tequilaOS/platform_device_qcom_sepolicy

Author	SHA1	Message	Date
Ruofei Ma	715d9362c8	sepolicy: Allow camera to access cvp Add rule to allow camera to access cvp device. Change-Id: I3d35546cea0ba3fa700eb18a7178d6fa153d251a	2019-05-15 10:06:05 -07:00
Sandeep Neerudu	01daaa8332	sepolicy: Add persist file access rules for USTA test App Change-Id: I1ea7b7bd2a77dc37021fc3312ca04e25eeff06a9	2019-05-15 06:35:49 -07:00
qctecmdr	3e491f0340	Merge "sepolicy: allow property settable for vendor_init"	2019-05-15 04:46:24 -07:00
Vijay Dandiga	48242a3651	sepolicy: Add vendor grep file context. grep is used in detecting RAM size in post init scripts. Based on RAM size, few memory parameters are set. Change-Id: Iee3cb90fe43c3b0f182dcffd71bc7bcac652188d	2019-05-15 16:08:16 +05:30
qctecmdr	0e7f78678e	Merge "Camera: Add permission to access camera library for passthrough hidl"	2019-05-14 23:10:42 -07:00
Pu Chen	635f6ca03c	Camera: Allow camera to access GPU device Add rule to access GPU device. Change-Id: I7fb469c478184075f7bf2c50e8a256d6c392a9dc	2019-05-14 15:48:02 -07:00
Ravikanth Tuniki	0c661ba66a	sepolicy: Add permission to access min_level_change node for hdcp CRs-Fixed: 2449926 Change-Id: Ia5e79827f17adf7924da1eac99e2ece892ba07ab	2019-05-14 16:44:12 +05:30
Mao Jinlong	9f773f683b	genfs_contexts: Add label to qdss sysfs nodes for kona and lito Add label to qdss sysfs nodes to avoid the denial when qcomsysd accesses qdss sysfs. Change-Id: I38c8900b11343a6579c88b3a799f070d01936423	2019-05-14 15:33:24 +08:00
Vijay Agrawal	9e590042e9	sepolicy: Give read/write permission to vender_gles_data_file Add sepolicy for untrusted_app_25, priv_app.te, domain.te to read/write vender_gles_data_file to access system_server, surfaceflinger, bootanim, system_app, platform_app, priv_app, radio, shell 04-11 21:12:48.359 8395 8395 W RenderThread: type=1400 audit(0.0:1058): avc: denied { read } for name="esx_config.txt" dev="dm-0" ino=295474 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:vendor_data_file:s0 tclass=file permissive=0 app=com.qualcomm.adrenotest. CRs-Fixed:2436094, 2441817 Change-Id: I15dc9873cd38bbca9f955917d57b3da2a5b056b7 Signed-off-by: Vijay Agrawal <vijaagra@codeaurora.org>	2019-05-14 11:01:35 +05:30
shoudil	0ab001b27a	sepolicy: allow property settable for vendor_init Allow property ro.vendor.qti.va_aosp settable for vendor_init. Help ODM properties get loaded successfully. Change-Id: Ie3005a625957673c150aba40373572278329bf0a CRs-Fixed: 2451592	2019-05-13 18:12:04 +08:00
qctecmdr	56ec9c4e76	Merge "sepolicy: Added hal_perf_hwservice permisions"	2019-05-09 11:52:26 -07:00
qctecmdr	f8546824b2	Merge "sepolicy: Define security context for "ro.build.software.version""	2019-05-09 10:01:31 -07:00
qctecmdr	bd80cd6bfa	Merge "sepolicy : addressed dumpstate related denials."	2019-05-09 08:15:09 -07:00
qctecmdr	65d2e95aab	Merge "sepolicy: Add sepolicy for hal_memtrack to read sysfs_kgsl_proc"	2019-05-09 05:50:26 -07:00
Devi Sandeep Endluri V V	ec15b57f88	sepolicy: Define security context for "ro.build.software.version" All vendor init process would have access to vendor_default_prop. Define security context for "ro.build.software.version" as vendor_default_prop. Change-Id: I5b1f1698dcbb3d914a66c540f31f7624c707a72e	2019-05-09 04:12:47 -07:00
qctecmdr	a608767889	Merge "sepolicy: Declared FastCV libs as sp-hal"	2019-05-09 04:01:18 -07:00
qctecmdr	2906183b07	Merge "sepolicy: Declaring opencl.so as sp-hal for all the targets."	2019-05-09 02:10:34 -07:00
qctecmdr	58bd346722	Merge "sepolicy: Add rule for imsrcsd to communicate with radio"	2019-05-09 00:25:19 -07:00
qctecmdr	7e71c0fd5c	Merge "sepolicy: Add policy for USB HAL"	2019-05-08 22:30:10 -07:00
kranthi	abea04783c	sepolicy: Add sepolicy for hal_memtrack to read sysfs_kgsl_proc Add sepolicy for hal_memtrack_default to read kgsl memory. avc: denied { read } for comm="memtrack@1.0-se" name="gpumem_mapped"dev="sysfs" ino=82422 scontext=u:r:hal_memtrack_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0. CRs-Fixed: 2421195 Change-Id: I254df836754b5ebc09f44f7053edf85867a963a5	2019-05-08 15:22:59 +05:30
Richa Agarwal	7d6fb60768	sepolicy: Added hal_perf_hwservice permisions Added hal_perf_hwservice permisions for qtidataservices_app.te file Change-Id: Ib480a503c1652e0650bda4aff07085ff894178d6	2019-05-08 14:02:21 +05:30
Pavan Kumar M	58d519cbcc	Add permission to set/get persist.vendor.net.doxlat - Add permission for rild to set and get the property persist.vendor.net.doxlat - Revoke set_prop permission to system_server. - Define domain for DataConnection HAL Change-Id: I143bfffa8af61d087d8210516c57a211e25f0a1d CRs-Fixed: 2425156	2019-05-07 21:06:28 -07:00
