tequilaOS/platform_device_qcom_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3187 commits 1 branch 0 tags 4.5 MiB
Commit graph

441 commits

Author SHA1 Message Date
Subash Abhinov Kasiviswanathan
254cec6163 sepolicy: Add perms for TIPC in netmgrd/rild 
Netmgrd-client communication is changing to TIPC.
Sepolicy needs to grand read/write/bind permissions to netmgrd
and rild to allow communication.

CRs-Fixed: 2586438
Change-Id: I289bbbb2a9aee68fd5f20c0a8144acc71509382b
 2019-12-13 16:21:58 -08:00
Jun-Hyung Kwon
1a04a865e0 sepolicy: allow sensors hal to find graphics mapper service 
allow sensors hal to find graphic mapper service for gralloc1 to
IMapper migration

Change-Id: I9a85e682cac2862b0d6eefa5ff5d6383feba595b
 2019-12-10 10:34:22 -08:00
qctecmdr
af94fa025c Merge "sepolicy-sensors: fix sepolicy denial messages on qsta test app" 2019-12-10 05:10:54 -08:00
qctecmdr
1c3e910343 Merge "sepolicy changes for qcrilNrd daemon" 2019-12-09 10:46:28 -08:00
Smita Ghosh
da37be89a6 Add support for lahaina file_contexts 
Change-Id: Ic0c1b9c865debf567d13a6ebecee3c6f0c9e0573
 2019-12-07 16:38:08 -08:00
Paresh Purabhiya
4786ce5ff7 lito : Enable ODM Partition on Lito 
- Add odm specific policies for lito target

Change-Id: Icdb25b1351690c36edb353f2960c09448982fecb
 2019-12-07 05:52:32 -08:00
Rafeeqh Shaik
fe416219c5 sepolicy changes for qcrilNrd daemon 
qcrilNrd is RIL Daemon. This is new daemon which replaces
qcrild for new targets.

Change-Id: If929028e2a5ee8db77b9df3e4c504871dbf97d16
 2019-12-05 21:01:25 -08:00
Sandeep Neerudu
b99f2ee8f3 sepolicy-sensors: fix sepolicy denial messages on qsta test app 
CR Fixed : 2567282

Change-Id: Ic9e68fae19991ba4931db68507134a68e9c6539b
 2019-11-27 09:06:24 -08:00
Ramkumar Radhakrishnan
bb5d305386 sepolicy: Add permissions for feature_enabler_client 
1. Allow read permission to /mnt/vendor/persist/data/*
2. Binder access for featenab_client.service

Change-Id: I2fcc6e34c5c208c41fcff5ab526a420210a9204c
 2019-11-18 02:17:54 -08:00
Sandeep Neerudu
727a9141ca sepolicy-sensors : allow sensors-hal to access sysfs_adsp_ssr object 
to trigger ssr

Change-Id: Id4a45a972189cdff6d2a4dfd834a977501753b87
 2019-11-13 01:46:47 -08:00
qctecmdr
f04d7607c9 Merge "sepolicy : move lito-sepolicy folder to generic from qva." 2019-11-04 05:14:34 -08:00
qctecmdr
32c73102d0 Merge "sepolicy: Fix avc denials for QSTA test app." 2019-11-04 04:08:15 -08:00
qctecmdr
b2b3c67246 Merge "sepolicy: avoid avc denials in USTA test app path" 2019-11-04 02:58:52 -08:00
qctecmdr
286d083cc4 Merge "Sepolicy: Update the subsystem numbers." 2019-11-04 01:14:07 -08:00
Ravi Kumar Siddojigari
39ec660ac4 sepolicy : move lito-sepolicy folder to generic from qva. 
As change in lito sepolicy handling moving all the sepolicy
related to lito target to  generic folder .

Change-Id: Ib27e9cf90329f6931e79c750a2ab84614e5c2a6d
 2019-10-30 12:24:44 +05:30
Keerthi Gowda Balehalli Satyanarayana
662896ecd8 Sepolicy: Update the subsystem numbers. 
Change-Id: Ic76378f81059b5ff03450b02fdc2d966ef1cc1b8
 2019-10-25 08:29:33 -07:00
Vivek Arugula
0df57d8737 sepolicy: Fix avc denials for QSTA test app. 
This change addresses issue reported in APTSEC-254

