tequilaOS/platform_device_qcom_sepolicy-legacy-um
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
2297 commits 1 branch 0 tags 4.7 MiB
Commit graph

2297 commits

This branch
This branch
All branches
Author SHA1 Message Date
vijay.rayabarapu
ff7b884e6c Sepolicy: adding new line to property context file 
Change-Id: Ic384df1fcd2bdc58ce017e44468dbfe8cfc9f42e
 2019-01-23 12:19:18 -08:00
qctecmdr Service
2643556c36 Merge "Associate proc_type to proc_audiod and add qti_debugfs fs_type" 2019-01-23 11:33:37 -08:00
Mahesh Kumar Sharma
4b7b683bdb sepolicy: grant write permission of rkill state to bluetooth 
Add label for rfkill and extldo node and grant
writeable permission to bluetooth.

Change-Id: I6cb08069193dcf29675d35bfa4d91d2729cc0518
 2019-01-21 14:34:57 -08:00
qctecmdr Service
c02d1b31ae Merge "sepolicy: added permissions needed for atfwd" 2019-01-21 01:09:30 -08:00
qctecmdr Service
82252acb81 Merge "sepolicy: Add gralloc.qcom to SP HALs" 2019-01-21 01:01:01 -08:00
Huang Li
b47502c653 Sepolicy: Porting QMMI/FFBM Sepolicy from sepolicy 4.0 to 5.9. 
Porting all relative sepolicy files for factory test.

Change-Id: I573bd39f5071a646bb38854027e066b09602b9f1
CRs-Fixed: 2374478,2374492,2374499,2374503
 2019-01-21 13:14:43 +08:00
Biswajit Paul
5edc732c57 Associate proc_type to proc_audiod and add qti_debugfs fs_type 
proc_audiod was mising the attribute proc_type. Add the same to
fix compilation when proc_audiod rules are added. Also add qti_debugfs
to enable usage of the same.

Change-Id: I160a576dc2ea3ad5f9e9d5c7327ebabdabbc051a
 2019-01-18 16:31:55 -08:00
Naseer Ahmed
e025f2ec9a sepolicy: Add gralloc.qcom to SP HALs 
Change-Id: I22465657ce3db65fce34579889b8c6762301db45
CRs-Fixed: 2383034
 2019-01-18 19:14:26 -05:00
Wileen Chiu
5d9c5005f1 sepolicy: added permissions needed for atfwd 
Adding sepolicy rules for denials seen for
atfwd daemon.

Change-Id: Id4b0e2a36222ca12dfe5a6ec4121ab7cf605afe5
 2019-01-18 15:09:52 -08:00
John Zhao
0dbba5d923 sepolicy: timezone to be overrided by vendor 
Allow the timezone to be overrided by vendor

CRs-Fixed: 2293241
Change-Id: I5f253df2ecb41013c9ab33d2087f2e0e2ea9e25a
 2019-01-17 23:08:50 -08:00
qctecmdr Service
baf172aa10 Merge "sepolicy: add sepolicy for secure ui data files" 2019-01-17 04:37:36 -08:00
Rajesh Yadav
d4888158be sepolicy: add sepolicy for secure ui data files 
Add /data/vendor/tui dir read permissions to tee
to allow dynamic font loading by sui listener.

Change-Id: Ibbb6b27ed896e89d9eab3fc91e58feef6759c079
 2019-01-17 17:48:30 +05:30
qctecmdr Service
8087eab689 Merge "Sepolicy: Address bootup denials for configstore" 2019-01-17 00:27:52 -08:00
Divya Sharma
48af07427e file removed generic/vendor/common/drmserver.te 
Change-Id: Ie5509b96206257dabbb8ddecaa3ab560971df9a4
 2019-01-16 21:47:47 -08:00
qctecmdr Service
f98e11ea8a Merge "sepolicy: configure framework detect jni as SP-HAL" 2019-01-14 01:05:18 -08:00
qctecmdr Service
a7fef51c5b Merge "selinux: Add policy for port-bridge to support mhi" 2019-01-13 23:31:40 -08:00
qctecmdr Service
6ad10fec94 Merge "Camera: adding sepolicy for accessing vendor properties" 2019-01-13 23:15:19 -08:00
Mohamed Sunfeer
319cd450b9 sepolicy: Add selinux rules to disable SPU 
Add disable SPU property to allow OEM to disable SPU.

