tequilaOS/platform_device_qcom_sepolicy-legacy-um

Author	SHA1	Message	Date
Bruno Martins	5484e1497d	hal_usb_qti: Make legacy rules more aligned with QVA Change-Id: If35e87a56efb3e7a82ed2f06bb4dcab8ec4a0e82	2023-07-15 14:01:14 +03:00
LuK1337	c2b70184e1	sepolicy: Label QTI USB HAL Change-Id: I0fce6172ce47f4f61d9ee2cb829749b4e5643403	2023-07-15 14:01:14 +03:00
Michael Bestas	28a0580725	Merge tag 'LA.UM.11.2.1.r1-04100-sdm660.0' into staging/lineage-20.0_merge-LA.UM.11.2.1.r1-04100-sdm660.0 "LA.UM.11.2.1.r1-04100-sdm660.0" * tag 'LA.UM.11.2.1.r1-04100-sdm660.0': sepolicy: Compilation fix for newer upgrade. sepolicy: Add sepolicy rules for TZAS sepolicy: using SYSTEM_EXT_<PUBLIC/PRIVATE>_SEPOLICY_DIRS variable sepolicy: Add policy for atfwd client sepolicy: Add sepolicy for AtCmdFwd app Conflicts: SEPolicy.mk Change-Id: I3743693bab62bcacd4862b40fe3a51e8131ca66a	2023-07-11 16:17:48 +03:00
Michael Bestas	1d7b129f0b	sepolicy: Allow location read xtra-daemon control property Change-Id: If869f21c4397c65672c9319990d8dc4baca2aa3a	2023-06-07 00:58:30 +03:00
Linux Build Service Account	f76894974a	Merge `6f68a803eb` on remote branch Change-Id: I6dea49853525da383085cce2826bf5a5e2372249	2023-06-05 08:12:29 -07:00
Himanshu Agrawal	6f68a803eb	sepolicy: Compilation fix for newer upgrade. Change-Id: I7eb38060cb0a1ad3e09d221022bd5955fb95b396	2023-05-19 05:10:20 -07:00
Linux Build Service Account	546edbb3c4	Merge "sepolicy: using SYSTEM_EXT_<PUBLIC/PRIVATE>_SEPOLICY_DIRS variable" into sepolicy.lnx.12.0.c2	2023-05-19 04:43:49 -07:00
Mobashshirur Rahman	5115a5faef	sepolicy rules to allow Gnss Hal to access RIL Srv Change-Id: Iacbe878f740c71923d5da5c82fbe754ec9fb156b	2023-05-17 17:18:25 +05:30
Mobashshirur Rahman	b3c7469b74	Allow vendor_location_xtwifi_client to access ssgtzd socket Change-Id: Ia3bdc36b455192f87fc480143068f49e8a401314	2023-05-17 17:12:39 +05:30
Michael Bestas	efdc05a907	sepolicy: Restrict access to /sys/devices/soc0/serial_number Change-Id: I6254ef6e160ff0d3c3ce2e51f20f557e75826dff	2023-05-11 20:14:34 +03:00
Himanshu Agrawal	0d44cf1b75	sepolicy: Add sepolicy rules for TZAS Add the sepolicy rules for trustzone access service to provide it access to various vendor and android services. Change-Id: I80f8bcb9a917ed18331fa3b92f1e8c65f8c631ad	2023-05-09 03:05:55 -07:00
Himanshu Agrawal	c88bdefd08	sepolicy: using SYSTEM_EXT_<PUBLIC/PRIVATE>_SEPOLICY_DIRS variable BOARD_PLAT_<PUBLIC/PRIVATE>SEPOLICY_DIR is going to be deprecated so using new flag. Change-Id: I039e81ca3bced08038f0e7f2ea3e706947d024fb	2023-05-09 03:05:14 -07:00
Linux Build Service Account	1f3c5bd578	Merge `ee6be5f18d` on remote branch Change-Id: I7cb5c59bb7b8b05fa9eaa8db83f442e8e73d8521	2023-05-03 00:42:23 -07:00
Michael Bestas	f587eed501	Merge tag 'LA.UM.11.2.1.r1-03400-sdm660.0' into staging/lineage-20.0_merge-LA.UM.11.2.1.r1-03400-sdm660.0 "LA.UM.11.2.1.r1-03400-sdm660.0" # By Arvind Kumar (1) and Jiani Liu (1) # Via Jiani Liu (1) and Linux Build Service Account (1) * tag 'LA.UM.11.2.1.r1-03400-sdm660.0': Add sepolicy for ISupplicantVendor aidl Permission to access binderfs for binder info Change-Id: Ice22795ff63de9cc918af6a22e113fe1fce1de83	2023-04-24 18:10:38 +03:00
