
2023-11-28 02:31:57 +02:00
Linux Build Service Account
36ea3c2980 Merge "SE Policy change to fix avc denial for qcrild socket" into sepolicy.lnx.12.0.c2 2023-11-27 01:46:54 -08:00
Linux Build Service Account
1ea539bb46 Merge "Avc denials on sdm660 from location, hal_gnss_qti" into sepolicy.lnx.12.0.c2 2023-11-27 01:46:51 -08:00
BeYkeRYkt
4479f08d19 sepolicy: Label idle_state node
Change-Id: I4ab197511726e28f7005d0e808803493e406591e
2023-11-25 23:45:59 +00:00
Linux Build Service Account
0591d9f541 Merge 5207f749c4 on remote branch
Change-Id: I09b5099e114c2765b525dbc8674085569aa746a7
2023-11-24 15:02:54 -08:00
Linux Build Service Account
5207f749c4 Merge "sepolicy: Add file context for Widevine DRM" into sepolicy.lnx.12.0.c2 2023-11-22 23:31:23 -08:00
Linux Build Service Account
2664ad4668 Merge "Sepolicy : dontaudit to vendor.hw.fm.init property" into sepolicy.lnx.12.0.c2 2023-11-17 02:52:29 -08:00
Linux Build Service Account
0ccdfafa9a Merge "sepolicy:qcc : switch to platform app" into sepolicy.lnx.12.0.c2 2023-11-16 22:21:34 -08:00
Sanghoon Shin
2145757135 sepolicy:qcc: add qcc path to dropbox
allow both "qcc" and "qdma" in preparation to transition to "qcc"
to avoid use "qdma" word in implementation

Change-Id: I608f8ecc14e56f3b17823c759c7064f09601f594
2023-11-16 05:10:18 -08:00
Sanghoon Shin
4c6d84fd65 sepolicy:qcc : switch to platform app
Change-Id: I661fef3af7d0a9518f67e14f2787999f268485e0
2023-11-16 05:10:11 -08:00
Neelu Maheshwari
adc7e8bb6b Sepolicy : dontaudit to vendor.hw.fm.init property
Change-Id: I0abc011871328bb269767ceffe9b6ddb2cf9b185
2023-11-16 17:39:38 +05:30
Kamesh Relangi
4603509240 SE Policy change to fix avc denial for qcrild socket
Change-Id: I1c2f3378d974a07496590a3dbd1b20323dbbba16
2023-11-15 11:51:54 +05:30
Nilesh Gharde
1750c0806f Avc denials on sdm660 from location, hal_gnss_qti
Change-Id: I3ac6a4d5db46cce66eecd70531a180e21177d979
CRs-fixed: 3661430
2023-11-15 11:48:10 +05:30
Bruno Martins
f9b54fb034 sepolicy: Label QTI health AIDL service
Change-Id: Ic49f0d4fa46ac4749e9bad3a9d4a780c54c3880e
2023-11-13 17:01:08 +00:00
Bruno Martins
ce7b0f7cac sepolicy: Remove duplicate hwservice_contexts
Multiple same specifications for vendor.qti.hardware.systemhelper::ISystemResource.
Multiple same specifications for vendor.qti.hardware.systemhelper::ISystemEvent.

Change-Id: Ied0215bcc342c5f93fdd5ae4ba5e2a16ba8bf83f
2023-11-12 13:03:10 +00:00
Alexander Martinz
6aeeffc61d legacy: allow apexd to write to sysfs_mmc_host
As qualcomm relabels read_ahead_kb and friends as sysfs_mmc_host
we explicitly need to grant apexd access to it or it will break.

This results in eg GSIs to be unbootable.

type=1400 audit(3799551.036:40): avc: denied { read write }
  for comm="apexd" name="read_ahead_kb" dev="sysfs" ino=81305
  scontext=u:r:apexd:s0 tcontext=u:object_r:sysfs_mmc_host:s0
  tclass=file permissive=0

Change-Id: Iea24b94318893e8526e06e24bc3308acba37b0cc
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
2023-11-03 22:21:59 +00:00
Linux Build Service Account
e1e39dc497 Merge "sepolicy: Add file context for DRM" into sepolicy.lnx.12.0.r21-rel 2023-11-03 08:14:01 -07:00
Prabhat Roy
a14482b2b1 sepolicy: Add file context for Widevine DRM
Set context for widevine services
android.hardware.drm-service-widevine
android.hardware.drm-service-lazy.widevine

validation:
xts test case: passes all the xts test case

Change-Id: I568149e2c91f86a72007fb5b04f5597f133eea64
2023-11-03 12:46:32 +05:30
Prabhat Roy
a17345a7ce sepolicy: Add file context for DRM
Change-Id: I568149e2c91f86a72007fb5b04f5597f133eea64
2023-11-02 11:12:02 +05:30
LuK1337
f0f3f11097 sepolicy: isolated_app -> isolated_app_all
Change-Id: I10b09afe41b927875d1f7c37d6fc18b75ae1250a
2023-10-31 23:56:49 +00:00
Giovanni Ricca
47ba089fb7
sepolicy: Drop duplicate label
* Merged on https://review.lineageos.org/c/LineageOS/android_device_lineage_sepolicy/+/371121