Suman Voora	50a3807ca7	sepolicy: Declared FastCV libs as sp-hal Updated the permissions for cvp,scve hals Needed CV libs to be accessed by the apks. Change-Id: Ic65a1e4bd75d4d978200fe62e23ddc354a7e83f2	2019-05-07 16:08:39 +05:30
Ravi Kumar Siddojigari	432d4af4c9	sepolicy : addressed dumpstate related denials. As part of CTS testing its expected no denails should be seen from dumpstate domain during testing so addressing generic permission issue. test :testNoBugreportDenials Change-Id: I27178e6b4180d53cd5f6574bf71fe54819b10454	2019-05-07 00:37:11 -07:00
qctecmdr	518a386347	Merge "sepolicy: Add required sepolicy for vulkan.adreno.so"	2019-05-06 11:25:08 -07:00
qctecmdr	e46c882b62	Merge "sepolicy: remove violators which are not to be used"	2019-05-06 03:50:36 -07:00
qctecmdr	c6c1f9df62	Merge "sepolicy: Add wakelock capability for rcsservice"	2019-05-05 21:57:18 -07:00
qctecmdr	38ceae6f6b	Merge "sepolicy: Add policy to allow access to rmnet_mhi0 RPS entry"	2019-05-05 21:55:16 -07:00
qctecmdr	e36a6e565c	Merge "sepolicy: add permission for charger"	2019-05-05 21:48:28 -07:00
Rama Krishna Nunna	bc8a16ed8b	Camera: Add permission to access camera library for passthrough hidl - Gralloc needs to access Camera library - Adding necessary permissions Change-Id: Id1d1740dd10fcc4ca393f909348297ac13beba39	2019-05-03 16:25:45 -07:00
Devi Sandeep Endluri V V	e8c9a38c08	sepolicy: Add rule for imsrcsd to communicate with radio Change-Id: I6d1c45b5d92347957b4f2813e267dda5049c4d9d	2019-05-03 03:01:08 -07:00
Jack Pham	f9bd0b096a	sepolicy: Add policy for USB HAL Add rules for hal_usb_qti service, which is part of hal_usb and hal_usb_gadget domains defined by system policy. Grant access to needed properties and files. Change-Id: I1e03ad1e63f5c70788f04e52833f6d09cc76eca8	2019-05-02 11:17:41 -07:00
Ravi Kumar Siddojigari	a26eb5586a	sepolicy: remove violators which are not to be used As part of security hardening following violators are been removed 1. untrusted_app_visible_hwservice_violators 2. data_between_core_and_vendor_violators Security testing check for violators sharing data between core and vendor so removed the violator exception in vendor_init. hwservice are not to be exposed to untrusted app so remove hal_perf for this list untrusted_app_visible_hwservice_violators list Test: testNoExemptionsForDataBetweenCoreAndVendor testNoUntrustedAppVisiblehwservice Change-Id: I76f26848a0f148b1b332f68fd05f7632f9399af6	2019-05-02 16:46:14 +05:30
Subbaraman Narayanamurthy	060ac51eda	sepolicy: add permission for charger Add the necessary permission for charger binary to support offmode charging. Change-Id: I6b173c07e221b50b51f3381f8d0b490535ae73ae	2019-05-01 15:37:18 -07:00
Subash Abhinov Kasiviswanathan	78217eca78	sepolicy: Add policy to allow access to rmnet_mhi0 RPS entry This is needed to set the receive packet steering entry. Fixes the following denial - avc: denied { read write } for comm="netmgrd" name="rps_cpus" dev="sysfs" ino=79460 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 CRs-fixed: 2425568 Change-Id: Idc94fbef7ed922a6d2376fd82bdb6cb45ff0d536	2019-04-30 16:23:20 -06:00
Mathew Joseph Karimpanal	b32d150dc9	sepolicy : Permit system_server to read vendor display properties Permit system_server to read vendor.display.xxx properties. Change-Id: I4fb74c2edabd6203304b256bb87cb84517dcad58 CRs-fixed: 2444569	2019-04-30 17:29:19 +05:30
Eric Chang	8cb4145a73	sepolicy: Add wakelock capability for rcsservice Change-Id: If842405cbbb8fba6d2b6d4d471f00d1b02320cfe	2019-04-26 14:48:07 -07:00
Harshdeep Dhatt	7c60ce7a95	sepolicy: Add required sepolicy for vulkan.adreno.so CRs-Fixed: 2442489 Change-Id: I9ab11f0ae7df7f03cdb6cc2a8709d7a090299237	2019-04-26 14:39:51 -06:00
qctecmdr	3233102de8	Merge "Sepolicy: Update sepolicy ops listener"	2019-04-26 10:40:04 -07:00
Ravi Kumar Siddojigari	81835b7c6c	sepolicy : remove sysfs_net related entries which are duplicate Following paths on sysfs are now labeled in system side file_contexts so removing the duplicate entries from vendor side genfs_contexts . /module/tcp_cubic/parameters /devices/virtual/net Change-Id: I92336f6c991d6a9e9a51246082c5940b8d6ebaae	2019-04-26 02:20:20 -07:00
qctecmdr	8f5a2321d7	Merge "Remove permission to read hosts file"	2019-04-25 21:21:11 -07:00
Aman Gupta	04bdbfe277	Sepolicy: Added rule to support ODL for ADPL Added a file context for odl_ipa_ctl/ipa_adpl char device Change-Id: Ia135f4fed4bf438084bf4101d5dc24560c741028	2019-04-22 10:51:27 -07:00
Tirupathi Reddy	46320b773d	sepolicy : correct AndroidNN binary details Change-Id: I4b565ce9b28fe7e83cd6b678616490e7ec351272	2019-04-21 23:10:43 -07:00