Change-Id: I65f0325341f66991f4247d9b45089484a5480909
 2019-10-23 14:07:33 -07:00
Vivek Arugula
11ff0c9a5d sepolicy: avoid avc denials in USTA test app path 
Change-Id: I8f2ab92e54f66c79a2979c6825aed68f81a1739f
 2019-10-23 13:12:22 -07:00
qctecmdr
8cd61d361c Merge "seploicy: For optimization, removing wildcard entry of thermal" 2019-10-22 05:51:17 -07:00
qctecmdr
5dcffe950e Merge "comment out sepolicy neverallow violations to get kona building" 2019-10-22 04:29:36 -07:00
qctecmdr
425192d813 Merge "mediacodec_service was removed." 2019-10-22 02:39:35 -07:00
Sachin Grover
64d8befcb2 seploicy: For optimization, removing wildcard entry of thermal 
Change-Id: I7a843db2ca19c9e530941eef6c1b012c55a62966
Signed-off-by: Sachin Grover <sgrover@codeaurora.org>
 2019-10-20 23:58:08 -07:00
Divya Sharma
0c15e18c6f comment out sepolicy neverallow violations to get kona building 
Change-Id: I6ea860a26ee95ae825ec35acd448880ad9d744ea
 2019-10-16 15:23:46 -07:00
Divya Sharma
7b5419b36e mediacodec_service was removed. 
Change-Id: Ia0df0b3f3ded1d7f62f5e781b012e9bb9ee2c55a
 2019-10-16 15:21:03 -07:00
Rajesh Yadav
a4d2d0ef49 sepolicy: Add rules for TrustedUI and SystemHelper HALs 
Add sepolicy rules for TrustedUI and SystemHelper HALs.

Change-Id: Ic009028c814367cbcef744d921fc7c22960c1981
 2019-10-15 02:25:18 -07:00
qctecmdr
bb191df06b Merge "sepolicy: add dataservice_app access to uce_services." 2019-10-14 05:24:41 -07:00
qctecmdr
a48ea1f159 Merge "sepolicy: Allow hal_memtrack_default search access to sysfs_kgsl" 2019-10-13 23:23:20 -07:00
Ravi Kumar Siddojigari
966192137d sepolicy: add dataservice_app access to uce_services. 
As the commit  db87060f1c.
removed the access for compile time issue adding it back.

Change-Id: I814fa4355693c4fdabcf735eea3e149446dcbabf
 2019-10-10 12:59:36 +05:30
Jaihind Yadav
db87060f1c sepolicy: uce service is moved to system side. 
As this service is moved to system side so definition should be removed from here.

Change-Id: Ie656558c062196203e27c937700e9b568ca80a5d
 2019-10-03 18:51:17 +05:30
Deepak Kumar
7f2c787c42 sepolicy: Allow hal_memtrack_default search access to sysfs_kgsl 
Grant hal_memtrack_default search access to sysfs_kgsl. This fixes
these avc denials seen in user build:
memtrack@1.0-se: type=1400 audit(0.0:2817): avc: denied { search }
for name="kgsl" dev="sysfs" ino=36355
scontext=u:r:hal_memtrack_default:s0
tcontext=u:object_r:sysfs_kgsl:s0 tclass=dir permissive=0

GL and EGL memory are now accounted properly when
"dumpsys meminfo -a <pid>" is executed in user build.

Change-Id: I1601729d4051bc3447a6f680ff38f3aa031efbde
 2019-10-01 12:57:51 +05:30
qctecmdr
85e1512c76 Merge "sepolicy: allow sensor daemon to use wake-lock" 2019-09-29 00:48:09 -07:00
qctecmdr
a4501a9111 Merge "sepolicy: adding vendor_persist_type attribute." 2019-09-29 00:08:50 -07:00
qctecmdr
74707b14bd Merge "Sepolicy : Add dont audit for vendor_gles_data_file label" 2019-09-28 23:26:06 -07:00
Mohit Aggarwal
6886e3677e sepolicy: Define key for TimeService apk 
Define key for TimeService apk
Change-Id: I612120345bed56fd92d438a0a2db3db6aa919519
 2019-09-26 03:44:36 -07:00
Jaihind Yadav
f66d6d1c7b sepolicy: adding vendor_persist_type attribute. 
adding neverallow so that coredomain should not access persist file.