Change-Id: I60a98f87d7557ea9263843ed8d475c091c5e634c
 2019-01-11 16:40:21 +05:30
Sauhard Pande
1b99037858 Camera: adding sepolicy for accessing vendor properties 
Issue: To access and read vendor.camera.aux.packagelist
and persist.vendor.camera.privapp.list. Needed to identify
priviledged app and dual camera exposure

Fix: Accessed only on system side thus added flags as
extended_core_property_type

Change-Id: I9518e88cdbc8411a9c070cc01a000442828715a4
 2019-01-10 22:16:36 -08:00
Sean Tranchetti
ee012cbc25 selinux: Add policy for port-bridge to support mhi 
Allow port-bridge to operate over the mhi interface.

Change-Id: I1aa0a6ddf2a39344a7e1e56c928cc6947cf8640d
 2019-01-10 12:22:31 -07:00
Archit Srivastava
4631b2782b Sepolicy: Address bootup denials for configstore 
Allowing surfaceflinger to check HDR and WCG Supported at run time from
hardware to override hardcoded values defined in $TARGET.mk

Change-Id: Id4857b9d790b73b787e20f7cbc46d3dcf34a47ea
 2019-01-10 17:47:12 +05:30
shoudil
1c4c060c2a sepolicy: configure framework detect jni as SP-HAL 
Allow vendor apk to access share libs under /vendor
to dynamically detetct framework as modified or purs
AOSP.

Change-Id: Ic5a755fcd2bc8042db9294aff2d7ec69d9db0385
CRs-Fixed: 2376508
 2019-01-09 16:54:38 +08:00
qctecmdr Service
714332895d Merge "sepolicy: Label /data/vendor/tombstones and provide access for rfs_access" 2019-01-07 22:32:02 -08:00
Eric Chang
baff8e9b42 Create new sepolicy domain for qtidataservices 
Adds selinux policies required to move CNE's certificate
API from system to vendor partition

Change-Id: I37cc2f23a4b776807e4333c04710eb49b70a7e62
 2019-01-07 10:20:40 -08:00
Abhinay Reddy Vanipally
019acee551 sepolicy: Label /data/vendor/tombstones and provide access for rfs_access 
changing the label /data/vendor/tombstones and provide access for rfs_access 

Change-Id: Ia05abd97c0125a9d2af183524d1d8731aa8303c0
 2019-01-03 09:29:45 -08:00
Aman Gupta
b576ecfec9 Sepolicy: Addressed the DATAQTI denials for IPC Router socket 
Addressed the DATAQTI denials for IPC Router socket

Change-Id: I95bdcbf7608e0973d616cf89a5022bf324247a91
 2019-01-02 03:16:33 -08:00
Shaikh Shadul
f9adb88fe8 sepolicy: initial sensors policy changes for common image 
Change-Id: I7bc74d7b90ef39d878cd4b096713c66f818b4fe6
 2018-12-26 14:28:45 +05:30
qctecmdr Service
a7d9f7bc9e Merge "sepolicy: msmnile: add esoc ssr node" 2018-12-20 23:44:48 -08:00
qctecmdr Service
ae7ff39c1f Merge "sepolicy: add policies for mdm_helper" 2018-12-20 23:25:54 -08:00
qctecmdr Service
5bfbe5e910 Merge "Add genfs_contexts file for Kona Q" 2018-12-20 23:10:45 -08:00
Eric Chang
d792669537 selinux: Add policy for rild to add IDataConnection HAL 
Denial
SELinux : avc:  denied  { add } for interface=
vendor.qti.hardware.data.connection::IDataConnection pid=5619
scontext=u:r:rild:s0 tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager permissive=0

Change-Id: I0d3eedf7e001179f6ed6faa7b2ae93ea2df9306c
 2018-12-19 11:25:22 -08:00
Jaihind Yadav
f45cc554e4 sepolicy:removed system_file access for the domain 
netmgrd and qti_init_shell is accessing system file.
due to newrestriction in AOSP it is throwing build error.
So removing it.

Change-Id: I5c43c38ac0d7e47c9b602a484ceb7b70322debc8
 2018-12-19 05:27:49 -08:00
Sahil Madeka
a77ced9488 Add genfs_contexts file for Kona Q 
Change-Id: Icdd1fe857e76c3d0554d911612fb15562af29925
 2018-12-19 04:15:01 -08:00
qctecmdr Service
6efd0a5ed9 Merge "sepolicy: removing /firmware and /bt_firmware labeling" 2018-12-19 01:23:51 -08:00
Jaihind Yadav
a0c3217131 sepolicy: removing /firmware and /bt_firmware labeling 
/firmare and /bt_firmware is not there for this target.
So removing labeling of these partition from file_contetxs.