qctecmdr	6ad0a132ae	Merge "[sepolicy] Add WIGIG device entry to genfs_contexts"	2019-04-20 05:40:52 -07:00
qctecmdr	0df6b406a8	Merge "Sepolicy: Added rules for QTI HANA55 MHI node access"	2019-04-20 02:29:58 -07:00
qctecmdr	0a40db544d	Merge "sepolicy: update access policy for charger script"	2019-04-19 23:29:04 -07:00
qctecmdr	69a4638778	Merge "msmnile: Port recovery domain rules."	2019-04-19 11:46:08 -07:00
Phalguni	43411c2675	Sepolicy: Update sepolicy ops listener Add read and write permissions for graphics device CRs-Fixed: 2438059 Change-Id: Ide4f6c936512956f68a2de1e672c28a9d3f4435b	2019-04-19 10:44:48 -07:00
Tapas Dey	f655e8ebfb	sepolicy: Fix NFC avc denial issue Add rule to allow NFC to access runtime data file and fix below denial: com.android.nfc: type=1400 audit(0.0:1125): avc: denied { write } for comm=4173796E635461736B202331 name="nfc" dev="sda8" ino=475137 scontext=u:r:nfc:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0 Change-Id: I977931c1918035ad46ccc5240a03463e4d9edb56	2019-04-19 11:44:09 +05:30
qctecmdr	38f1871b9d	Merge "sepolicy: kona: Fix parallel charger path"	2019-04-18 04:46:29 -07:00
padarshr	a227a6a469	msmnile: Port recovery domain rules. Add recovery process's needed sepolicies that were missing in generic folder, to grant accesses (for various things like sdcard mount/read etc). Change-Id: Id2fe77d41a0b0395c66a218e275b1a0b45aec593	2019-04-18 03:33:32 -07:00
Tyler Wear	da8f3bb6a4	sepolicy: Policy fix for CND SSR Add sepolicy rule to alow cnd process to perform directory read on the SYSFS for SSR. Change-Id: I5d8093b6d01584bcdbd0526f7335d7fcc601a4e5	2019-04-17 14:31:55 -07:00
Aman Gupta	c2e74e6de7	Sepolicy: Added rules for QTI HANA55 MHI node access MHI node name retrival access policy rules Change-Id: I513732f0c85db0c9a56920fad9f4331bd41e6f52	2019-04-17 13:40:50 -07:00
Anuj Jalota	cedf94bb8c	sepolicy: Declaring opencl.so as sp-hal for all the targets. Change-Id: I57b831db4da8e62971e2b3961bbb181c70b57353	2019-04-17 17:52:16 +05:30
Subbaraman Narayanamurthy	b4e06efc2b	sepolicy: update access policy for charger script Currently qti_init_shell label is applied for init.qti.charger.sh however the script filename is changed to init.qti.chg_policy.sh under charger_monitor project. Hence update access policy for init.qti.chg_policy.sh and move them to qva/vendor/common along with "hvdcp_opti" which seems to be the proper place. Change-Id: I86ec11c12593a76069fbdcf5ed41cc05359938ad	2019-04-15 12:22:01 -07:00
Subbaraman Narayanamurthy	a91ce136d1	sepolicy: kona: Fix parallel charger path Fix the device path for smb1355 parallel charger that can be used on kona platforms. Change-Id: I0d05cbe1239eeba5d0bd38f5cb204b68536ead3f	2019-04-15 12:12:36 -07:00
qctecmdr	9d8decb80a	Merge "Add rules for PPTP/L2TP VPN connection success"	2019-04-12 07:00:20 -07:00
qctecmdr	61d16198a6	Merge "Sepolicy: Add power off alarm rules"	2019-04-12 03:55:16 -07:00
Chalapathi Bathala	5e1f14729e	[sepolicy] Add WIGIG device entry to genfs_contexts [sepolicy] Add WIGIG device entry to genfs_contexts Change-Id: I56e2eeeb9739e607bfbc33fcc06c96c3efd6084a	2019-04-11 18:40:43 -07:00
qctecmdr	18d948e94e	Merge "SEPOLICY: Add vendor_adsprpc_prop property"	2019-04-11 04:50:55 -07:00
Vinay Gannevaram	606163f5ea	sepolicy : Removed netadmin capability for location Removed net admin capabilites for lowi. From now nl msgs of lowi would route to wifihal via control socket. Wifi hal allows its authenticated clients to send nl msgs to it. Lowi module is one of its clients and hence added socket permissions to access wifihal control interface CRs-Fixed: 2424268 Change-Id: I18aba9169b23e8b0c9260cbf1e7a52bf59e0030d	2019-04-10 03:01:51 -07:00
Vinay Gannevaram	1eaea11a3c	sepolicy : Added wifihal sock perms and allow clients to connect Added wifihal directory in /dev/sockets path. Wifi hal allows its authenticated clients to send nl msgs to it. Lowi module is one of its clients and hence added socket permissions to access wifihal control interface. CRs-Fixed: 2424252 Change-Id: I9aa7b54f2f944d59148508eace3c658a23e5d2d8	2019-04-10 03:01:01 -07:00
Tharun Kumar Merugu	e0c312a1ff	SEPOLICY: Add vendor_adsprpc_prop property Add vendor_adsprpc_prop property to support the OS-upgrade. Change-Id: Ie68d96a5e871b1fcc9920c24a393b60d6eb602f3	2019-04-09 18:19:55 +05:30
Vinay Gannevaram	9b3711ccdc	sepolicy: Added socket perms to location to connect to wpa ctrl socket Lowi interacts with wpa supplicant for scan and anqp query via ctrl communication. As the wpa control socket is in /data/vendor/ path the required sepolicy changes are needed for location module CRs-Fixed: 2431133 Change-Id: Icaef72229bc028c446c8d60c0b471de9583c63ae	2019-04-09 04:25:59 -07:00
