tequilaOS/platform_device_qcom_sepolicy-legacy-um

Author	SHA1	Message	Date
Monika Singh	2a00ecb00b	sepolicy: Update qseecomd sepolicy to access tmpfs Update policies for qseecomd so that it can access SFS. Change-Id: I9bfe8c242de441a4a4171af93481bf00eda7d8f7	2021-05-25 03:09:23 -07:00
Himanshu Agrawal	a473048fb3	sepolicy: Addressing post-boot denials Change-Id: I5282c1acf9f096c6363c77afc0443b06f00a6c37	2021-05-17 17:12:16 +05:30
Himanshu Agrawal	d7eb0cc6b6	sepolicy: Fix /sys/devices/soc0 read permission issue Change-Id: I189fea846191f6407d6c6b9fb767595466b7dc06	2021-05-05 22:14:35 -07:00
qctecmdr	d418e08af1	Merge "sensors : Updating property name"	2021-05-03 09:18:08 -07:00
Eruvaram Kumar Raja Reddy	f575fdf52f	sepolicy: msm8937: Add sysnode for imsdatadaemon Add a change to fix avc denial for the imsdatadaemon Change-Id: I0f2eacf7ee08660b5dd8d39b0ed3a096a3813b38	2021-04-30 08:20:43 -07:00
Akhil Manikoth Kallankandy	2906bf533d	sensors : Updating property name changing property name according to VtsTrebleSysPropTest Change-Id: I95bae88a4126606c4d5eef992d863e483766212f	2021-04-30 05:45:21 -07:00
qctecmdr	98d6c29eae	Merge "sepolicy: msm8937: Add label for wakeup sources"	2021-04-26 04:53:35 -07:00
Himanshu Agrawal	53203d8bfb	sepolicy: Add sepolicy rules for vm_bms create vendor_vm_bms_debug_prop for debug properties. Change-Id: I6ac3986af96bb50288e404c377613c6b0d4dc998	2021-04-22 22:53:53 -07:00
Eruvaram Kumar Raja Reddy	892ac25bce	sepolicy: msm8937: Add label for wakeup sources Add a change to fix the avc denials for the wakeup source used for different nodes. Change-Id: I3f51e966e33fdabdae8cb43bc425ee42d8b3356d	2021-04-22 02:42:45 -07:00
qctecmdr	6ed2f466d1	Merge "sepolicy: Addressing multiple on-boot denials present"	2021-04-21 23:48:23 -07:00
Himanshu Agrawal	c5495488d8	sepolicy: Addressing multiple on-boot denials present Multiple on boot denials has been addressed for improving device performance. Change-Id: If0db0c0bd334da91c879d9170d03171c2bf4a91d	2021-04-20 15:50:51 +05:30
Himanshu Agrawal	efc87f7815	sepolicy: sdm439: Add cpu-ddr-latfloor devfreq node for K4.19 Add cpu-ddr-latfloor devfreq node for sdm439 target Change-Id: Id0d84edc1d6474a09ef5c90f9ea5c4f59537728e	2021-04-19 11:09:26 +05:30
Himanshu Agrawal	38419ce515	sepolicy: Add cpu-ddr-latfloor devfreq node for K4.19 cpu-ddr-latfloor devfreq node for K4.19 Change-Id: I55e72f915d8de62d47adda386ffabe8421e5c502	2021-04-14 17:27:31 +05:30
Prerna Kalla	debf881517	sepolicy: Add label for KM 4.1 service Add label for KM 4.1 service. Change-Id: Iab41f356da6562c9c0b9ed942f20442cfc6ec8f2	2021-04-02 03:55:53 -07:00
qctecmdr	bfca115857	Merge "sepolicy: cpu-ddr devfreq nodes for K4.19"	2021-04-01 03:51:10 -07:00
Karthik Gopalan	3bfa6d9474	sepolicy: cpu-ddr devfreq nodes for K4.19 cpu-ddr devfreq nodes for K4.19 Change-Id: I2e270c2e89b19b6eda9a020ff6d35cd7f0d04d84	2021-04-01 02:38:57 -07:00
qctecmdr	e8d0a199a9	Merge "sensros : changing property name"	2021-04-01 01:48:49 -07:00
Akhil Manikoth Kallankandy	7849fcf55f	sensros : changing property name Change-Id: I17e71ca56e9fa050221972c846a9f99db8761283	2021-03-31 14:24:32 +05:30
Himanshu Agrawal	bdbe69b3b8	sepolicy: msm8937: Add label for wakeup sources Add a change to fix the avc denials for the wakeup source used for different nodes. Change-Id: I9309363b04aac163364809083edf359dcab2ab0c	2021-03-30 03:26:17 -07:00
Himanshu Agrawal	58dfef56b4	sepolicy: msm8937: Add selinux rules for update engine Change-Id: I8ba1ca16083613445b7642f83fdccc73a252f658	2021-03-23 14:20:43 +05:30
Himanshu Agrawal	d7706eea69	sepolicy: Create subsys nodes for QM215GO on kernel 4.19 Add subsystem handling mapping for mss and venus firmware for QM215GO on kernel 4.19. Change-Id: I26799baf24a58c6f80d60560e232f9e8709b1cc6	2021-03-11 09:51:59 -08:00
Akhil Manikoth Kallankandy	025be09c29	sensor:adding label for new property adding label for property use to enable qrtr-ns service Change-Id: I5634c0c85a0dae9d13151d99f984e22987705636	2021-03-09 20:26:02 +05:30
