tequilaOS/platform_device_qcom_sepolicy-legacy-um
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
2353 commits 1 branch 0 tags 4.7 MiB
Commit graph

2353 commits

This branch
This branch
All branches
Author SHA1 Message Date
qctecmdr Service
b840fc09b1 Merge "Added device sepolicy rules for NN HAL 1.2 implementation" 2019-01-23 15:19:14 -08:00
vijay.rayabarapu
ff7b884e6c Sepolicy: adding new line to property context file 
Change-Id: Ic384df1fcd2bdc58ce017e44468dbfe8cfc9f42e
 2019-01-23 12:19:18 -08:00
qctecmdr Service
2643556c36 Merge "Associate proc_type to proc_audiod and add qti_debugfs fs_type" 2019-01-23 11:33:37 -08:00
Srinu Jella
ef2fbd28be sepolicy: add bt prop permission to audio hal 
- Sepolicy rule added to read bluetooth property
  to be read from Audio hal.

Change-Id: Ib9b19b6d00747938e7cbbf87b6324c37e22f5973
 2019-01-23 14:55:55 +05:30
Ravi Kumar Siddojigari
00a7d989e1 sepolicy : removed duplicate definations from hwservice_contexts 
build error as following are address by removing the duplicate defs
Multiple same specifications for vendor.qti.hardware.iop::IIop.
Multiple same specifications for vendor.qti.hardware.alarm::IAlarm.

Change-Id: I2b3de7d4155aaef141fbe9f7bb30161e214767cd
 2019-01-22 22:26:09 -08:00
Jaihind Yadav
4e58a85d79 sepolicy: add rs_exec permissions to org.codeaurora.snapcam 
Bug: 123050471
Change-Id: I6bbd8b89b494b8529060eb33a8b8ce79c7cecf7c
 2019-01-22 16:29:17 +05:30
Mahesh Kumar Sharma
4b7b683bdb sepolicy: grant write permission of rkill state to bluetooth 
Add label for rfkill and extldo node and grant
writeable permission to bluetooth.

Change-Id: I6cb08069193dcf29675d35bfa4d91d2729cc0518
 2019-01-21 14:34:57 -08:00
qctecmdr Service
c02d1b31ae Merge "sepolicy: added permissions needed for atfwd" 2019-01-21 01:09:30 -08:00
qctecmdr Service
82252acb81 Merge "sepolicy: Add gralloc.qcom to SP HALs" 2019-01-21 01:01:01 -08:00
Huang Li
b47502c653 Sepolicy: Porting QMMI/FFBM Sepolicy from sepolicy 4.0 to 5.9. 
Porting all relative sepolicy files for factory test.

Change-Id: I573bd39f5071a646bb38854027e066b09602b9f1
CRs-Fixed: 2374478,2374492,2374499,2374503
 2019-01-21 13:14:43 +08:00
Biswajit Paul
5edc732c57 Associate proc_type to proc_audiod and add qti_debugfs fs_type 
proc_audiod was mising the attribute proc_type. Add the same to
fix compilation when proc_audiod rules are added. Also add qti_debugfs
to enable usage of the same.

Change-Id: I160a576dc2ea3ad5f9e9d5c7327ebabdabbc051a
 2019-01-18 16:31:55 -08:00
Naseer Ahmed
e025f2ec9a sepolicy: Add gralloc.qcom to SP HALs 
Change-Id: I22465657ce3db65fce34579889b8c6762301db45
CRs-Fixed: 2383034
 2019-01-18 19:14:26 -05:00
Wileen Chiu
5d9c5005f1 sepolicy: added permissions needed for atfwd 
Adding sepolicy rules for denials seen for
atfwd daemon.

Change-Id: Id4b0e2a36222ca12dfe5a6ec4121ab7cf605afe5
 2019-01-18 15:09:52 -08:00
John Zhao
0dbba5d923 sepolicy: timezone to be overrided by vendor 
Allow the timezone to be overrided by vendor

CRs-Fixed: 2293241
Change-Id: I5f253df2ecb41013c9ab33d2087f2e0e2ea9e25a
 2019-01-17 23:08:50 -08:00
Alex Kuoch
a20bceae50 Added device sepolicy rules for NN HAL 1.2 implementation 
Change-Id: Ibedaf1e6b3756664398a2e7f7ebbea9de069ca06
 2019-01-17 16:13:13 -05:00
qctecmdr Service
baf172aa10 Merge "sepolicy: add sepolicy for secure ui data files" 2019-01-17 04:37:36 -08:00
Rajesh Yadav
d4888158be sepolicy: add sepolicy for secure ui data files 
Add /data/vendor/tui dir read permissions to tee
to allow dynamic font loading by sui listener.