Qimeng Pan	322dbb03e5	Sepolicy: Add power off alarm rules Add power off alarm rules to access share preference in add data. Change-Id: I972bc5a83f0e68c289c7defbcf7e2b7318eaa8e4 CRs-Fixed: 2430367	2019-04-09 13:57:45 +08:00
Devi Sandeep Endluri V V	6da7a4e87c	Add rules for PPTP/L2TP VPN connection success In newer kernels (4.14 and above), new context pppox_socket is defined for PPPOX sockets. For successful VPN connection, need the corresponding pppox_socket specific rules for ppp and mtp daemons CRs-Fixed: 2412475 Change-Id: I3488dabcc464b81a1e1109489b5aeb7530102997	2019-04-05 23:04:11 +05:30
padarshr	1efa2458e3	Label the scsi_generic sysfs node and give it's read access to bootctl. Bootctl needs read access to scsi_generic node to lookup what /dev/sgN device corresponds to the XBL partitions. Label it and give read access to bootctl. Change-Id: I91d54ba05dd3d5fe34296e3911537ed57e51a067	2019-04-04 05:22:29 -07:00
qctecmdr	0ea5678b0f	Merge "sepolicy: /sys/kernel/debug/ access for hal_graphics_composer"	2019-04-03 04:49:16 -07:00
qctecmdr	5338a3c972	Merge "sepolicy: add rules to connect to ims_socket"	2019-04-02 15:35:16 -07:00
Gurpreet Singh Dhami	1fea5898dd	sepolicy: /sys/kernel/debug/ access for hal_graphics_composer Add rules to allow hwcomposer process to open /sys/kernel/debug/ nodes for debugfs node content dumping during HWRecovery Change-Id: I2e3c4dec714a6b3391401bf9dd7cf9f0217270ff	2019-04-02 14:56:57 -04:00
qctecmdr	905920ade9	Merge "mirrorlink: Add mirrorlink specific permissions"	2019-04-02 05:11:24 -07:00
Pavan Kumar M	77613ff04b	sepolicy: add rules to connect to ims_socket Add rules for imshelper_App to write and connect to ims_socket. Change-Id: I0ec8c0708abfcc22bf7fce8ea70c4ef4a98c16e4	2019-04-02 16:50:00 +05:30
qctecmdr	e5ff527a76	Merge "sepolicy: Add policy for Qti mapper version 1.1"	2019-04-02 02:01:08 -07:00
Ashish Kumar	6331acd1ed	sepolicy: Add policy for Qti mapper version 1.1 CRs-Fixed: 2411582 Change-Id: If75eeb142b0484def250d813337e2d3307193c1b	2019-04-01 10:28:24 -07:00
qctecmdr	3fea7ba91a	Merge "sepolicy: add persist file access for hvdcp"	2019-04-01 07:56:10 -07:00
Indranil	e6dbe4d954	mirrorlink: Add mirrorlink specific permissions 1. Add usb genfs entry for kona 2. Allow access to /proc/asound/pcm file Change-Id: Ic765e318c13d8c74423ad51e9b8399667775a582	2019-03-31 22:35:42 -07:00
qctecmdr	322a3ff193	Merge "Sepolicy changes to allow create socket"	2019-03-30 03:51:00 -07:00
qctecmdr	65c6b01815	Merge "sepolicy: Add permissions for NPU DSP device"	2019-03-29 10:02:09 -07:00
qctecmdr	46c2f001a6	Merge "sepolicy: allow hal_usb_default to read sysfs_usb_supply"	2019-03-29 10:02:09 -07:00
Subbaraman Narayanamurthy	6fcf2c22d5	sepolicy: add persist file access for hvdcp hvdcp_opti daemon needs to store some parameters under vendor persist (/mnt/vendor/persist/hvdcp_opti/*). Add the necessary rule for it. Also, move hvdcp.te from generic/vendor/common to qva/vendor/common. Change-Id: I337b9c862d15c1080f7f7de7ba2fe26111d9f02b	2019-03-28 13:21:15 -07:00
Rama Aparna Mallavarapu	20a506cf29	sepolicy: Add permissions for NPU DSP device Add permissions to NPU DSP device so that post_boot script can update the sysfs nodes for this device. Change-Id: I531cc4d9feedc22c0cfe515dcf86dbd917bc280b	2019-03-27 15:15:46 -07:00
Devi Sandeep Endluri V V	89d738f84e	Sepolicy changes to allow create socket Allow hal_rcsservice to create qipcrtr_socket Denial: avc: denied { create } for comm="imsrcsd" scontext=u:r:hal_rcsservice:s0 tcontext=u:r:hal_rcsservice:s0 tclass=qipcrtr_socket permissive=0 Change-Id: I2efa91e771ae5a51aa23becef72000daf6c54dc5	2019-03-27 03:29:53 -07:00
Devi Sandeep Endluri V V	8b59adcf27	sepolicy/radio: Add sepolicy rule for RCS client Rule for client applications to communicate with RCS vendor service Denial: avc: denied { find } for interface=com.qualcomm.qti.imscmservice::IImsCmService sid=u:r:radio:s0 pid=5649 scontext=u:r:radio:s0 tcontext=u:object_r:hal_imsrcsd_hwservice:s0 tclass=hwservice_manager permissive=0 Change-Id: I3ea3d95e77509c89fdb3515f5eaa0a0d4d376e1f	2019-03-27 03:25:13 -07:00
Chandana Kishori Chiluveru	4cfec0d1a9	sepolicy: allow hal_usb_default to read sysfs_usb_supply Grant file read access to hal_usb_default context to read from the syfs_usb_supply file context. This allows the USB HAL to be able to read from /sys/class/power_supply/usb/*. Change-Id: I6ac5672a87114af09c2b9314191116dd21c9e77a	2019-03-27 03:24:10 -07:00