Rajshekar Eashwarappa	39c3a61ec2	sepolicy: Adding vbmeta and dtbo dev/block path Change required for A/B, DAP build. Change-Id: I43d91e029935f347ebd9cc00fd129dbc810c94a7	2021-02-22 01:00:54 -08:00
Akhil Manikoth Kallankandy	86ab7112b8	sepolicy : add new qsta_app.te file for QSTA app Change-Id: I7c1086ef983a2a74415a5291b39dfc0305bcc601	2021-02-11 10:40:40 +05:30
qctecmdr	34ef27f337	Merge "sepolicy: msm8998: Add sepolicy labels for charger/fg nodes"	2021-01-06 22:31:07 -08:00
Guixiong Wei	b69efc2215	sepolicy: Remove poweroffalarm system uid and redundant rules remove poweroffalarm system uid and redundant rules Change-Id: If51e9ae948b68f1187c66d748935fd1014e72e11	2020-12-15 18:39:22 -08:00
Gurram Pravalika	ffb6c9041c	sepolicy: Add policies for for video in HAL1 Change-Id: I954b96582719e3e7145fd0ab1afd0425494c3ba7	2020-12-14 22:57:44 -08:00
qctecmdr	6cfdc77609	Merge "sepolicy : Upmerge changes."	2020-12-14 00:14:39 -08:00
Nitin Shivpure	d5327a1a9d	sepolicy: allow bluetooth to make binder call to gpuservice allow bluetooth to make binder call to gpuservice. CRs-fixed: 2748533 Change-Id: Idff3f3c0377fc5dae3e715417556c696f7e4620e	2020-12-14 10:33:49 +05:30
Himanshu Agrawal	0240ff9832	sepolicy : Upmerge changes. Change-Id: I90fb0d6eb70bd5e0e790f8bae7b6cd0501442338	2020-12-11 06:07:39 -08:00
Shayak Biswas	1442222426	Allow dumpstate for a binder call with power Hal This allows dumpstate to have a binder call with power Hal, this is needed for a CTS testcase: SELinuxHostTest#testNoBugreportDenials Change-Id: I646fdce79776083df74df48134e85c65dbee69dc	2020-12-11 09:56:09 +05:30
Himanshu Agrawal	7fdf0be393	sepolicy: msm8998: Add sepolicy labels for charger/fg nodes Add sepolicy labels for charger/fg nodes, to allow access permissions to userspace. Change-Id: I74a193a6dd3be6ecceb5939ca814661029d8105b	2020-12-10 18:31:36 +05:30
Kripa Bhat	5d40fe89f3	Allow dumpstate to have a binder call with Lights Hal This allows dumpstate to have a binder call with Lights Hal, this is needed for a CTS testcase: SELinuxHostTest#testNoBugreportDenials Change-Id: Iec081b1069b2569c68b72ff009f12018c946a0a8	2020-12-08 22:51:16 -08:00
Manjunatha Ramachandra	06bbb12f3f	sepolicy: updating label on read_ahead_kb nodes Removing read_ahead_kb nodes from sysfs_mmc_host node. And adding sysfs_dm to perf hal and init_shell files' allow list. This change is being made inorder to address the bugnizer 161927268 for legacy msm8937_32go platforms. CRs-Fixed: 2826612 Change-Id: I190b9891eaf52fc4eb7d4fd73567572101ee288e	2020-12-02 23:27:09 -08:00
Himanshu Agrawal	7cde36f779	Add sepolices to update engine domain. While applying OTA update package, update engine loops through partitions entries/mountpoints. Add few policies and supress the dac ones. - Allow update_engine to access recovery partition for OTA - Allow update engine to access to metadata_file. With virtual-ab feature, update engine needs access to metadata_file, allow the same. Change-Id: I07636f79870594a07755c54e55b5b6846e53c2e9	2020-12-01 06:08:31 -08:00
Eruvaram Kumar Raja Reddy	f997082943	sepolicy: adding vendor prefix to avoid naming colision Update legacy properties with vendor prefix to void VTS failure due to API30 changes CRs-Fixed: 2825382 Change-Id: I39a5de4ad6450d805bf74e88aabc38c8347d89a4	2020-11-30 17:01:29 +05:30
Himanshu Agrawal	9871e2edb6	Allow vendor_init to set ubwc property vendor.video.disable.ubwc is added to /vendor/build.prop, allowing vendor_init to set this property to ensure the property can be read by mm-video and through getprop Change-Id: I99f658ea60cb83d4ebea6709db27e93166ad0667	2020-11-27 11:51:38 +05:30
Milap Gajjar	2ef09c6613	genfs_context: Enabling Vibrator for msm8998 Sepolicy: Added Access permission for vibrator Change-Id: I38017a3641c84aa570d53c1e339082bc781c5187 CRs-Fixed: 2810219	2020-11-24 20:36:33 -08:00
qctecmdr	aa7d66b220	Merge "genfs_context: Enabling Vibrator for sdm660"	2020-11-24 03:02:24 -08:00