Change-Id: If8ab44db78e08e347cb33239bf2544c22c362b5b
 2019-09-25 18:20:24 +05:30
Linux Build Service Account
90ce94f5b4 Merge "Camera: Add permission for Post Proc service" into sepolicy.lnx.6.0 2019-09-24 00:43:26 -07:00
Linux Build Service Account
d5b3815c1c Merge "sepolicy-sensors : allow init daemon to set sensors_prop properties" into sepolicy.lnx.6.0 2019-09-24 00:40:33 -07:00
Sandeep Neerudu
b9cad48c95 sepolicy-sensors : allow init daemon to set sensors_prop properties 
Change-Id: I6b587a167538cc49c9049511f9448ec99c40b212
 2019-09-23 22:14:10 -07:00
Jun-Hyung Kwon
d34d67fc07 sepolicy: allow sensor daemon to use wake-lock 
allow sscrpcd daemon to access wake-lock sysfs nodes

Change-Id: I679b077480aea8d5eef9df0dd346bd65611ee000
 2019-09-23 22:13:38 -07:00
Rama Krishna Nunna
59b232337b Camera: Add permission for Post Proc service 
- New service added for Post Processor

Change-Id: Ib55517449cee80dd4883a75d8ad9bfb0ed6e1ae1
 2019-09-23 09:17:46 -07:00
kranthi
29c5c84110 Sepolicy : Add dont audit for vendor_gles_data_file label 
System process cannot access vendor partition files.

Change-Id: I7fd5805ac98319660c1e5f9fca3ae2137a49d0a0
 2019-09-23 16:41:37 +05:30
Manaf Meethalavalappu Pallikunhi
8d38d15759 sepolicy: add support for limits-cdsp sepolicy context 
Add limits_block_device file contexts for limits partitions
and allow thermal-engine to access this partition.

Add lmh-cdsp sysfs file to sysfs_thermal file context.

Change-Id: I9c18c9d862f5e99ca36cb8c38acd98ac4f152ebf
 2019-09-23 00:06:15 -07:00
Vivek Arugula
11a5a1c2e3 sepolicy : Add policy rules for usta service 
As part of making USTA (Sensor android test application) as
installable, we split the app into 2 parts. One Acts as only UI,
another one acts as service which interacts with sensors native
via JNI. Both the apps are placed in system/app path only.

Change-Id: I58df425bebef96b9d6515179e9581eed03571ad6
 2019-09-13 17:34:22 -07:00
qctecmdr
700457194e Merge "sepolicy: Add permission for QtiMapperExtension version 1.1." 2019-08-09 04:57:41 -07:00
qctecmdr
76f19f2ea6 Merge "sepolicy: Add rules to enhance pkt logging for cnss_diag" 2019-08-09 02:11:29 -07:00
Ashish Kumar
78fbc21a47 sepolicy: Add permission for QtiMapperExtension version 1.1. 
CRs-Fixed: 2505716
Change-Id: I61d02bcccf2069f792f2ee118fcf5dbf9a7b77ee
 2019-08-08 22:25:46 -07:00
Hu Wang
f0b0780006 sepolicy: Add rules to enhance pkt logging for cnss_diag 
Fix sepolicy denies seen when cnss_diag do pkt logging.

CRs-Fixed: 2502031
Change-Id: If0ae5fb9da36483bef686ae86bdd865f8a3e51ec
 2019-08-08 04:48:33 -07:00
kranthi
03232c6a4f Sepolicy : Do not audit untrusted_app_27 to fix avc denials 
Add do not audit rule for unrusted_app_27 to fix AVC
denials for gpubusy and max_gpuclk props

denial:
type=1400 audit(0.0:465): avc: denied { read } for name="max_gpuclk" dev="sysfs"
ino=56328 scontext=u:r:untrusted_app_27:s0:c178,c256,c512,c768 
tcontext=u:object_r:sysfs_kgsl:s0 tclass=file permissive=0 app=com.gameloft.android.ANMP.GloftA9HM

type=1400 audit(0.0:381): avc: denied { read } for name="gpubusy" dev="sysfs" 
ino=56330 scontext=u:r:untrusted_app_27:s0:c168,c256,c512,c768 
tcontext=u:object_r:sysfs_kgsl:s0 tclass=file permissive=0 app=com.tencent.ig

Change-Id: If11c109b5426c598121cff045ad1693d2221d57e
 2019-08-07 11:35:59 +05:30
Jilai Wang
7dab1aa8e1 sepolicy: Allow NN HAL to access npu device node 
This change is to allow NN HAL to access npu device node.