qctecmdr Service	42473ec6e3	Merge "sepolicy: add sysfs path for CDSP to L3 device"	2019-03-25 14:29:10 -07:00
qctecmdr Service	4a5e015318	Merge "Sepolicy-QTI/ADPL: Created a file context for sockets"	2019-03-23 10:32:08 -07:00
qctecmdr Service	6e8e91f71f	Merge "sepolicy: Add permissions for cpu7 L3 memlat node"	2019-03-23 10:32:08 -07:00
qctecmdr Service	0319850a3d	Merge "sepolicy: Add sepolicies for foss"	2019-03-23 10:32:07 -07:00
qctecmdr Service	a23099a64b	Merge "sepolicy: qva: necessary sepolicy changes for vpp services"	2019-03-23 06:00:02 -07:00
qctecmdr Service	f511cb0989	Merge "sepolicy: add rules for jank killer feature"	2019-03-23 06:00:02 -07:00
qctecmdr Service	b8229bc625	Merge "sepolicy: Fix generic rules for time-services"	2019-03-23 06:00:02 -07:00
qctecmdr Service	69d14bc580	Merge "kona: Update WLAN node in genfs_contexts"	2019-03-23 02:57:05 -07:00
qctecmdr Service	52d99b04aa	Merge "sepolicy: Add access policy for charger files"	2019-03-23 02:57:05 -07:00
qctecmdr Service	b2970fc5c0	Merge "sepolicy: allow camera process to access synx device node"	2019-03-23 02:57:04 -07:00
Gurpreet Singh Dhami	5a0a08ed0a	sepolicy: Add sepolicies for foss FOSS is part of hardware.graphics.composer process now. Earlier it was part of mm-pp-daemon process. So adding corresponding sepolicies and removing obsolete sepolicies related to mm-pp-daemon. Change-Id: I6b6f5995813ac268b90d3d7d4cee0ec7cb67f6f5	2019-03-23 02:54:52 -07:00
Aman Gupta	03e1a2c4b4	Sepolicy-QTI/ADPL: Created a file context for sockets Created a file context for sockets files Change-Id: I6eed60942b74f12a71ade6d2f410e02064dc50c7	2019-03-22 03:07:47 -07:00
Mohit Aggarwal	03e4ae3501	sepolicy: Fix generic rules for time-services The patch fixes generic sepolicy rules for time-services. Also adds rules required to read mhi sysfs nodes for remote & local qtimer values. Change-Id: I40c0e94e5e999f591d6780f62cefffae940f6345	2019-03-22 13:58:03 +05:30
Karthik Gopalan	6739038499	sepolicy: add rules for jank killer feature Allow sf to access kgsl sysnode. CRs-Fixed: 2418823 Change-Id: I4c6c8f5906f85e33f5f1e2de6ed8ca28ec3e2588	2019-03-21 22:43:14 -07:00
qctecmdr Service	f441b83563	Merge "Fix the sysfs definition to avoid compilation error."	2019-03-21 03:29:58 -07:00
Biswajit Paul	97779c24bc	Fix the sysfs definition to avoid compilation error. Move sysfs_mhi to common as the label is applicable to all target. Change-Id: Id4e50fcbd2e2ec697fdb7ae58ef1427bf3c22d54	2019-03-21 15:26:06 +05:30
qctecmdr Service	729ade1807	Merge "perf: Sepolicies to fix perflock functionalities"	2019-03-21 02:37:21 -07:00
Amir Vajid	5e237febcd	sepolicy: add sysfs path for CDSP to L3 device Update permissions for CDSP to L3 device path on kona. Change-Id: I8a7c5e26516f4244b99ab23f2ae182f80675e152	2019-03-19 16:48:01 -07:00
Gurpreet Singh Dhami	dc0ac36ee5	sepolicy: Add support for qdcm socket service Change-Id: I6ca534fa015091381f87b9b12056fec82b52581c	2019-03-19 02:09:59 -07:00
Fenglin Wu	770c40ec5a	sepolicy: Add access policy for charger files Add labels for charger related sysfs devices and script, and add policy for charger script to access charger devices. Change-Id: I64a70d11c051017d1eca70b09f735623312e4d69	2019-03-19 14:49:31 +08:00
Karthik Gopalan	c0eb4d4fb3	perf: Sepolicies to fix perflock functionalities 1. Allow perf-hal to create and read/write values into default_values file which is created in /data/vendor/perfd. 2. Allow perf-hal to read /sys/class/devfreq directory and fetch values from the files. CRs-Fixed: 2417754 Change-Id: I7a4494e95ff9cd57a295c76c53f4afb90570cc4d	2019-03-18 18:50:39 +05:30
Shashi Shekar Shankar	eeee4c4244	sepolicy: Add permissions for cpu7 L3 memlat node Add permissions to the CPU7 Memlat node for sysfs to access it. Change-Id: Iafe49457112a20d40c1706f02ebf197323c864b2	2019-03-18 00:47:14 -07:00
Li Sun	d0a2404b49	sepolicy: qva: necessary sepolicy changes for vpp services Add/update sepolicy files for vpp services Change-Id: Ic97f87e13132417cbaacce17a99deed390a7bd87	2019-03-17 19:25:03 -07:00
Yuanyuan Liu	915ffc781e	kona: Update WLAN node in genfs_contexts Update WLAN node from "a0000000.qcom,cnss-qca6390" to "b0000000.qcom,cnss-qca6390" in genfs_contexts. Change-Id: I54334e9bd7ffc17653b2d30d689200b557eba2f8	2019-03-15 20:17:11 -07:00
Dante Russo	66ef595ebf	Remove permission to read hosts file Remove permission for reading hosts file due to new Android socket API Change-Id: I63b80cd4a487c0d41220045b876d53fdb6388a52 CRs-Fixed: 2417347	2019-03-15 15:02:16 -07:00
qctecmdr Service	a43bfe4a1a	Merge "msmnile: Add spmi and i2c-pmic devices to genfs_contexts"	2019-03-15 02:40:02 -07:00