Jeya R	29b1061aaa	sepolicy: Add permissions in init for vendor_adsprpc_prop Add permissions in init shell to modify vendor_adsprpc_prop. Change-Id: I5a4dcbf54686c3add9fa0756aff7bb694d96adcb Acked-by: Deepika Singh <dsi@qti.qualcomm.com>	2020-11-18 15:22:36 +05:30
Mandeep Singh	3de9ff4499	genfs_context: Enabling Vibrator for sdm660 Sepolicy: Added Access permission for vibrator Change-Id: I7152a77d676c8b97bd5da1f5c86446f42ac65c97 CRs-Fixed: 2810635	2020-11-03 09:37:37 +05:30
Shawn Shin	ce33f422e7	sepolicy:qcc add to legacy Change-Id: I7031cd4070c478f1fccfe8e0b1e7053d6c57c36e	2020-10-30 16:10:52 -07:00
qctecmdr	758b6d2b99	Merge "sepolicy: align fst-manager and wigig legacy rules"	2020-10-29 23:51:22 -07:00
qctecmdr	887dc95b06	Merge "sepolicy: allow block_suspend deniel for lmkd"	2020-10-28 00:12:18 -07:00
Dedy Lansky	046ff067d0	sepolicy: align fst-manager and wigig legacy rules Add legacy rules for enabling fst-manager to act as a HAL service, and allow fst-manager and wigig framework to access the capability config store. These rules were missing in the legacy folder and copied from the qva rules since there are still platforms that need them. Change-Id: I7a08bec9f3f84599a6392e8a5bd22c26e28e00a3	2020-10-27 22:53:42 -07:00
Himanshu Agrawal	21fbe23415	sepolicy: allow block_suspend deniel for lmkd Avoid below deniel for lmkd: avc: denied{ block_suspend }for comm="lmkd" capability=36 scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability2 permissive=0. Change-Id: I332281110d4fa1fa208349a302fdc33a3a40d8ef	2020-10-27 22:31:24 -07:00
Arvind Kumar	7af4487b0c	Add file context for Light AIDL HAL Service Change-Id: I1e5a79a5846910f90362d97899e5fc0d7dbfadbb	2020-10-27 00:54:23 -07:00
Ankur Sharma	ae9d933056	Sepolicy denials xtra for legacy R targets - Fix sepolicy denial when xtra-daemon access the cacert service. - Allow location clientdomain to perform binder IPC to qtidataservices_app serverdomain. Change-Id: I0aae254fb4b4a67336d67f96856a2cf0d70954fc CRs-Fixed: 2778560	2020-10-21 07:34:12 -07:00
c_gopir	7dff049400	Sepolicy : Add power AIDL to context Add power HAL exec to file contexts Change-Id: Ib97298e739f030454256c88f78e6862c2f4838bb	2020-10-19 21:44:18 -07:00
qctecmdr	1e9503d754	Merge "sepolicy: Add video property to get permission"	2020-10-15 22:17:56 -07:00
Milap Gajjar	78877b8b75	msm8998 inital bringup with enforce mode Change-Id: If8164daa32ca0ba796a4bf78e9c450ce1669b509	2020-10-15 01:56:39 -07:00
Paras Nagda	44e4db86e8	sepolicy: Add video property to get permission Allow Zygote to read video property Change-Id: Iac936e84549cde02e2b87309f32cdbd2d8a0fe5f	2020-10-14 06:30:06 -07:00
Milap Gajjar	ef77a8cdd5	sdm660: Initial bring up sepolicy changes Change-Id: Ifa42b7bebd66884698697fecc538f1ff6057519d	2020-10-14 03:27:54 -07:00
Paras Nagda	5bc47cdaf0	sepolicy: Add video property get permission Allow mediaserver to read video sys property Change-Id: Id09d5fbcbacbba3130ca9d7759ff67ade3a839b3	2020-10-06 22:26:31 -07:00
qctecmdr	b22751353a	Merge "sepolicy: add policies for DSP HAL manager"	2020-09-30 00:50:57 -07:00
Jiten Patel	c4f5909333	sepolicy: Policy fix for rpmb partition On 4.19 kernel, due to upstream commit <97548575be> (mmc: block: Convert RPMB to a character device), Block device design for RPMB is now changed to char device. This change add required permissions for qseecom daemon to be able to access new device design for RPMB eMMC device. Change-Id: I77a4ffc2107e61f66fe75cd2ccdc4d8da2685523	2020-09-26 17:09:23 +05:30
qctecmdr	e40220732a	Merge "sepolicy: Allow all app domains to search sysfs_kgsl"	2020-09-23 01:51:40 -07:00
Vamsi Krishna Gattupalli	fa6d5b4fdc	sepolicy: add policies for DSP HAL manager Add DSP HAL manager related attributes and policies. Allow untrusted shell apps and APKs to be a client of the DSP HAL server. Mark the DSP HAL interface library as same process HAL. Change-Id: I7b2e5c716c6191d480d26d39a3adf188dc3aefb3	2020-09-22 10:52:41 +05:30