Change-Id: Ibbb6b27ed896e89d9eab3fc91e58feef6759c079
 2019-01-17 17:48:30 +05:30
qctecmdr Service
8087eab689 Merge "Sepolicy: Address bootup denials for configstore" 2019-01-17 00:27:52 -08:00
Divya Sharma
48af07427e file removed generic/vendor/common/drmserver.te 
Change-Id: Ie5509b96206257dabbb8ddecaa3ab560971df9a4
 2019-01-16 21:47:47 -08:00
qctecmdr Service
f98e11ea8a Merge "sepolicy: configure framework detect jni as SP-HAL" 2019-01-14 01:05:18 -08:00
qctecmdr Service
a7fef51c5b Merge "selinux: Add policy for port-bridge to support mhi" 2019-01-13 23:31:40 -08:00
qctecmdr Service
6ad10fec94 Merge "Camera: adding sepolicy for accessing vendor properties" 2019-01-13 23:15:19 -08:00
Mohamed Sunfeer
319cd450b9 sepolicy: Add selinux rules to disable SPU 
Add disable SPU property to allow OEM to disable SPU.

Change-Id: I60a98f87d7557ea9263843ed8d475c091c5e634c
 2019-01-11 16:40:21 +05:30
Sauhard Pande
1b99037858 Camera: adding sepolicy for accessing vendor properties 
Issue: To access and read vendor.camera.aux.packagelist
and persist.vendor.camera.privapp.list. Needed to identify
priviledged app and dual camera exposure

Fix: Accessed only on system side thus added flags as
extended_core_property_type

Change-Id: I9518e88cdbc8411a9c070cc01a000442828715a4
 2019-01-10 22:16:36 -08:00
Sean Tranchetti
ee012cbc25 selinux: Add policy for port-bridge to support mhi 
Allow port-bridge to operate over the mhi interface.

Change-Id: I1aa0a6ddf2a39344a7e1e56c928cc6947cf8640d
 2019-01-10 12:22:31 -07:00
Ankur Sharma
6ed23be2cd Make sepolicy rules for new domain qtidataservices 
Adding rules and binder call for the new domain
qtidataservices_app which is created as part of
moving cne's certifciate API's from system to
vendor partition.

Change-Id: I1b67595e413983a925d4be4ad182e748de68e309
CRs-Fixed: 2378996
 2019-01-10 19:19:51 +05:30
Archit Srivastava
4631b2782b Sepolicy: Address bootup denials for configstore 
Allowing surfaceflinger to check HDR and WCG Supported at run time from
hardware to override hardcoded values defined in $TARGET.mk

Change-Id: Id4857b9d790b73b787e20f7cbc46d3dcf34a47ea
 2019-01-10 17:47:12 +05:30
shoudil
1c4c060c2a sepolicy: configure framework detect jni as SP-HAL 
Allow vendor apk to access share libs under /vendor
to dynamically detetct framework as modified or purs
AOSP.

Change-Id: Ic5a755fcd2bc8042db9294aff2d7ec69d9db0385
CRs-Fixed: 2376508
 2019-01-09 16:54:38 +08:00
qctecmdr Service
714332895d Merge "sepolicy: Label /data/vendor/tombstones and provide access for rfs_access" 2019-01-07 22:32:02 -08:00
Eric Chang
baff8e9b42 Create new sepolicy domain for qtidataservices 
Adds selinux policies required to move CNE's certificate
API from system to vendor partition

Change-Id: I37cc2f23a4b776807e4333c04710eb49b70a7e62
 2019-01-07 10:20:40 -08:00
Abhinay Reddy Vanipally
019acee551 sepolicy: Label /data/vendor/tombstones and provide access for rfs_access 
changing the label /data/vendor/tombstones and provide access for rfs_access 

Change-Id: Ia05abd97c0125a9d2af183524d1d8731aa8303c0
 2019-01-03 09:29:45 -08:00
Aman Gupta
b576ecfec9 Sepolicy: Addressed the DATAQTI denials for IPC Router socket 
Addressed the DATAQTI denials for IPC Router socket