Amir Vajid	5490bded32	sepolicy: correct sysfs paths for L3 devices Update the sysfs paths for L3 devices based on latest naming convention. Change-Id: Ia4dbc8eee0e8640e343997898929f2a93be6403c	2019-03-14 12:32:22 -07:00
Sumukh Hallymysore Ravindra	556d712ff8	sepolicy: allow camera process to access synx device node Allow the hal camera process to access the new global synx device node. Change-Id: I70b41cb620b85f418bd8353132c25d922b2f9559	2019-03-13 13:56:21 -07:00
Umang Agrawal	76cf294090	msmnile: Add spmi and i2c-pmic devices to genfs_contexts Define selinux context label for FG spmi device. While at it, add the selinux context definition for smb1390 device also along with SMB1355 alternate i2c address context definition. Change-Id: I9d7c89a6fbbb2648d9c5a3e522b32c5e675c6534	2019-03-13 11:33:47 +05:30
Nitin Shivpure	c062eb63f9	Sepolicy: Add legacy sepolicy rule for BT - Remove vendor_bluetooth_prop rule for unused wcnss_filter & hal_audio - Add persist.vendor.qcom.bluetooth. & vendor.qcom.bluetooth. into vendor_bluetooth_prop context. - Add SE policy for BT configstore. - set vendor BT properties from vendor_init. Change-Id: I9bb5277554363f981c7a639dc00c93b609423acb	2019-03-12 18:55:23 -07:00
qctecmdr Service	73edc0e71e	Merge "Sepolicy: Update subsys nodes for the tip"	2019-03-12 16:30:49 -07:00
Chalapathi Bathala	06ba5da903	Sepolicy: Update subsys nodes for the tip Change-Id: I57efaf410d82a319beb2ae9d7aad821f9b772b85	2019-03-12 15:20:35 -07:00
Ramkumar Radhakrishnan	2c0afeca16	sepolicy: Define sepolicy for feature_enabler_client Change-Id: Id66258f5d0f9a0189b5f42682d051962a9a751f2	2019-03-12 14:05:05 -07:00
Sauvik Saha	c29ae4e712	sepolicy: Add rule for CneApp to communicate to CND - Add rule to read cne prop. - Add binder call rule. Change-Id: I7c03fe016ede17fb747ad6cba85ff33725ff9f48 CRs-fixed: 2413355	2019-03-11 03:08:34 -07:00
Ravi Kumar Siddojigari	880a69cd42	sepolicy : cleanup rule accessing to "sysfs" As part of security hardening access to sysfs label related sepolicy rules should be removed. So cleaning all the directory reads and sysfs:file access which were seen in the following . hal_bootctl hal_gnss_qti hal_pasrmanager pd_services ssr_diag ssr_setup thermal-engine qmuxd sensors hal_perf_default Change-Id: I51e98a3f68211357e2bb1455f28a96fc3aad4d88	2019-03-07 18:24:30 +05:30
qctecmdr Service	c729b75ba8	Merge "sepolicy: IWlan QTIDATASERVICES"	2019-03-06 11:08:08 -08:00
Tyler Wear	64e1f060aa	sepolicy: IWlan QTIDATASERVICES Add IWlan hal to qtidataservices app. CRs-fixed: 2382338 Change-Id: Ia551f83b6894f2a6206c42f25b5ab2f1c9e67b0f	2019-03-06 09:38:30 -08:00
qctecmdr Service	2a94ea4c97	Merge "sepolicy: Add rules to allow SDM to open ion_device"	2019-03-06 08:34:08 -08:00
qctecmdr Service	58cc5f3fbc	Merge "sepolicy: Add create permissions for rild/atfwd"	2019-03-06 06:00:58 -08:00
Wileen Chiu	1c570a452d	sepolicy: Add create permissions for rild/atfwd - modify permissions to include create for selinux Change-Id: Ia9b40461354bba57448abd32727d11d1dfa8850e CRs-Fixed: 2376128	2019-03-05 15:33:58 -08:00
Karthik Gopalan	c724d73a9c	perf-hal: sepolicy for perf-hal@2.0 sepolicy rules for perf-hal@2.0 CRs-Fixed: 2403587 Change-Id: Iabc8e8f1ef35690daaff429395432a1570603269	2019-03-05 16:04:39 +05:30
qctecmdr Service	558b8a3f71	Merge "QTI: Enable QTI on kona"	2019-03-04 04:17:06 -08:00
qctecmdr Service	66e79cd90d	Merge "sepolicy: update BT Se linux policy rule"	2019-03-04 03:59:18 -08:00
qctecmdr Service	bb6a692563	Merge "Sepolicy: Set genfs context for subsystems restart_level"	2019-03-04 03:06:14 -08:00
Nitin Shivpure	a20df4daee	sepolicy: update BT Se linux policy rule - Remove vendor_bluetooth_prop rule for unused wcnss_filter & hal_audio - Add persist.vendor.qcom.bluetooth. & vendor.qcom.bluetooth. into vendor_bluetooth_prop context. - Allow qipcrtr_socket perms for user builds as well. - Allow BT process accessing persist.vendor.bt_logger.log_mask Change-Id: I44065536f313e900fa08848c3309391f3817e05c	2019-03-01 00:07:53 -08:00
Deepthi Gunturi	cb5d1e1c21	Sepolicy: Set genfs context for subsystems restart_level If genfs for subsystems is not set, ssr triggers will fail. Change-Id: I5d66bad086d2c73a457ea912d0e7e1478e4b41c4	2019-02-28 10:58:12 +05:30
Ping Li	0c045a2732	sepolicy: Add rules to allow SDM to open ion_device LTM feature requires ION buffers, hence this change adds policy to allow SDM to open ion_device to allocate ION buffers. Change-Id: I4cf2b6bec5083b8970a614e43fb43348abbc1fc4	2019-02-27 18:49:13 -08:00
Abhishek Srivastava	f64ab09bc5	Enhance sepolicy rules as per generic and qva sepolicy changes. This commit introduces the WLAN sepolicy rules in accordance with the QVA VS Generic rules. CRs-Fixed: 2402079 Change-Id: I4bfc4f3ef1ef2c5ffe986cc3d3f44dc9f5b92a1a	2019-02-26 19:27:34 +05:30