Murthy Nidadavolu	8d4a25335b	sepolicy: Updating sepolicy for DRM HAL Adding 1.3 drm HAL to file_contexts. Change-Id: I59f87fb9eb4a1605cf299a973986164f6761dab2	2020-09-18 13:39:59 +05:30
qctecmdr	ee00935244	Merge "sepolicy: Update thermal-engine sepolicy rules for legacy vendor file"	2020-09-16 03:30:27 -07:00
Nilesh Gharde	07cedab877	Sepolicy denials for location on legacy R targets Fix for denial when xtra-demon trying getting qccsyshal service instance Change-Id: I522531dee26dd5ee426a7ae966e49a0a4e685481 CRs-fixed: 2765244	2020-09-15 11:55:49 +05:30
Asha Magadi Venkateshamurthy	7ef030e945	sepolicy: Update thermal-engine sepolicy rules for legacy vendor file Update legacy thermal-engine sepolicy rule for SDM660 target by adding access of sysfs nodes of thermal devices, kgsl and devfreq by adding sepolicy rules. Change-Id: I49c511d2dbc67169daa937102d58839eb799b977	2020-09-14 12:14:23 +05:30
qctecmdr	7036682bb5	Merge "sepolicy: add support for separate dcvs script for sdm660"	2020-09-04 05:32:35 -07:00
Asha Magadi Venkateshamurthy	c7c8131f02	sepolicy: add support for separate dcvs script for sdm660 Give sepolicy permission to dcvs node used to set memlat parameters. Change-Id: Iadddf5d11375a6d7cc48d523ed8c44baf4643be1	2020-09-04 10:55:17 +05:30
Bharat Pawar	b4ca9cb07f	sepolicy: Allow all app domains to search sysfs_kgsl Fixing below avc denails type=1400 audit(0.0:86144): avc: denied { search } for name="kgsl-3d0" dev="sysfs" ino=43551 scontext=u:r:mediaswcodec:s0 Change-Id: Ibf7a9a231119c23c4830538323587edbe95150a2	2020-09-03 19:15:02 +05:30
Bharat Pawar	90dc370d64	sepolicy: Adding rules for servicetracker HAL for legacy target. Also adding file_context for servicetracker V1.2 Change-Id: I7145f86093c954376e6dd8bbcd8f6d2e6005a981	2020-09-03 17:47:59 +05:30
Bharat Pawar	3bdddf83fd	sepolicy: Add label for vibrator AIDL HAL service Add selinux label for vibrator AIDL HAL service so that it can accessthe vibrator device correctly. Change-Id: I6486b6cf399ce60a671b187c624993820c6f246c	2020-08-21 15:48:02 +05:30
qctecmdr	f95a6b8611	Merge "perf: Fix sepolicy errors during boot"	2020-08-13 07:28:05 -07:00
qctecmdr	33281c7bda	Merge "Sepolicy: ported all Wfd sepolicy from sepolicy.lnx.5.0"	2020-08-13 05:34:25 -07:00
qctecmdr	3c94562422	Merge "sepolicy: Remove all qssi specific WFD sepolicy change"	2020-08-13 03:40:25 -07:00
Shashi Shekar Shankar	ded4b6e973	perf: Fix sepolicy errors during boot Fix sepolicy errors on legacy targets. Change-Id: Ia491e7e3330243d3ec70fba97c3beafc65f93afc	2020-08-12 19:57:11 -07:00
Pavan Kumar M	b7b9097e20	sepolicy: Add sepolicy rules for IImsFactory HAL for legacy targets Change-Id: I371457018f309bb3a23138ac8d71d4628430f69e	2020-08-07 04:26:38 -07:00
Rajeswari N	ae41118035	sepolicy: Add perf 2.2 hal Support for perf HAL 2.2 uprev Change-Id: Ia6abea00751494803bf78839ef96608dfbc9b09d	2020-08-04 15:15:36 +05:30
Shivam Agrawal	ff436b9716	Sepolicy: ported all Wfd sepolicy from sepolicy.lnx.5.0 - WFD sepolicy fix. Change-Id: I1000b0277318ca7439a5bb177787dffe8d51b7c9	2020-07-29 14:10:43 +05:30
qctecmdr	d580bc7940	Merge "Allow BT LAZY HAL serivce to access bluetooth hal"	2020-07-28 08:46:15 -07:00
qctecmdr	8e93513c1d	Merge "sepolicy: Add interface entry for Legacy HAL"	2020-07-28 06:48:53 -07:00
Bharat Pawar	b98304acab	Allow BT LAZY HAL serivce to access bluetooth hal BT lazy service is a new shared object on go targets which requires to access BT HAL. Change-Id: I5b4248a35c52211e03da9f0f9410d967e2b2c602	2020-07-22 22:54:28 +05:30
Tapas Dey	c6aece100b	sepolicy: Add interface entry for Legacy HAL Added INxpNfcLegacy HAL interface entry for Legacy HAL. Change-Id: I8e241a7f13ce5d6431a47c3084384af6c0291cba	2020-07-22 14:08:54 +05:30
Shivam Agrawal	05ae9e6df9	sepolicy: Remove all qssi specific WFD sepolicy change - revert all qssi specific WFD sepolicy changes on 6.0.c2 to port WFD sepolicy changes from sepolicy.lnx.5.0 Change-Id: I22e335471e2877ce1c3fd24c1997ae037c4f38df	2020-07-16 19:57:37 +05:30