Sridhar Kasukurthi	ee6be5f18d	sepolicy: Add policy for atfwd client Add policy for atfwd daemon client Change-Id: I0251b892ffdfbd02ba16b3dc08998581b1c45015 CRs-Fixed: 3450521	2023-04-05 11:54:07 +05:30
Linux Build Service Account	5a2d5c4c76	Merge `f9714cd55d` on remote branch Change-Id: I6783a1c218a62aa4ba21eb2a5fb009f7e7e04e18	2023-04-03 11:26:09 -07:00
Michael Bestas	eca848c791	Merge tag 'LA.UM.11.2.1.r1-03300-sdm660.0' into staging/lineage-20.0_merge-LA.UM.11.2.1.r1-03300-sdm660.0 "LA.UM.11.2.1.r1-03300-sdm660.0" # By Jiani Liu (1) and Sanghoon Shin (1) # Via Gerrit - the friendly Code Review server (1) and Linux Build Service Account (1) * tag 'LA.UM.11.2.1.r1-03300-sdm660.0': Add sepolicy for ISupplicantVendor aidl sepolicy: fix issue on non-snap target Change-Id: I512ef692ad0178c26817da2745b67e5dd43c1ee1	2023-03-24 03:08:25 +02:00
Sridhar Kasukurthi	5411d6a5af	sepolicy: Add sepolicy for AtCmdFwd app Change-Id: I5b3bf28701a785988dcaaaf207a98d0d1cb3f002	2023-03-23 15:46:34 +05:30
Jiani Liu	e0e6534e6e	Add sepolicy for ISupplicantVendor aidl This commit adds required sepolicy changes to avoid avc denial for new vendor.qti.hardware.wifi.supplicant.ISupplicantVendor/default. Change-Id: Ie272772338299eb2c684b1c3683e062b12ca486b	2023-03-06 22:56:30 -08:00
Jiani Liu	f9714cd55d	Add sepolicy for ISupplicantVendor aidl This commit adds required sepolicy changes to avoid avc denial for new vendor.qti.hardware.wifi.supplicant.ISupplicantVendor/default. Change-Id: Ie272772338299eb2c684b1c3683e062b12ca486b	2023-03-07 14:54:08 +08:00
Georg Veichtlbauer	286e849647	sepolicy: msm8998: Label discard_max_bytes Change-Id: I7adc3514c0958da8d27d7210b84c375dc66d9c43	2023-02-16 09:38:36 +01:00
Georg Veichtlbauer	95d4b318ab	sepolicy: msm8998: Label extcon cable nodes Change-Id: I8e48a9a1c411a5573902833da48da6dbc1b15bb7	2023-02-15 10:49:36 +01:00
Jarl-Penguin	509eb10cca	sepolicy: qva: Allow FM app to find mediametrics service 11-03 19:54:34.702 693 693 I auditd : avc: denied { find } for pid=13778 uid=10126 name=media.metrics scontext=u:r:vendor_fm_app:s0:c126,c256,c512,c768 tcontext=u:object_r:mediametrics_service:s0 tclass=service_manager permissive=0 Signed-off-by: Jarl-Penguin <jarlpenguin@outlook.com> Change-Id: I1d9b402dd18e54e5d07550e8ae0ef7e9c804bb12	2022-11-03 20:11:57 +01:00
Arvind Kumar	127987d3e0	Permission to access binderfs for binder info Change-Id: If386da636f084c2c67ee6323300aae0c2ac75bc5	2022-11-03 11:43:07 +05:30
Georg Veichtlbauer	0c87ade841	poweroffalarm_app: Remove levelFrom attribute levelFrom is used to determine the level (sensitivity + categories) for MLS/MCS. If set to all, level is determined from both UID and user ID. This is bad for poweroffalarm, as it needs to be able to write to /persist/alarm/data which has a context without mls_level: u:object_r:persist_alarm_file:s0 instead of u:object_r:persist_alarm_file:s0:c0,c256,c512,c768 Change-Id: I9a8b706cdedc090281e4b5542eb34816b7ff338e	2022-10-19 11:26:56 +02:00