Change-Id: I193a7fb0b571a734804bc31ccf52376e9a13d500
 2019-08-06 16:55:43 -04:00
Jaihind Yadav
4676536dd1 sepolicy: rule to set kptrstrict value 
Change-Id: I05764146d61ff2ff934888280523fa0559dd083c
 2019-07-31 23:22:36 -07:00
qctecmdr
662e886cb2 Merge "sepolicy: Rename vendor defined property" 2019-07-30 12:53:17 -07:00
Jun-Hyung Kwon
2475d56cc7 Revert "sepolicy : Add property access rules for sensors init script" 
This reverts commit 50dbc4287a.

Change-Id: Ia35ac0fc17cf2fc6cde6cc08465cf1d586a28f5d
 2019-07-29 17:59:28 -07:00
Pavan Kumar M
50ef9c7f89 sepolicy: Rename vendor defined property 
All vendor defined properties should begin with
vendor keyword.

Change-Id: I0235d2b37ead9f015fe27075906dbf33b218173f
 2019-07-29 00:22:17 -07:00
qctecmdr
bb7f2ca878 Merge "Sepolicy: Add policy rules for untrusted_app context" 2019-07-28 21:21:10 -07:00
Rahul Janga
0eb606ffab Sepolicy: Add Do not audit for vendor_gles_data_file 
Addressing the following denials:

audit(0.0:118774): avc: denied { read } for name="esx_config.txt"
dev="dm-4" ino=7451 scontext=u:r:system_app:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=file permissive=1

avc: denied { open } for path="/data/vendor/gpu/esx_config.txt"
dev="dm-4" ino=7451 scontext=u:r:system_app:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=file permissive=1

avc: denied { getattr } for path="/data/vendor/gpu/esx_config.txt"
dev="dm-4" ino=7451 scontext=u:r:system_app:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=file permissive=1

Change-Id: I1d9a8c64a2206e3faa9f367f731f3f542ce7fd4b
 2019-07-25 11:06:50 +05:30
Rahul Janga
9610a7ef1f Sepolicy: Add policy rules for untrusted_app context 
Add gpu related policy rules for untrusted_app

Addressing the following denial:

type=1400 audit(0.0:593): avc: denied { search } for name="gpu" dev="dm-0"
ino=405 scontext=u:r:untrusted_app:s0:c144,c256,c512,c768
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=dir permissive=0
app=com.android.chrome

Change-Id: Iabbc7bea6f00a055f7f0ea3d2b926225737b99d5
 2019-07-24 09:54:45 -07:00
qctecmdr
6e692787b6 Merge "Sepolicy: White list adreno_app_profiles lib" 2019-07-24 04:45:42 -07:00
qctecmdr
83bbdc849e Merge "Sepolicy : Do not audit untrusted_app_27 to fix avc denials" 2019-07-23 05:35:59 -07:00
Aditya Nellutla
202f6a1a0f Sepolicy: White list adreno_app_profiles lib 
This change white lists new adreno_app_profiles library
to avoid sepolicy denials.

Change-Id: Ied35b574aff554a8d26e2cee4fa0530098a48080
 2019-07-23 17:40:35 +05:30
Aditya Nellutla
fcbbf0696e Sepolicy : Do not audit untrusted_app_27 to fix avc denials 
Add do not audit rule for unrusted_app_27 to fix AVC
denials for gpubusy and max_gpuclk props

Change-Id: Idc541a0effc6812c12c1ff5024dfd0b6d4171180
 2019-07-23 16:45:49 +05:30
qctecmdr
280fff6e47 Merge "Sepolicy : Do not audit mediaswcodec access to vendor_gles_data_file" 2019-07-23 02:48:00 -07:00
qctecmdr
78d4d2046a Merge "sepolicy permission required for Socket in port_bridge module." 2019-07-22 05:35:32 -07:00
Chinmay Agarwal
9c95b19d57 sepolicy permission required for Socket in port_bridge module. 
Given SE Policy permissions for port-bridge module to create a UNIX
socket and enable communication with clients in different modules.

Change-Id: I1d3a4fdc30847cd8ee7f7715d3249c1957a0776d
 2019-07-22 14:21:49 +05:30
Rahul Janga
026b564bc3 Sepolicy : Do not audit mediaswcodec access to vendor_gles_data_file 
Addressing the following denial:

type=1400 audit(0.0:10197): avc: denied { search } for name="gpu"
dev="dm-4" ino=405 scontext=u:r:mediaswcodec:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=dir permissive=0

Change-Id: I02c0e40e376dc9d856e1541ba85ede5db379d49a
 2019-07-19 13:50:09 +05:30
qctecmdr
c39df4864d Merge "sepolicy: Add write permission to proc file system" 2019-07-18 23:55:40 -07:00
Ankita Bajaj
bd1c72c440 sepolicy: Add write permission to proc file system 
Provide Wi-Fi HAL read and write access to proc file system.
Wi-Fi Hal needs access to proc file system in order to configure
kernel tcp parameters for achieving higher peak throughputs.