Change-Id: If4ab4cf2765572b662a60286651ab967fb90d133
2023-10-28 15:08:26 +02:00
Linux Build Service Account
a015be7f62 Merge "sepolicy: Fix qcc avc denial issue" into sepolicy.lnx.12.0.c2 2023-10-11 23:26:20 -07:00
Neelu Maheshwari
8b41a7958b sepolicy: Fix qcc avc denial issue
Add rule to allow qcc to access runtime data file and fix below
    denial:

    avc: denied { read } for  comm="qccsyshal@1.2-s" name="qcc" dev="dm-36" ino=682
    scontext=u:r:vendor_qccsyshal_qti:s0 tcontext=u:object_r:system_data_file:s0
    tclass=dir permissive=0

Change-Id: I1477af3537b8158d4c47af93cf753db89e20cccd
2023-10-11 23:03:28 -07:00
Neelu Maheshwari
61bf1906d7 sepolicy:donotaudit for com.qualcomm.location
auditd  : type=1400 audit(0.0:25): avc:  denied  { read } for  comm="alcomm.location"
name="u:object_r:default_prop:s0" dev="tmpfs" ino=23722
scontext=u:r:vendor_location_app:s0 tcontext=u:object_r:default_prop:s0
tclass=file permissive=0 app=com.qualcomm.location

Change-Id: I1fe8e7730f569fbaf955e79aba784de70cc9f944
2023-10-11 22:56:13 -07:00
Linux Build Service Account
bd5cc9c436 Merge 1347478fc8 on remote branch
Change-Id: I40b303693249945736a7815f1f5bf1a4c25a15b4
2023-10-03 13:37:46 -07:00
Bharath
9f61741dd6 sepolicy: Label QTI Thermal HAL 2.0
The name was changed from thermal.msm8953 to a generic one while
moving to 2.0. Hence, add proper label to the new HAL binary.

Change-Id: I7e73035224a3f421c1f8f8e7a4e0f6ab072fab32
(cherry picked from commit 578d104a6e72b9289af668780acd571bad4bc489)
2023-09-28 15:09:36 +05:30
Nilesh Gharde
cdaad86cac Sepolicy rules to allow Gnss Hal to access ssgtz
CRs-fixed: 3593483
Change-Id: Iec880aa7908f2c3aa71695a4961823ff7dd0b677
2023-09-25 00:06:03 -07:00
Linux Build Service Account
1347478fc8 Merge "Allow vendor_location_xtwifi_client to access ssgtzd socket" into sepolicy.lnx.12.0.c2 2023-09-20 02:28:21 -07:00
Linux Build Service Account
a859c67fc9 Merge "sepolicy rules to allow Gnss Hal to access RIL Srv" into sepolicy.lnx.12.0.c2 2023-09-20 02:28:18 -07:00
Nolen Johnson
fd5f0ffce2 legacy: common: Label discard_max_bytes for SDB devices
Change-Id: Ic95a3bfdb53073b6f68b985ea1fbd3f3c3ce34a3
2023-08-23 15:13:41 +00:00
me-cafebabe
ada4be8ba0 Allow FM2 app to read/write vendor.hw.fm. props
* Those props are used by vendor/qcom/opensource/fm-commonsys/jni/android_hardware_fm.cpp

Change-Id: I1a141e7d4a0e7d1d788fb049e0e8625d1b2d7e27
2023-08-04 09:50:10 +02:00
jro1979oliver
d2866673fb
sepolicy: Import legacy usb rules
- commit https://review.lineageos.org/c/LineageOS/android_device_qcom_sepolicy/+/360376
  relabeled the usb hal and we hit the following log:

usb@1.0-service: type=1400 audit(0.0:5346): avc: denied { search } for uid=1000 name="usbpd0" dev="sysfs" ino=40564 scontext=u:r:hal_usb_default:s0 tcontext=u:object_r:sysfs_usbpd_device:s0 tclass=dir permissive=0
07-13 12: 41:07.134   816  2117 E android.hardware.usb@1.0-service: uevent received SUBSYSTEM=dual_role_usb
07-13 12: 41:07.135   816  2117 I android.hardware.usb@1.0-service: otg_default
07-13 12: 41:07.135   816  2117 E android.hardware.usb@1.0-service: getCurrentRole: Failed to open filesystem node
07-13 12: 41:07.135   816  2117 E android.hardware.usb@1.0-service: Error while retreiving portNames
07-13 12: 41:07.138  1588  2451 E UsbPortManager: port status enquiry failed

Co-authored-by: ExactExampl <64069095+ExactExampl@users.noreply.github.com>
Change-Id: I6b58a248195c59f09514caa7b89c2810f7a8e146
2023-07-25 19:45:53 +03:00
Michael Bestas
b1710c61ea
sdm660: Label 4.19 backlight node
Change-Id: Ied1fc8844852fbef3711e46bcc07d4ec100e7a12
2023-07-15 14:01:14 +03:00
Quallenauge
470d8edfda
sepolicy: Allow qti_init_shell to set proc_watermark_scale_factor.
Change-Id: I5e59fd91e723df95224e5738295c2b8007f6f053
2023-07-15 14:01:14 +03:00
Michael Bestas
fc9b1c6105
sepolicy: Guard debugfs rules
Allow building with PRODUCT_SET_DEBUGFS_RESTRICTIONS set.

Change-Id: I0d0703ea21f1f812c06247a3db2bc755e8904149
2023-07-15 14:01:14 +03:00