Change-Id: I95bdcbf7608e0973d616cf89a5022bf324247a91
 2019-01-02 03:16:33 -08:00
Shaikh Shadul
f9adb88fe8 sepolicy: initial sensors policy changes for common image 
Change-Id: I7bc74d7b90ef39d878cd4b096713c66f818b4fe6
 2018-12-26 14:28:45 +05:30
qctecmdr Service
a7d9f7bc9e Merge "sepolicy: msmnile: add esoc ssr node" 2018-12-20 23:44:48 -08:00
qctecmdr Service
ae7ff39c1f Merge "sepolicy: add policies for mdm_helper" 2018-12-20 23:25:54 -08:00
qctecmdr Service
5bfbe5e910 Merge "Add genfs_contexts file for Kona Q" 2018-12-20 23:10:45 -08:00
Eric Chang
d792669537 selinux: Add policy for rild to add IDataConnection HAL 
Denial
SELinux : avc:  denied  { add } for interface=
vendor.qti.hardware.data.connection::IDataConnection pid=5619
scontext=u:r:rild:s0 tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager permissive=0

Change-Id: I0d3eedf7e001179f6ed6faa7b2ae93ea2df9306c
 2018-12-19 11:25:22 -08:00
Jaihind Yadav
f45cc554e4 sepolicy:removed system_file access for the domain 
netmgrd and qti_init_shell is accessing system file.
due to newrestriction in AOSP it is throwing build error.
So removing it.

Change-Id: I5c43c38ac0d7e47c9b602a484ceb7b70322debc8
 2018-12-19 05:27:49 -08:00
Sahil Madeka
a77ced9488 Add genfs_contexts file for Kona Q 
Change-Id: Icdd1fe857e76c3d0554d911612fb15562af29925
 2018-12-19 04:15:01 -08:00
qctecmdr Service
6efd0a5ed9 Merge "sepolicy: removing /firmware and /bt_firmware labeling" 2018-12-19 01:23:51 -08:00
Jaihind Yadav
a0c3217131 sepolicy: removing /firmware and /bt_firmware labeling 
/firmare and /bt_firmware is not there for this target.
So removing labeling of these partition from file_contetxs.

Change-Id: I246dae55956421c502c4eb0a46ea8579187240ee
 2018-12-19 00:58:01 -08:00
Jaihind Yadav
0ad82e0e41 Revert "sepolicy: priv_app is no longer client of hal_perf." 
This reverts commit ccc837d327.

Change-Id: If69d4a4b27e7b6d69c2ee0dabd5d41d4c4429f98
 2018-12-18 02:04:13 -08:00
Jaihind Yadav
672e3dbde7 sepolicy: removing legacy target dir. 
this target is no longer would be supported on this compponent.
So removing it.

Change-Id: I70c96a029a476c8067182bdd6dbb0b25d683791a
 2018-12-18 12:45:20 +05:30
qctecmdr Service
70e43bc400 Merge "Add macro for framework type detection module" 2018-12-17 01:09:00 -08:00
Jaihind Yadav
ccc837d327 sepolicy: priv_app is no longer client of hal_perf. 
Due to newrestriction priv_app can't access cgroup.
And priv_app is client of hal_perf, so had to remove it.

Change-Id: Idb17f438e06bdd71df235072eec4973556ce09d0
 2018-12-14 18:48:08 +05:30
Smita Ghosh
0f0c42fe37 Add OTA support for multiimgoem 
update_engine needs rw access to each of the partitions that needs to
be updated by OTA.

Change-Id: Id3af536cebd2e280abf89443cb9ac445e009aa7d
 2018-12-12 18:42:46 -08:00
Adam Bickett
ec9e378641 sepolicy: msmnile: add esoc ssr node 
Add esoc node to sysfs_ssr type. This is required to allow subsystem
queries for targets with external modem.

Change-Id: Ib2f559e27770a5b113e77672554825904b5c707d
 2018-12-11 23:04:47 -08:00
Chalapathi Bathala
41c6bfc0aa sepolicy: add policies for mdm_helper 
Add policies for mdm_helper

Change-Id: Ie233107671fd9566f822d54bc1cd0b22286ca6f3
 2018-12-11 10:41:56 -08:00
David Ng
8546ead68d Add macro for framework type detection module 
Add permissions needed for clients to use the
vendor framework detection library module.  All
native clients using the framework detection
module must use the macro for their domain.

The existing permission needs are empty
(already part of domain) but added placeholder
to allow any underlying mechanism changes that
may require new permissions.

Change-Id: I88de640608e673a77a357afce11af8cb4d01e2d9
 2018-12-07 12:37:19 -08:00
Linux Build Service Account
4327d05bdd Merge "sepolicy: kernel.te: Add qipcrtr_socket permissions" into sepolicy.lnx.5.9 2018-12-06 09:15:08 -08:00