CRs-Fixed: 2491783
Change-Id: I36613f74aaa4adfc33e68442befcdb78af5edd5c
 2019-07-17 14:06:46 +05:30
Ramkumar Radhakrishnan
718f54d0f1 te: Add access permissions for feature_enabler_client 
Add read/write and get attribute permission for feature_enabler_client
to access files from /mnt/vendor/persist/feature_enabler_client folder

Change-Id: I9a690acd2a55358dfa5ba5a0411b1dad59e5e7f0
 2019-07-16 16:31:19 -07:00
Jilai Wang
8a996616fd sepolicy: Allow appdomain to access NPU device driver node 
This change is to allow appdomain to access NPU device driver
node.

Change-Id: I5c3270afd105c236a8226d94ac7aa028e4ce1047
 2019-07-12 11:23:42 -04:00
qctecmdr
790484ce21 Merge "sepolicy: Add policy rules for untrusted_app27" 2019-07-05 01:52:26 -07:00
qctecmdr
27f397e091 Merge "sepolicy: add sepolicy for new added prop" 2019-07-04 16:57:00 -07:00
qctecmdr
eefd2e03be Merge "sepolicy: Allow all processes to access non-secure DSP device node" 2019-07-03 21:50:38 -07:00
qctecmdr
2f8e6c76ac Merge "sepolicy: Update thermal-engine sepolicy rules for generic vendor file" 2019-07-03 21:45:04 -07:00
qctecmdr
04ad6d3f83 Merge "sepolicy: add permissions to qoslat device on kona" 2019-07-03 21:44:05 -07:00
shoudil
fe25195b29 sepolicy: add sepolicy for new added prop 
Add sepolicy for new property ro.vendor.qti.va_odm.support,
and allow the prop settable for vendor_init.

Change-Id: Ie8b5fa13630c3dc332473088676a59404765745e
CRs-Fixed: 2483344
 2019-07-03 17:28:37 +08:00
Tharun Kumar Merugu
818b8a81de sepolicy: Allow all processes to access non-secure DSP device node 
Allow all processes to offload to CDSP using the non-secure device
node.

Change-Id: I17036280ab5ee35e802f6a5c0e5f95933a427f8f
 2019-07-03 04:21:20 +05:30
Sandeep Neerudu
39b6ea1f19 sepolicy-sensors:allow access to vendor_data_file for On Device Logging 
Change-Id: I85a31c39c82df7a33e632267a90ebfc38982b5d4
 2019-07-02 02:43:20 -07:00
Manaf Meethalavalappu Pallikunhi
00a7aae2a8 sepolicy: Update thermal-engine sepolicy rules for generic vendor file 
Update generic thermal-engine sepolicy rule by adding access of
thermal socket, QMI socket, dsprpc access, uio access etc. and
cleanup unwanted sepolicy access.

Change-Id: I83ba6cbe291d594b8b2d8720046851b3fb550aac
 2019-07-02 14:41:58 +05:30
Rahul Janga
828e434087 sepolicy: Add policy rules for untrusted_app27 
Updated new policy rules for untrusted_app_context.
This change allows apps to access our debug locations.

Change-Id: I9a647ff6e303764a3280aed846e5cb9a4b80ef79
 2019-07-01 19:33:06 +05:30
qctecmdr
f48e75edbe Merge "kona: Add rules for kernel 4.19 support for init domain" 2019-06-28 14:25:41 -07:00
qctecmdr
326d19f2fe Merge "sepolicy: Allow binder call action for location from system_server" 2019-06-28 02:06:59 -07:00
David Ng
e9adb2964f kona: Add rules for kernel 4.19 support for init domain 
This is a set of vendor changes necessary for interworking
with kernel verison 4.19 properly.

With kernel 4.19, additional filesystem getattr operations
are performed by init for the firmware mount points.

In addition on bootup after adb remount with Android's
Dynamic Partition feature, init needs access to underlying
block devices for overlayfs mounting.  At that stage of
init, while SELinux is initialized (thus the need to add
these rules), the underlying block device nodes in tmpfs
have not yet be labeled.

Change-Id: Iaf15fda401da7b4a34e281e010e16303966bb2c0
 2019-06-27 18:23:45 -07:00
Amir Vajid
6143b71b4f sepolicy: add permissions to qoslat device on kona 
Add permissions to access qoslat device on kona.