Wileen Chiu	72b1eb3af1	sepolicy: added permissions needed for rild Adding sepolicy rules for denials seen for ril daemon Change-Id: I6b3c3e0dd1d145590bb825f4370ed28a77f49577 CRs-Fixed: 2376128	2019-02-25 14:30:46 -08:00
Aman Gupta	67c75280fa	QTI: Enable QTI on kona add mhi rules needed Change-Id: I0da8d165d801762d50e60f4aa770b9fdd60bcb38	2019-02-25 06:26:40 -08:00
qctecmdr Service	150553f9ff	Merge "Sepolicy: Add power off alarm rules"	2019-02-25 05:40:53 -08:00
qctecmdr Service	69a2b0fbae	Merge "sepolicy: add rules to access sensors power scripts from app"	2019-02-25 05:05:24 -08:00
Qimeng Pan	edf74ef256	Sepolicy: Add power off alarm rules Add power off alarm rules Change-Id: I02b59aa2c34efc4b57810e592ca2750a511155f0 CRs-Fixed: 2399628	2019-02-22 00:10:40 -08:00
qctecmdr Service	959bd02417	Merge "sepolicy: comply with app_zygote neverallow rules"	2019-02-21 03:31:46 -08:00
qctecmdr Service	0c9dc10a75	Merge "FR53463: Location generic and qva sepolicy changes."	2019-02-21 03:13:23 -08:00
qctecmdr Service	7ecdf9605e	Merge "sepolicy: allowed v1.2 HALs for DRM and clearkey"	2019-02-21 02:42:11 -08:00
Harikrishnan Hariharan	a1dad7f9a8	FR53463: Location generic and qva sepolicy changes. Location sepolicy changes for SElinux support for common vendor image as part of FR53463. Change-Id: I3eed6eed7a44c1aed50b667671f875597da64db1 CRs-Fixed: 2341061	2019-02-21 16:11:54 +05:30
qctecmdr Service	0c4a032f4d	Merge "sepolicy: Change policy for wfd"	2019-02-21 02:25:15 -08:00
Indranil	bc08ccc617	sepolicy: Change policy for wfd WFD requires revision in it's SEAndroid policies due to an OS upgrade and design re-architecure to conform to system-wide mandates. Change-Id: I3cd532c638b4bf6ee7ea8589fc64448cc08403f5	2019-02-21 12:07:34 +05:30
Ravi Kumar Siddojigari	69a079b4b9	sepolicy: comply with app_zygote neverallow rules due security hardening we are seeing compile time issue with testscript domains so updating te files to to comply to app_zygote restrtiction. Change-Id: I9d368fd756653f835aa38d9fcc0ef08fcf8368c7	2019-02-20 22:22:54 -08:00
Pavan Kumar M	8324dc3a97	Sepolicy changes to allow create socket Allow cnd to create qipcrtr_socket Denial : avc: denied { create } for comm="cnd" scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=qipcrtr_socket permissive=1 Change-Id: I10885b9af1d362c2d04e5406ce618c0e6f84507f CRs-Fixed: TBD	2019-02-20 21:17:42 -08:00
qctecmdr Service	6ed8c6b341	Merge "Camera: Update permissions for Camera process"	2019-02-20 09:38:20 -08:00
qctecmdr Service	aa875c05a3	Merge "Sepolicy: Addressed the denial to create qipcrtr_socket"	2019-02-20 09:38:20 -08:00
qctecmdr Service	d441f2b38c	Merge "SEPolicy : Add permissions for read MBN configs directory"	2019-02-20 08:21:00 -08:00
qctecmdr Service	3f7d06d919	Merge "sepolicy: Update the sysfs paths for the L3 devices."	2019-02-20 08:21:00 -08:00
qctecmdr Service	5580a13e33	Merge "sepolicy: Update device nodes for Kona"	2019-02-20 08:21:00 -08:00
Murthy Nidadavolu	8a721d67b2	sepolicy: allowed v1.2 HALs for DRM and clearkey v1.2 HALs to run for widevine and clearkey Change-Id: I6df2a73aa943059172643c20691e8be21d6775ce	2019-02-20 16:47:29 +05:30
qctecmdr Service	d2533e796a	Merge "sepolicy: adding sepolicy changes"	2019-02-20 01:05:11 -08:00
Aman Gupta	fcff6f52ac	Sepolicy: Addressed the denial to create qipcrtr_socket Taken care of denial to create a qipcrtr_socket by QTI Change-Id: Icf4c0b60d30f1c496cc4b5afed94efa639143109	2019-02-19 23:17:40 -08:00
Bruce Levy	dba0a6c89c	sepolicy: Update device nodes for Kona Change-Id: I8068d580792645816a68699041a967d267f85132	2019-02-19 17:31:02 -08:00
Jaihind Yadav	78f021fe6a	sepolicy: moving qssi supported legacy target here. Change-Id: Ife7e851823afc1dcbf2f561c8079795e909544bc	2019-02-18 21:49:10 -08:00
Rama Aparna Mallavarapu	a6d05fa912	sepolicy: Update the sysfs paths for the L3 devices. Fix the incorrect sysfs path for the L3 devices so that postboot scripts can access them. Change-Id: I16c68615bbb0f66fedc44475cb4774661d60d272	2019-02-18 14:00:45 -08:00
Jaihind Yadav	b4e71b14e7	sepolicy: adding permission for hal_perf_default. Due to newrestriction priv_app can't access cgroup. priv_app is client of hal_perf, so had to remove for hal_perf and adding for hal_perf_default. Change-Id: I16b7ae208275ca8109fd05eb9cf19950ddf96fe6	2019-02-18 18:47:21 +05:30
Sai Kousik Swarna	5223a96650	SEPolicy : Add permissions for read MBN configs directory Add permissions to access /data/vendor/modem_config from RILD and ModemTestMode Change-Id: Ie4c7123f5703aed125a4025a474738dfbd071808 CRs-Fixed: 2396249	2019-02-17 21:25:01 -08:00
