tequilaOS/platform_device_qcom_sepolicy-legacy-um
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3536 commits 1 branch 0 tags 4.7 MiB
Commit graph

3536 commits

This branch
This branch
All branches
Author SHA1 Message Date
Linux Build Service Account
dabe110bf0 Merge "Add sepolicy dir and sock permissions to location module" into sepolicy.lnx.12.0.c2 2024-01-30 21:10:00 -08:00
Harikrishnan Hariharan
e1c8914c62 Add sepolicy dir and sock permissions to location module 
Allow location module to have directory read, write
and socket create permissions in /data/vendor/ path.

CRs-Fixed: 2205732
Change-Id: I4a75623b562337e13b121bacf86af0f97f457916
 2024-01-25 09:06:34 +05:30
Nilesh Gharde
8273b09de3 location AVC denials during user profile switch 
CRs-fixed: 3713029
Change-Id: Ie20f60a981769278dc1fda195e55f27942cd6a78
 2024-01-23 03:12:55 -08:00
Neelu Maheshwari
8569f71b88 sepolicy : Allow apps to have read access to vendor_display_prop 
Change-Id: Ib2793107a54fa1a2df60ac872645277a9a0b2415
 2023-11-27 23:29:02 -08:00
Linux Build Service Account
36ea3c2980 Merge "SE Policy change to fix avc denial for qcrild socket" into sepolicy.lnx.12.0.c2 2023-11-27 01:46:54 -08:00
Linux Build Service Account
1ea539bb46 Merge "Avc denials on sdm660 from location, hal_gnss_qti" into sepolicy.lnx.12.0.c2 2023-11-27 01:46:51 -08:00
Linux Build Service Account
5207f749c4 Merge "sepolicy: Add file context for Widevine DRM" into sepolicy.lnx.12.0.c2 2023-11-22 23:31:23 -08:00
Linux Build Service Account
2664ad4668 Merge "Sepolicy : dontaudit to vendor.hw.fm.init property" into sepolicy.lnx.12.0.c2 2023-11-17 02:52:29 -08:00
Linux Build Service Account
0ccdfafa9a Merge "sepolicy:qcc : switch to platform app" into sepolicy.lnx.12.0.c2 2023-11-16 22:21:34 -08:00
Sanghoon Shin
2145757135 sepolicy:qcc: add qcc path to dropbox 
allow both "qcc" and "qdma" in preparation to transition to "qcc"
to avoid use "qdma" word in implementation

Change-Id: I608f8ecc14e56f3b17823c759c7064f09601f594
 2023-11-16 05:10:18 -08:00
Sanghoon Shin
4c6d84fd65 sepolicy:qcc : switch to platform app 
Change-Id: I661fef3af7d0a9518f67e14f2787999f268485e0
 2023-11-16 05:10:11 -08:00
Neelu Maheshwari
adc7e8bb6b Sepolicy : dontaudit to vendor.hw.fm.init property 
Change-Id: I0abc011871328bb269767ceffe9b6ddb2cf9b185
 2023-11-16 17:39:38 +05:30
Kamesh Relangi
4603509240 SE Policy change to fix avc denial for qcrild socket 
Change-Id: I1c2f3378d974a07496590a3dbd1b20323dbbba16
 2023-11-15 11:51:54 +05:30
Nilesh Gharde
1750c0806f Avc denials on sdm660 from location, hal_gnss_qti 
Change-Id: I3ac6a4d5db46cce66eecd70531a180e21177d979
CRs-fixed: 3661430
 2023-11-15 11:48:10 +05:30
Prabhat Roy
a14482b2b1 sepolicy: Add file context for Widevine DRM 
Set context for widevine services
android.hardware.drm-service-widevine
android.hardware.drm-service-lazy.widevine

validation:
xts test case: passes all the xts test case

Change-Id: I568149e2c91f86a72007fb5b04f5597f133eea64
 2023-11-03 12:46:32 +05:30
Linux Build Service Account
a015be7f62 Merge "sepolicy: Fix qcc avc denial issue" into sepolicy.lnx.12.0.c2 2023-10-11 23:26:20 -07:00
Neelu Maheshwari
8b41a7958b sepolicy: Fix qcc avc denial issue 
Add rule to allow qcc to access runtime data file and fix below
    denial:

    avc: denied { read } for  comm="qccsyshal@1.2-s" name="qcc" dev="dm-36" ino=682
    scontext=u:r:vendor_qccsyshal_qti:s0 tcontext=u:object_r:system_data_file:s0
    tclass=dir permissive=0

Change-Id: I1477af3537b8158d4c47af93cf753db89e20cccd
 2023-10-11 23:03:28 -07:00
Neelu Maheshwari
61bf1906d7 sepolicy:donotaudit for com.qualcomm.location 
auditd  : type=1400 audit(0.0:25): avc:  denied  { read } for  comm="alcomm.location"
name="u:object_r:default_prop:s0" dev="tmpfs" ino=23722
scontext=u:r:vendor_location_app:s0 tcontext=u:object_r:default_prop:s0
tclass=file permissive=0 app=com.qualcomm.location