Guixiong Wei	397c843152	Sepolicy: Remove poweroffalarm system uid remove poweroffalarm system uid Change-Id: I2e93c12b5e9b0169b77d1beecbdbbb7757b8ee1e	2022-10-19 00:04:09 +02:00
Michael Bestas	4cc11498a0	Merge tag 'LA.UM.11.2.1.r1-01900-sdm660.0' into staging/lineage-20.0_merge-LA.UM.11.2.1.r1-01900-sdm660.0 "LA.UM.11.2.1.r1-01900-sdm660.0" # By Neelu Maheshwari (1) and Sanghoon Shin (1) # Via Gerrit - the friendly Code Review server (1) and Linux Build Service Account (1) * tag 'LA.UM.11.2.1.r1-01900-sdm660.0': sepolicy: fix issue on non-snap target Sepolicy : Fixed Multiple AVC Denials in 11.2.1 SDM660. Conflicts: generic/vendor/common/hwservice.te generic/vendor/common/hwservice_contexts legacy/vendor/msm8996/hal_qccvndhalservice.te legacy/vendor/sdm660/file_contexts qva/vendor/common/hwservice.te qva/vendor/common/hwservice_contexts Change-Id: Ic0fa79f8c74969f25061f50706000abee5b0d008	2022-10-05 18:54:55 +03:00
Linux Build Service Account	3e81a78fdd	Merge `c3c0f8aeca` on remote branch Change-Id: I4053f6994cdf346625ada7ec92df795c7fcf76f6	2022-09-29 04:53:55 -07:00
Michael Bestas	176268430e	Label old telephony extension * It was renamed in `bb15e90b05` Change-Id: I0a4ac559c2fe1b9e8c3267a8afa4ebc7a3a17600	2022-09-16 19:32:19 +01:00
Mao Jinlong	68d4eb0fcb	sepolicy-legacy-um: poweroffalarm_app: Add power off alarm app Make power off alarm app as an independent app domain so that the sepolies will not affect other apps. [Giovix92]: Adapt it to lineage-18.1 CRs-Fixed: 2113144 Original Change-Id: Ia80575b6dea893bde30636b9a814a6f20ea54b6f Change-Id: Ie56c5cbade7332a145f10cd5fff0955bcfc724ef	2022-09-16 19:32:19 +01:00
Nolen Johnson	9aa35a0a35	legacy: vendor: Allow location to read wifi_hal_prop Change-Id: If40681d4c172676b4895d14f65600eb41de8978b	2022-09-16 19:32:19 +01:00
Michael Bestas	8a47dfda7f	sdm660: Remove overly broad init rule * The services should be labelled properly instead Change-Id: I401790e6b0f7bd3bcbc2dd185ced30c28ea5ad91	2022-09-16 19:32:19 +01:00
Michael Bestas	be9129900a	sdm660: Remove duplicate init rule * Already defined in common Change-Id: Ifa56dbfde90b6b7bdc6f2ae7d7dca1df974f92ac	2022-09-16 19:32:19 +01:00
Michael Bestas	23be04abfc	Label persist.vendor.bluetooth. properties * As seen on non legacy Change-Id: I06c8b554256565f536fc643e3a743272c841cdef	2022-09-16 19:32:19 +01:00
Arian	4060ff2ecc	sepolicy: legacy: qva: Allow cnd to read wifi_hal_prop The `wifi.interface` property was labelled as `exported_default_prop` by system/sepolicy in android 11. Since android 12 it is labelled as `wifi_hal_prop` which causes the following denial. W libc : Access denied finding property "wifi.interface" W cnd : type=1400 audit(0.0:22): avc: denied { read } for name="u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=26257 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=0 Change-Id: I6cf8ad4133ca3013d844d4ef3b2701de22f408b0	2022-09-16 19:32:19 +01:00
Arthur Shuai	4b5ae9efcd	Sepolicy: add define for lksecapp Change-Id: Ibdfad127f8d537c94f99420dfa9f843381f38207	2022-09-16 19:32:19 +01:00