Change-Id: I246dae55956421c502c4eb0a46ea8579187240ee
 2018-12-19 00:58:01 -08:00
Jaihind Yadav
0ad82e0e41 Revert "sepolicy: priv_app is no longer client of hal_perf." 
This reverts commit ccc837d327.

Change-Id: If69d4a4b27e7b6d69c2ee0dabd5d41d4c4429f98
 2018-12-18 02:04:13 -08:00
Jaihind Yadav
672e3dbde7 sepolicy: removing legacy target dir. 
this target is no longer would be supported on this compponent.
So removing it.

Change-Id: I70c96a029a476c8067182bdd6dbb0b25d683791a
 2018-12-18 12:45:20 +05:30
qctecmdr Service
70e43bc400 Merge "Add macro for framework type detection module" 2018-12-17 01:09:00 -08:00
Jaihind Yadav
ccc837d327 sepolicy: priv_app is no longer client of hal_perf. 
Due to newrestriction priv_app can't access cgroup.
And priv_app is client of hal_perf, so had to remove it.

Change-Id: Idb17f438e06bdd71df235072eec4973556ce09d0
 2018-12-14 18:48:08 +05:30
Smita Ghosh
0f0c42fe37 Add OTA support for multiimgoem 
update_engine needs rw access to each of the partitions that needs to
be updated by OTA.

Change-Id: Id3af536cebd2e280abf89443cb9ac445e009aa7d
 2018-12-12 18:42:46 -08:00
Adam Bickett
ec9e378641 sepolicy: msmnile: add esoc ssr node 
Add esoc node to sysfs_ssr type. This is required to allow subsystem
queries for targets with external modem.

Change-Id: Ib2f559e27770a5b113e77672554825904b5c707d
 2018-12-11 23:04:47 -08:00
Chalapathi Bathala
41c6bfc0aa sepolicy: add policies for mdm_helper 
Add policies for mdm_helper

Change-Id: Ie233107671fd9566f822d54bc1cd0b22286ca6f3
 2018-12-11 10:41:56 -08:00
David Ng
8546ead68d Add macro for framework type detection module 
Add permissions needed for clients to use the
vendor framework detection library module.  All
native clients using the framework detection
module must use the macro for their domain.

The existing permission needs are empty
(already part of domain) but added placeholder
to allow any underlying mechanism changes that
may require new permissions.

Change-Id: I88de640608e673a77a357afce11af8cb4d01e2d9
 2018-12-07 12:37:19 -08:00
Linux Build Service Account
4327d05bdd Merge "sepolicy: kernel.te: Add qipcrtr_socket permissions" into sepolicy.lnx.5.9 2018-12-06 09:15:08 -08:00
Chris Lew
e0eb6bb836 sepolicy: kernel.te: Add qipcrtr_socket permissions 
Give kernel permissions to create qipcrtr_socket which is used for
diag and kernel qmi.

Change-Id: Id7911a882ea39b9dc84344f38466e845aef3dbd8
 2018-12-04 16:30:52 -08:00
Eric Chang
9413225997 selinux: Add policy for rild to add IWlan HAL. 
Change-Id: Ife3b1197be06593aae1eb031f79ca64c513d8b6e
 2018-11-27 13:35:49 -08:00
Hemant Gupta
c21eb88d4b sepolicy : Address BT denials resulting in error popups 
Address BT denials resulting in error popups.

Change-Id: Ifba5c183739663113dd58814fbf445ae51cefd77
 2018-11-27 16:21:06 +05:30
Ravi Kumar Siddojigari
4106db5b4f sepolicy : cleanup and misc denials addressed . 
as part of bringup addressed misc denials and code cleanup

Change-Id: Ifba5c183739663113dd58814fbf445ae51cefe77
 2018-11-15 22:25:34 -08:00
Vara Prasad A V S G
1287d1c879 sepolicy : remove system_writes_vendor_properties_violators 
As part of treble system /core services are not allowed  to
set vendor property .

if Property defined is part of system image then it can be set
or get by core/system services provided we define the property
as extended_core_property_type. So adding this to the property
that are added by vendor and used by core/system services.

Change-Id: I7ad8bc562be09126c082fc54f52499f5138fea5b
 2018-11-15 03:41:05 -08:00
Siddeswar Aluganti
69f3ff2c7d Fix build errors. 
Change-Id: If024d9253ad12fcbeab755f1e77421ec20f28b95
 2018-11-14 14:37:31 -08:00