Rajeswari N	5bab8c4b02	sepolicy: sepolicy changes for perf HAL Uprev Perf Hal Uprev 2.1 support added and IPerfcallback HAL added Change-Id: Icd1cfba45e2a118de9a1944e6d9709ae458b9015	2020-07-16 00:04:44 -07:00
Rajshekar Eashwarappa	dbb48aa54b	SEPolicy: Adding sdm660 policies Change-Id: I71b5ec869475846e0c7b8f3ba00f6a018a631a50	2020-07-10 01:00:59 -07:00
himta ram	10a90a8e77	sepolicy: add sepolicy rules for pronto based targets Add sepolicy rule for pronto based targets. CRs-Fixed: 2724004 Change-Id: I64804f3dd532934d314cb5731fc7f1633d13a236	2020-07-02 14:00:32 +05:30
qctecmdr	a55d07264e	Merge "sepolicy: Adding vendor_qti_init_shell label to legacy"	2020-07-01 09:29:09 -07:00
Pavan Kumar M	5cffcfdf15	Remove QtiTetherService references QtiTetherService is not used anymore, remove all the existing references Change-Id: I9cf47507686907d29faef44c65d6e30dd584f19c CRs-Fixed: 2710079	2020-06-15 10:21:25 +05:30
Udipto Goswami	12fed7ec7d	sepolicy: Adding vendor_qti_init_shell label to legacy There are some targets which uses legacy sepolicy but USB uses vendor_qti_init_shell label for its rc file execution which causes a mismatch as legacy uses qti_init_shell. This stop the USB rc file from executing the command for calling the script file responsible for setting the composition. Ultimately setting the default value which is adb on bootup instead of default composition. Fix this by setting an alias as vendor_qti_init_shell in legacy sepolicy for qti_init_shell allowing USB to use vendor label. Change-Id: Ia8953ed61bb1b87d01b17d02fc7e4bf4b86e66eb Signed-off-by: Udipto Goswami <ugoswami@codeaurora.org>	2020-06-12 04:00:05 -07:00
Bharat Pawar	327503aee9	sepolicy: Add support for 8937 and 8953 targets Change-Id: I22d8f079acfc59c16adb66e46755157b7c61a6bd	2020-06-05 16:27:16 +05:30
Linux Build Service Account	ac12b4410a	Merge "sepolicy: Update legacy se linux rules for ims application" into sepolicy.lnx.6.0	2020-05-12 22:04:29 -07:00
Shishir Singh	7029593aa7	sepolicy: Changes to allow kill capability -- Fix for netmgrd kill permission denial. Change-Id: I4360fe357f9ff22ce2a690fcf613a0dba2bf26ec	2020-05-06 02:42:59 -07:00
Muhammed Siju	b6640811e4	sepolicy: Update legacy se linux rules for ims application org.codeaurora.ims is not running as phone uid now. Update se linux rules accordingly for legacy targets. Change-Id: I911f1c0bd890727752916b127f7151bf58fa2414 CRs-Fixed: 2675934	2020-05-05 12:35:34 +05:30
Linux Build Service Account	4b06a66dd7	Merge "Allowing system process to read gpu model" into sepolicy.lnx.6.0	2020-04-27 23:33:12 -07:00
kranthi	a715cbecb7	Allowing system process to read gpu model Addressing the following denials : type=1400 audit(0.0:95): avc: denied { read }for name="gpu_model" dev="sysfs" ino=80653 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 type=1400 audit(0.0:59): avc: denied { read }for name="gpu_model" dev="sysfs" ino=80653 scontext=u:r:hal_graphics_allocator_default:s0 tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 tclass=file permissive=0 type=1400 audit(906.783:162): avc: denied { read }for comm="surfaceflinger" name="gpu_model" dev="sysfs" ino=61205 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 tclass=file permissive=0 type=1400 audit(0.0:345): avc: denied { read } for name="gpu_model" dev="sysfs" ino=80685 scontext=u:r:mediacodec:s0 tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 type=1400 audit(0.0:185): avc: denied { read } for name="gpu_model" dev="sysfs" ino=80685 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 type=1400 audit(0.0:185): avc: denied { read } for name="gpu_model" dev="sysfs" ino=80685 scontext=u:r:untrusted_app_29:s0:c512,c768 tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 Change-Id: Icd52def059afed9114f0a5a868babc849086dd6f	2020-04-27 17:40:45 +05:30
qctecmdr	3f9249c5d3	Merge "sepolicy: remove unused ims properties."	2020-04-27 03:45:45 -07:00