Change-Id: I1fe8e7730f569fbaf955e79aba784de70cc9f944
 2023-10-11 22:56:13 -07:00
Nilesh Gharde
cdaad86cac Sepolicy rules to allow Gnss Hal to access ssgtz 
CRs-fixed: 3593483
Change-Id: Iec880aa7908f2c3aa71695a4961823ff7dd0b677
 2023-09-25 00:06:03 -07:00
Linux Build Service Account
1347478fc8 Merge "Allow vendor_location_xtwifi_client to access ssgtzd socket" into sepolicy.lnx.12.0.c2 2023-09-20 02:28:21 -07:00
Linux Build Service Account
a859c67fc9 Merge "sepolicy rules to allow Gnss Hal to access RIL Srv" into sepolicy.lnx.12.0.c2 2023-09-20 02:28:18 -07:00
Himanshu Agrawal
6f68a803eb sepolicy: Compilation fix for newer upgrade. 
Change-Id: I7eb38060cb0a1ad3e09d221022bd5955fb95b396
 2023-05-19 05:10:20 -07:00
Linux Build Service Account
546edbb3c4 Merge "sepolicy: using SYSTEM_EXT_<PUBLIC/PRIVATE>_SEPOLICY_DIRS variable" into sepolicy.lnx.12.0.c2 2023-05-19 04:43:49 -07:00
Mobashshirur Rahman
5115a5faef sepolicy rules to allow Gnss Hal to access RIL Srv 
Change-Id: Iacbe878f740c71923d5da5c82fbe754ec9fb156b
 2023-05-17 17:18:25 +05:30
Mobashshirur Rahman
b3c7469b74 Allow vendor_location_xtwifi_client to access ssgtzd socket 
Change-Id: Ia3bdc36b455192f87fc480143068f49e8a401314
 2023-05-17 17:12:39 +05:30
Himanshu Agrawal
0d44cf1b75 sepolicy: Add sepolicy rules for TZAS 
Add the sepolicy rules for trustzone
access service to provide it access to
various vendor and android services.

Change-Id: I80f8bcb9a917ed18331fa3b92f1e8c65f8c631ad
 2023-05-09 03:05:55 -07:00
Himanshu Agrawal
c88bdefd08 sepolicy: using SYSTEM_EXT_<PUBLIC/PRIVATE>_SEPOLICY_DIRS variable 
BOARD_PLAT_<PUBLIC/PRIVATE>SEPOLICY_DIR is going to be deprecated
so using new flag.

Change-Id: I039e81ca3bced08038f0e7f2ea3e706947d024fb
 2023-05-09 03:05:14 -07:00
Sridhar Kasukurthi
ee6be5f18d sepolicy: Add policy for atfwd client 
Add policy for atfwd daemon client

Change-Id: I0251b892ffdfbd02ba16b3dc08998581b1c45015
CRs-Fixed: 3450521
 2023-04-05 11:54:07 +05:30
Sridhar Kasukurthi
5411d6a5af sepolicy: Add sepolicy for AtCmdFwd app 
Change-Id: I5b3bf28701a785988dcaaaf207a98d0d1cb3f002
 2023-03-23 15:46:34 +05:30
Jiani Liu
f9714cd55d Add sepolicy for ISupplicantVendor aidl 
This commit adds required sepolicy changes to avoid avc denial for new
vendor.qti.hardware.wifi.supplicant.ISupplicantVendor/default.

Change-Id: Ie272772338299eb2c684b1c3683e062b12ca486b
 2023-03-07 14:54:08 +08:00
Arvind Kumar
127987d3e0 Permission to access binderfs for binder info 
Change-Id: If386da636f084c2c67ee6323300aae0c2ac75bc5
 2022-11-03 11:43:07 +05:30
Sanghoon Shin
c3c0f8aeca sepolicy: fix issue on non-snap target 
1. avc: denied { search } for comm="com.qti.qcc" name="qdma" dev="dm-8" ino=546
scontext=u:r:system_app:s0 tcontext=u:object_r:vendor_qcc_data_file:s0 tclass=dir permissive=0
2. avc:  denied  { find } for interface=vendor.qti.hardware.qccvndhal::IQccvndhal
sid=u:r:system_app:s0 pid=2183 scontext=u:r:system_app:s0
tcontext=u:object_r:vendor_hal_qccvndhal_hwservice:s0 tclass=hwservice_manager permissive=0

Change-Id: Ib252a7507274d0d6c97e8adc72775d23e9900de1
 2022-07-22 15:10:41 -07:00
Neelu Maheshwari
a8d0a3a4af Sepolicy : Fixed Multiple AVC Denials in 11.2.1 SDM660. 
Change-Id: I720fc8af14e1aea42d343603f740f09066f5427a
 2022-07-15 00:39:19 -07:00
Akhil P Oommen
3114a14f3d sepolicy: Add shell permission to /sys/class/kgsl/kgsl-3d0/perfcounter 
Allow shell users to have permission to update sysfs node
/sys/class/kgsl/kgsl-3d0/perfcounter

Change-Id: I648b7f4b25e4c8c1644be5046677f41e7b5d2f8c
 2022-03-23 14:52:03 +05:30
Himanshu Agrawal
b22b63ec7b sepolicy:labeling socid and granting the permission to the domains 
for legacy target.

remove read permission for untrusted app to read device info.
Soc_id and family are set to be global read.