Change-Id: I944372c6218dd98b6b7996215d06251f571c34e5
 2019-06-26 19:09:34 -07:00
qctecmdr
e31c7c321e Merge "Sepolicy : Enable smcinvoke_device for Widevine" 2019-06-26 14:10:19 -07:00
Smita Ghosh
9cb4501ac6 Sepolicy: Set genfs context for modem restart_level 
ssr_setup needs permission to write related to restart_level

Change-Id: Ie917cf6d942b7636385a135870651baf7aae62a3
 2019-06-26 09:30:24 -07:00
Harikrishnan Hariharan
1eedfff43e sepolicy: Allow binder call action for location from system_server 
Change-Id: Iff0baf6966b545fa9bdc5d03e0221ee05d144326
CRs-Fixed: 2479129
 2019-06-26 01:46:55 -07:00
Phalguni
0968dd3f1c Sepolicy : Enable smcinvoke_device for Widevine 
Change-Id: Ie3439958b0cb3f6b1b56870c3b3bad49e70e8b4d
 2019-06-25 17:03:06 -07:00
qctecmdr
1ec1fa4cd5 Merge "Add file contexts for new partitions on Kona" 2019-06-25 09:27:05 -07:00
Vinayak Soni
f80ff8d11c Add file contexts for new partitions on Kona 
Add file contexts for multiimgqti, featenabler
and core_nhlos partitions to enable A/B OTA update
on these partitions.

Change-Id: I532be0343de4068fd40b00b675d2765c5e5ab4f0
 2019-06-24 13:58:54 -07:00
Ravi Kumar Siddojigari
5dc863443d sepolicy : adding misc bootup denails 
Following are added
 1.ueventd and vold need search/read access to  /mnt/vendor/persist
 2. system_server need access  to /sys/class/rtc/rtc0 path.

Change-Id: I4d5f322019f1e75aab1be2168eb3805f4f3998c6
 2019-06-24 18:44:04 +05:30
Smita Ghosh
6230a463f5 KONA: Add support for update_engine 
Change-Id: I514d6ece3186bc27a07b38ba76f5154e092428f9
 2019-06-19 17:56:33 -07:00
qctecmdr
f668967b3c Merge "Sepolicy: Add power off alarm app rules" 2019-06-18 14:05:22 -07:00
qctecmdr
a11a323e14 Merge "sepolicy: Do not audit zygote service access to vendor_gles_data_file" 2019-06-18 10:56:07 -07:00
qctecmdr
3c29db5277 Merge "sepolicy: Give read/write permission to vender_gles_data_file" 2019-06-18 08:21:02 -07:00
Xiaoxia Dong
cf1e90774e Sepolicy: Add power off alarm app rules 
Grant access to hal_perf.

Change-Id: If93ccf6884e07c9d524acd8b8c17e3e8dd635543
 2019-06-18 13:59:24 +08:00
Xu Yang
40ce4bbb1d sepolicy: Allow platform app to access hal display color service 
Change-Id: I7d64d51e8d7ec9a9b6a0c129070265cb01c813d4
 2019-06-13 19:22:42 -07:00
Rahul Janga
872951efad sepolicy: Give read/write permission to vender_gles_data_file 
These rules are missed while porting the policies from Android P
to Android Q.

Adressing the following denial:

type=1400 audit(14866.629:43): avc: denied { search } for comm="HwBinder:753_1"
name="gpu" dev="sda9" ino=376 scontext=u:r:hal_graphics_allocator_default:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=dir permissive=0

Change-Id: I24434be8d895d5dab8e5c24643c8be48f20d8673
 2019-06-13 18:10:12 +05:30
Rajavenu Kyatham
23a0ea8f24 sepolicy: Add permissions for composer service 
- composer service is required for communication b/w
  SF and HWC. 

Change-Id: I52652d309363b3f0f7b963d615688ce3e11c6fef
CRs-Fixed: 2466343
 2019-06-12 12:20:03 +05:30
qctecmdr
78d4d64afd Merge "sepolicy:Moved NNHAL-1.2v rules to common folder" 2019-06-11 16:31:14 -07:00
qctecmdr
e410bc9a3a Merge "sepolicy: Fix denials in location app" 2019-06-11 13:33:17 -07:00
qctecmdr
de2313a4a8 Merge "Sepolicy: Add sepolicy permissions to NPU LLCC BWMON device" 2019-06-11 10:41:00 -07:00