Manoj Basapathi	0f5e714d49	sepolicy: remove unused ims properties. Change-Id: Ic569d2bd5ab601f83883c75ec50586280862a01d	2020-04-22 21:14:56 -07:00
Rajshekar Eashwarappa	f479e5ffb0	Revert : Allow fastbootd to access power_supply, usb nodes. This change allows fastbootd (for healthd) to access the power_supply and usb nodes. Revert of: Ib5c637b28dd65c6958778b02c3026c90b39fe713 Change-Id: I992165d490438f7ff7c73cb4b0e57442fdda8c02	2020-04-22 13:09:15 -07:00
Rajshekar Eashwarappa	cdecf2b978	Sepolicy: Comment out neverallow violations To compile sdm710 target. Change-Id: I274b7ad2da86a39f6fe7295eb77570f1bdd87375	2020-04-07 10:28:20 -07:00
P.Adarsh Reddy	822e1e5465	Allow fastbootd to access power_supply, usb nodes. This change allows fastbootd (for healthd) to access the power_supply and usb nodes. Change-Id: Ib5c637b28dd65c6958778b02c3026c90b39fe713	2020-04-03 06:15:04 -07:00
qctecmdr	b03a618e5a	Merge "sepolicy: Permissions for v1.3 DRM and clearkey HALs"	2020-03-31 07:02:32 -07:00
Murthy Nidadavolu	70c453a603	sepolicy: Permissions for v1.3 DRM and clearkey HALs FR60432: OEMCrypto Version 16 support Allow v1.3 DRM and clearkey HALs in SEPolicy. Keep v1.2 HALs as well for backward compatibility. Change-Id: I5aeb50f80507143c8adcf597a78202590447149e	2020-03-30 10:29:34 +05:30
P.Adarsh Reddy	f0cca4ea72	Add sepolices to update engine domain. While applying OTA update package, update engine loops through partitions entries/mountpoints. Add few policies and supress the dac ones. Change-Id: Ic4ff7e8df86a01a3b7380e0bd458909f9099953e	2020-03-27 02:49:17 -07:00
Linux Build Service Account	5da10e3224	Merge "sepolicy: Enable secure_element 1.2 HAL service" into sepolicy.lnx.6.0	2020-03-23 06:14:12 -07:00
Linux Build Service Account	4118b742f5	Merge "sepolicy: Define new policy rule to read gpu model" into sepolicy.lnx.6.0	2020-03-23 06:13:12 -07:00
Linux Build Service Account	5d80ff03be	Merge "Update device sepolicy rules for NN HAL 1.3" into sepolicy.lnx.6.0	2020-03-20 03:06:08 -07:00
Bhuvan Varshney	96b2bcba10	sepolicy: Enable secure_element 1.2 HAL service secure_element HAL 1.2 service is required to be invoked from the boot. Added entry for secure_element HAL 1.2 service. Change-Id: I8ba27a5521d5809dcdd6c8f6f7a63286cccc431d	2020-03-19 21:16:30 -07:00
kranthi	dbe56c1472	sepolicy: Define new policy rule to read gpu model Add a new file context label for gpu_model sysfs entry. allowed read access to that entry. Addressing the following denials : type=1400 audit(0.0:62): avc: denied { read } for name="gpu_model" dev="sysfs" ino=78734 scontext=u:r:mediaserver:s0 tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0 type=1400 audit(0.0:88): avc: denied { read } for name="gpu_model" dev="sysfs" ino=78734 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0 app=com.android.systemui type=1400 audit(0.0:100): avc: denied { read } for name="gpu_model" dev="sysfs" ino=78734 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0 app=com.android.launcher3 Change-Id: I9e1b9ffbb88ea62b4cc530564d811d7cfc640bbc	2020-03-19 14:16:40 +05:30
Alex Kuoch	1e2814c890	Update device sepolicy rules for NN HAL 1.3 Change-Id: Iaa6c1251cd3156887b58cf73ce565fb8a749af41	2020-03-18 14:42:41 -04:00
Anmolpreet Kaur	0bf77a4ae8	sepolicy: Add sepolicy rules for qseecom hal Add new policy for QSEECom HIDL implementation which makes qseecom available to system processes. Change-Id: I2d47148c7f9f01a01d7595575842b08585ea2907	2020-03-18 02:01:21 -07:00
Linux Build Service Account	3fbededf00	Merge "Location app sepolicy changes" into sepolicy.lnx.6.0	2020-02-27 22:31:58 -08:00
qctecmdr	2030effbfe	Merge "Revert "sepolicy: Define key for TimeService apk""	2020-02-27 03:04:34 -08:00
Pavan Kumar M	31367a7640	sepolicy: Add permissions to set persist.vendor.net.doxlat Define persist.vendor.net.doxlat as a vendor restricted property. Add permissions to allow system_server read the property. Change-Id: I8383565c7526c6b31ea8e1c23a8a976a856be28d CRs-Fixed: 2627640	2020-02-24 01:16:55 -08:00