Change-Id: I2a30d75f6678f78c746b7b02d8a5abcda6248cea
 2022-01-27 08:45:24 -08:00
Bharat Pawar
9ee7d8250c sepolicy: Add create socket file permission for wcnss_service 
cnss_cli use unix socket to communicate with cnss-daemon.
cnss-daemon need create unix socket server file when init.

Change-Id: Ibbe1eb1f418da17c0155a0663f6a94d8777ef80f
 2022-01-03 14:46:27 +05:30
Himanshu Agrawal
e1dd1dfb1a sepolicy: Modified qcc files from qva to generic 
Change-Id: I637d4db79ee85cdf6e26d5cc6b446755f1be80d2
 2021-12-17 11:53:21 +05:30
Himanshu Agrawal
3970a6c9e5 sepolicy: Address multiple avc denials during bootup 
Change-Id: I9eb5510799b33ab17f56d0e1f1440f38b87fa2c3
 2021-12-09 15:16:04 +05:30
Himanshu Agrawal
48290d633b sepolicy: Add device specific wakeup nodes 
Change-Id: I1f39b7e7d13920969f2573e157b217c05adf50fa
 2021-12-06 01:15:58 -08:00
Neelu Maheshwari
cd83ea175c Sepolicy : Fixes for multiple avc denial for sdm660 
Change-Id: If0df4244e417775503e524a8cd5a2212dde0748e
 2021-12-01 16:03:44 +05:30
Neelu Maheshwari
3a39145fbd Sepolicy : Fixes for Multiple denials 
Change-Id: I51e915e0a41a1d24947f79a7d0128a934f02dcfa
 2021-11-17 03:39:10 -08:00
Linux Build Service Account
f5b11b7887 Merge "Sepolicy: Fix avc denial seen during boot up." into sepolicy.lnx.12.0.c2 2021-10-29 10:57:01 -07:00
Linux Build Service Account
9246e22f7a Merge "sepolicy: adding getattr perm for init" into sepolicy.lnx.12.0.c2 2021-10-29 10:56:01 -07:00
Sundhara Raja Usiripati
7353e15e06 sepolicy: adding getattr perm for init 
Change-Id: I4b7295066031aa838139dda203fec019a11386dd
 2021-10-28 07:52:55 -07:00
Neelu Maheshwari
27d9d234b4 sepolicy: Add find permission to systemhelper_app.te 
Change-Id: Ia2a650d5d77dd70b7e6044bfe914f6494c4ed06a
 2021-10-28 07:52:03 -07:00
Amritendu Biswas
183f2de411 sepolicy: support qmi based embms msdc on legacy targets 
Change-Id: I0cac6d60d636ce546f91764703faca468c0ce85f
 2021-10-28 13:52:17 +05:30
Himanshu Agrawal
a3b4f4e984 Sepolicy: Fix avc denial seen during boot up. 
avc: denied { search } for name="location" dev="dm-8" ino=514
scontext=u:r:tlocd:s0 tcontext=u:object_r:location_data_file:s0
tclass=dir permissive=0

avc: denied { write } for name="kmsg" dev="tmpfs" ino=1559
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:kmsg_device:s0
tclass=chr_file permissive=0

- Added these policies as part of reduce avc deniels in boot up

Change-Id: I68868f5c3084bd10d8e74dd0623160a849dab5b9
 2021-10-28 11:12:46 +05:30
Linux Build Service Account
064c4b07f1 Merge "sepolicy: Add read dir permission to hal_bootctl.te" into sepolicy.lnx.12.0.c2 2021-10-21 01:29:51 -07:00
Himanshu Agrawal
bd0d1c24e4 sepolicy: Allow access for /dev/qseecom from vendor_init 
avc: denied { getattr } for path="/dev/qseecom" dev="tmpfs" ino=25714
scontext=u:r:vendor_init:s0 tcontext=u:object_r:tee_device:s0
tclass=chr_file permissive=0

Change-Id: Ia55d4e07c4596ab9d2f78cba91b22d84bf35dc5d
 2021-10-12 22:08:32 +05:30
Sundhara Raja Usiripati
da451f1c9f sepolicy: Add read dir permission to hal_bootctl.te 
hal_bootctl needs read permission to sysfs_dt_firmware_android

Change-Id: I6e89b2db756d7070bc4b815cf15a6a4f241d137b
 2021-09-27 15:27:52 +05:30