Michael Bestas	c2299d1a1b	Allow vendor_init set vendor_time_service_prop * Required to set persist.vendor.delta_time.enable=true in vendor build.prop with property isolation enabled Change-Id: I180f236c6aac2a7266f4d49dfe9c1ca9e5582c5c	2022-09-16 19:32:19 +01:00
Michael Bestas	a8566d9272	sdm660: Label sysfs_uio_file Change-Id: I10d90a4dd01ec86f6d371685e7669b7b8f676529	2022-09-16 19:32:19 +01:00
Michael Bestas	8d011c9136	sdm660: Label sysfs_ssr_toggle Change-Id: If24855f5e72d904043e69893fa5590ac26b46ff5	2022-09-16 19:32:19 +01:00
Chirayu Desai	f906323821	Label persist/rfs recursively * restorecon_recursive silenty fails otherwise. Change-Id: If31d9b55dc68f39ee6b43d784167e7233b8e07c8	2022-09-16 19:32:19 +01:00
Michael Bestas	2f24aeb0d0	common: Label persist.vendor.camera.debug.logfile * Used in recent camera HALs Change-Id: I81ac7c9bf262365a6baabde3fac5ce652c8e683c	2022-09-16 19:32:19 +01:00
Aayush Gupta	6912f5f7cf	sdm660: Generate contexts for rtc [ 14.612920] type=1400 audit(1601989375.643:13): avc: denied { open } for comm="system_server" path="/sys/devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,pm660_rtc/rtc/rtc0/hctosys" dev="sysfs" ino=33519 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 [ 14.612933] type=1400 audit(1601989375.643:14): avc: denied { getattr } for comm="system_server" path="/sys/devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,pm660_rtc/rtc/rtc0/hctosys" dev="sysfs" ino=33519 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: If6b278de0a67086595cee21395d1ceaf52fbef28	2022-09-16 19:32:19 +01:00
Mohit Aggarwal	05a2a86d19	sepolicy: setting secontext to rtc node Change-Id: I0235cd63bfa7fc46aca1a047e40d1fc4b71d4ea0	2022-09-16 19:32:19 +01:00
Amit P Choudhari	858c757661	sepolicy: Add rw permission for i2c touch sys node Change-Id: Ife56a3253bd97c2da2d7b70c0553627d32d153ba	2022-09-16 19:32:19 +01:00
Michael Bestas	bac2436661	Use set_prop() macro for property sets Change-Id: Id67a05f8ed718cad5856613c2700f4ce1e404cf0	2022-09-16 19:32:19 +01:00
Scott Warner	e7b12756b8	sepolicy: Remove duplicate property definition vendor_persist_camera_prop is already declared in Lineage sepolicy Change-Id: Idfc24a85c7654796cdb243443953a8e0bfb28b0a	2022-09-16 19:32:19 +01:00
Shashi Shekar Shankar	fbb827151a	sepolicy : msm8998: remove regexp for ssr node on sysfs Remove regexp & add target specific genfs_context CRs-Fixed: 2166567 Change-Id: Ib950ca0d72bc7e5647410e1876a8ce9095ca9aba	2022-08-25 16:40:31 +03:00
Bruno Martins	ae7a74c359	sepolicy: Allow mm-qcamerad to access v4L "name" node Change-Id: I42b329d782795feed776b09d5c12d89be9bac868	2022-08-25 16:40:31 +03:00
Bruno Martins	4bb1c0d112	sepolicy: Fix video4linux "name" node labeling Do u even regex, br0? Change-Id: If907448d394f967268c9f72051bec5a47220087b	2022-08-25 16:40:31 +03:00
Michael Bestas	43fcd25c65	msm8998: Label LED sysfs * Similar to sdm660 Change-Id: I691e0f7a7ea3fcf753a353cbe2171cc167bac3bf	2022-08-25 16:40:31 +03:00

1 2 3 4 5 ...

3638 commits