haohuang	e8af958647	Location app sepolicy changes Since location APPs removed system UID, some addtional sepolicies need to add. Change-Id: Icadd1da1fc01086e395ff4f91fd43772329e915a CRs-Fixed: 2620233	2020-02-23 01:55:40 -08:00
Avinash Nalluri	17c98d98c5	Add Device Info hal vendor.qti.hardware.radio.internal.deviceinfo@1.0 - Add new HAL to the config files - vendor.qti.hardware.radio.internal.deviceinfo@1.0 Change-Id: Ia32ee8d8742850bc95fe5ac8876aca8843d73f3e CRs-Fixed: 2605646	2020-02-18 09:55:57 -08:00
Mohit Aggarwal	6987530a28	Revert "sepolicy: Define key for TimeService apk" This reverts commit `6886e3677e`. Change-Id: I9b4414691680c399717370b118e01dbc0d4aac09	2020-02-18 11:48:29 +05:30
qctecmdr	dc207e5ce7	Merge "Update context of qtidataservices from radio to app"	2020-02-12 13:36:31 -08:00
qctecmdr	4265545064	Merge "diag: Fix diag-router selinux denials"	2020-02-11 15:06:36 -08:00
qctecmdr	8c6c92a997	Merge "Add sepolicy for diag-router app"	2020-02-11 11:09:48 -08:00
qctecmdr	47224bd2a5	Merge "sepolicy: Add policies for mapper 4"	2020-02-11 06:13:57 -08:00
Sreelakshmi Gownipalli	19e2586c95	diag: Fix diag-router selinux denials Fix diag-router selinux denials Change-Id: Ib50b147ad74b5bd7f8ae744d3b50a13d76c99c8e	2020-02-06 11:40:17 -08:00
Pavan Kumar M	ae09195021	Update context of qtidataservices from radio to app Change-Id: I0d8a6bada4f7e4b73a8bb1bcbb7118fdd28f49f5	2020-02-05 01:17:44 -08:00
Sreelakshmi Gownipalli	0ac2ef91f5	Add sepolicy for diag-router app Add sepolicy to start diag-router app as daemon. Change-Id: Ide457c27a393eab878e8f12a2e5d24df93b8dedf	2020-02-04 23:04:57 -08:00
Tharaga Balachandran	d5c3eb7cba	sepolicy: Add policies for mapper 4 CRs-Fixed: 2612324 Change-Id: I780984a35d22571e8e1cd5de5655f2bb6d563a96	2020-02-04 11:56:52 -05:00
Bhuvan Varshney	e76fd334c4	sepolicy: Enable esepowermanager 1.1 HAL service esepowermanager HAL 1.1 service is required to be invoked from the boot. Added entry for esepowermanager HAL 1.1 service. Change-Id: I82825f66dee8981407903fd7f67cf474a44904cb	2020-01-28 11:00:11 +05:30
qctecmdr	92f07d6f82	Merge "Allow update engine to access to metadata_file."	2020-01-24 03:29:31 -08:00
qctecmdr	3a0f79dc80	Merge "sepolicy: Rename NFC HIDL service to 2.0"	2020-01-23 11:58:30 -08:00
P.Adarsh Reddy	eca8ae265e	Allow update engine to access to metadata_file. With virtual-ab feature, update engine needs access to metadata_file, allow the same. Change-Id: Ia366da18517db28f4404f2605987e1b36906a83a	2020-01-23 19:56:47 +05:30
Prateek Sood	853ca77c79	msm_irqbalance: Applying naming rules for selinux labels SELinux label for vendor properties are required to have vendor_ prefix. Adding vendor_ prefix for vendor properties related to msm_irqbalancer. Change-Id: I10338b7c69b7cbe02703d622c2fef4c1de9358e5	2020-01-21 21:49:51 -08:00
Bhuvan Varshney	a8ba7832ea	sepolicy: Rename NFC HIDL service to 2.0 Rename NFC HIDL service 1.3 to 2.0 as the NFC HAL has major changes which are not backward compatible with the older HALs. Removed entries for NFC HIDL services which no more in use. Change-Id: I1b1f21b9f62336cb5a6aebcc04083c20d7780a6c	2020-01-20 16:59:04 +05:30
Jaihind Yadav	c03022a303	sepolicy: adding vendor_ prefix changes for pub/priv dirs. to avoid naming colision with system types we are adding vendor_ prefix for all vendor defined types. Change-Id: I1396f2c6d9576af3c3755096bb1e69d254b6db4e	2020-01-14 07:14:38 -08:00
Mahesh Sharma	a418dabea1	sepolicy: Add rules for ANT HAL Change-Id: I1eb832cc45b50965611e848b78e64ae6fac73977	2020-01-08 18:03:51 -08:00
himta ram	c0d7a5ce1d	sepolicy: add sepolicy support for fm domain switch Switch FM app's domain from system to platform app. Add sepolicy rules for fm in platform_app domain. Reomve fm sepolicy rules from system_app domain. CRs-fixed: 2595596 Change-Id: I40a4f68eb8ded948d44653d3bc0209bbb3d9ef35	2020-01-02 01:02:34 -08:00
Gaurav Singhal	c690ddd92c	sepolicy: Enable NFC HIDL 1.3 service NFC HIDL 1.3 service is required to be invoked from the boot. Added entry for NFC HIDL 1.3 service. Change-Id: I82e34f09a4309ca1102ed8f86728eb994ed62852	2019-12-31 14:55:30 +05:30
Vivek Arugula	11ff0c9a5d	sepolicy: avoid avc denials in USTA test app path Change-Id: I8f2ab92e54f66c79a2979c6825aed68f81a1739f	2019-10-23 13:12:22 -07:00
Jaihind Yadav	1aaca258ca	Revert "Added selinux rule for hal_perf" This reverts commit `a9ddc89ab2`. Change-Id: Ibc2a8b5b1e5baeeca5a996710e26173b0edad9bc	2019-10-22 00:41:42 -07:00
qctecmdr	d8982c8764	Merge "sepolicy: remove mirrorlink related sepolicies"	2019-09-29 01:26:13 -07:00
qctecmdr	74707b14bd	Merge "Sepolicy : Add dont audit for vendor_gles_data_file label"	2019-09-28 23:26:06 -07:00
Mohit Aggarwal	6886e3677e	sepolicy: Define key for TimeService apk Define key for TimeService apk Change-Id: I612120345bed56fd92d438a0a2db3db6aa919519	2019-09-26 03:44:36 -07:00
Sandeep Neerudu	b9cad48c95	sepolicy-sensors : allow init daemon to set sensors_prop properties Change-Id: I6b587a167538cc49c9049511f9448ec99c40b212	2019-09-23 22:14:10 -07:00
kranthi	29c5c84110	Sepolicy : Add dont audit for vendor_gles_data_file label System process cannot access vendor partition files. Change-Id: I7fd5805ac98319660c1e5f9fca3ae2137a49d0a0	2019-09-23 16:41:37 +05:30
Indranil	0c7a5a1cad	sepolicy: remove mirrorlink related sepolicies Since mirrorlink feature is de-PORed,delete mirrorlink project te files and respective entries throughout the sepolicy component. Change-Id: Id8e4a824f0690c519ce2a9bd1007fff2eaf2e36c	2019-09-20 10:34:12 +05:30
Vivek Arugula	11a5a1c2e3	sepolicy : Add policy rules for usta service As part of making USTA (Sensor android test application) as installable, we split the app into 2 parts. One Acts as only UI, another one acts as service which interacts with sensors native via JNI. Both the apps are placed in system/app path only. Change-Id: I58df425bebef96b9d6515179e9581eed03571ad6	2019-09-13 17:34:22 -07:00
qctecmdr	e8ecc393d9	Merge "Sepolicy : add vendor prefix to vm_bms"	2019-08-12 23:07:26 -07:00
Jaihind Yadav	0ac1358c78	sepolicy: removing violators from couple of system domains. This violators is no longer needed because module needed this is no longer exist. Change-Id: Ia095e10f9139199296619fc54bda5f32ac543454	2019-08-12 17:25:49 +05:30
Nahush Gondhalekar	72e86dc39f	Removing usf for treble compliance. Change-Id: I5771a191610adb8ca968902e2c7b6eac1830874c	2019-08-12 04:46:31 -07:00
Ashay Jaiswal	e04d97a1ec	Sepolicy : add vendor prefix to vm_bms vm_bms is a proprietary service, add vendor prefix to vm_bms. Change-Id: I00840fd821fb724c6026c3a7ff666a8c341862db	2019-08-12 13:35:49 +05:30
Ashish Kumar	78fbc21a47	sepolicy: Add permission for QtiMapperExtension version 1.1. CRs-Fixed: 2505716 Change-Id: I61d02bcccf2069f792f2ee118fcf5dbf9a7b77ee	2019-08-08 22:25:46 -07:00
qctecmdr	170e863214	Merge "sepolicy: Remove accessing bt vendor prop and fm prop"	2019-08-08 10:02:18 -07:00
qctecmdr	5b50e33fa9	Merge "sepolicy: do not access bt vendor prop from system_server"	2019-08-08 09:43:32 -07:00
Srinu Jella	081f762184	sepolicy: Remove accessing bt vendor prop and fm prop Remove accessing bt vendor prop and fm prop from system app. CRs-Fixed: 2503715 Change-Id: I44065536f313e900fa08848c3309391f3817f162	2019-08-07 22:55:44 -07:00
Nitin Shivpure	4bf9f92f56	sepolicy: do not access bt vendor prop from system_server Do not access bt vendor prop from system_server. Change-Id: I44065536f313e900fa08848c3309391f3817f16c	2019-08-07 00:11:05 -07:00
Veerendranath Jakkam	c80a246800	wifi: Remove system_writes_vendor_properties_violators Remove sepolicy rules which are allowing system to modify below vendor properties. - vendor_wifi_ftmd_prop - vendor_softap_prop Change-Id: I3fa6c5f7fa34b37eaaa0b7c393fb256c1ed70d42 CRs-Fixed: 2503731	2019-08-06 22:49:16 -07:00
shoudil	8428651a3d	sepolicy: fix gts failed issue on sdm845 Change-Id: Ia909dce485cafb525f0057aa6eb5b79ced6c2e4b CRs-Fixed: 2479922	2019-08-06 17:08:31 +08:00

1 2 3 4 5 ...

415 commits