qctecmdr Service	b3b88696a6	Merge "sepolicy: Add ipa_uc"	2019-02-16 00:16:30 -08:00
Sunid Wilson	6602793f4f	Camera: Update permissions for Camera process - Deleted unnecessary rules Change-Id: If9fd992c6aa6ff4da1e5527b0de124816aeb3255	2019-02-14 16:39:12 -08:00
Tharaga Balachandran	5b4a8b5ddb	sepolicy: Add permission for /mnt/vendor/persist/display Allow hal_graphics_composer to access /mnt/vendor/persist/display Change-Id: I7af786708b2fce5dfdf2930cacc2e47452f6dba3 CRs-Fixed: 2260713	2019-02-12 20:22:58 -05:00
Shaikh Shadul	2b72835fe1	sepolicy: add rules to access sensors power scripts from app Change-Id: I15fc2d53291458079de1a369316d45b1bc638e10	2019-02-12 17:03:56 -08:00
Amir Levy	fcf4269a60	sepolicy: Add ipa_uc Add ipa_uc to subsys1, move venus to subsys2. Change-Id: I53aeaa7dc73832f2ac7b9c09e594ee70b9af4d86	2019-02-12 10:29:45 -08:00
Smita Ghosh	26ff9f0b2b	Sepolicy: add support for capabilityconfigstore 1. Define domain for capabilityconfigstore 3. Add type for /data/vendor/configstore folder 4. Allow capabilityconfigstore HIDL Server access/r/w it. Change-Id: Ic5fdf44f55d2647d34c9bdf574d60bc445256a48	2019-02-08 14:55:41 -08:00
David Ng	e6c6ac2997	kona: Add storage block device and display-related labels Add partition and display-related SELinux labels. Change-Id: I054dc40dd2f1f150497e1321e1d91d309288ca0f	2019-02-07 11:56:49 -08:00
Chalapathi Bathala	ee029bfa0b	sepolicy: Add file_contexts for kona sepolicy: Add file_contexts for kona Change-Id: I399bac8b3c558cd638942f4a7705a5e6d8d7bbcc	2019-02-07 10:52:36 -08:00
qctecmdr Service	e3397a0fe4	Merge "sepolicy: Remove diag support from surfaceflinger"	2019-02-07 07:50:58 -08:00
qctecmdr Service	72fda2a24a	Merge "Move qdss sysfs file definition from target folder to common"	2019-02-06 22:24:25 -08:00
Biswajit Paul	3a9b15b59f	Move qdss sysfs file definition from target folder to common This CL fixes the compilation issue due to missing definition of sysfs_qdss_dev on target other than msmnile. Also fix some warning while I am here. Change-Id: I3bc035f13fb0fe13650dac3c2d4b022e789d9f7b	2019-02-06 22:09:14 -08:00
Gurpreet Singh Dhami	0a532f7169	sepolicy: Remove diag support from surfaceflinger Change-Id: Id615edb832ce53fd97975dfd1e3550eb5906fbed	2019-02-06 19:04:54 -05:00
qctecmdr Service	7552c9cbde	Merge "sepolicy: Add support for ipa_uc subsys device."	2019-02-06 11:40:09 -08:00
Tyler Wear	c01d674958	Single System Image Move vendor add sepolicy to specific folder. Change-Id: Idd18772b023ddf05c6a08d0516383738d823e644 CRs-fixed: 2382338	2019-02-06 17:16:31 +05:30
David Ng	5e73656b36	msmnile: Add odm & product partitions; delete SD card bootup config Add odm and product partition labelling. Unrelated, remove obsolete SD card bootup configuration. Clean up for consistent column format spacing. Change-Id: Ie4d76f36a0a594c5af3eda8432cfaec630dd1976	2019-02-05 15:08:11 -08:00
Rama Aparna Mallavarapu	8fd6365b75	sepolicy: Add permissions for dcvs nodes Add permissions to the bus dcvs nodes for sysfs to access it. Change-Id: Ibf6d4560f15883bb18a10802a3163cc78f29190b	2019-02-04 15:42:10 -08:00
qctecmdr Service	510ce76673	Merge "Make sepolicy rules for new domain qtidataservices"	2019-01-31 23:33:29 -08:00
qctecmdr Service	aff9f4ffa6	Merge "Sepolicy: generic: Use codec2 public interface names"	2019-01-31 23:19:07 -08:00
Ankit Jain	675dc5a907	sepolicy: Update sepolicy rules for TFTP and RMTFS. Update the sepolicy for TFTP and RMTFS to include all required permissions. Change-Id: I0e08b271cd7bca29ff6fd717ab37e446774e4c55	2019-01-31 12:12:31 +05:30
qctecmdr Service	0861fa9b03	Merge "sepolicy : Correcting path regexp in file_context for sysfs_usbpd_device"	2019-01-30 21:55:12 -08:00
Praveen Chavan	2e8d5e249a	Sepolicy: generic: Use codec2 public interface names update media.c2::IConfigurable to use public names. NOTE: This is temporary and will be removed since the reworked service in upstream does not require this Change-Id: Ic38de94d60014e4a56253415f224b4741f077898	2019-01-30 18:12:31 -08:00
Tyler Wear	18f71a195c	imsrtp - Single System Image Change-Id: I27387725509541a06d9fe4aa8954ffedcf216488	2019-01-30 16:24:45 -08:00
Ravi Kumar Siddojigari	d2acefa3f9	sepolicy : Correcting path regexp in file_context for sysfs_usbpd_device As it was assumed that all the node path of pmic and usb are going to have hex values in the path where [a-z0-9] was replace with [a-f0-9] which was leading to regression so correcting them. Change-Id: I9f3f60e3d68662e9286191965f232625f5dd4bd2	2019-01-30 19:19:32 +05:30
qctecmdr Service	17fbf07c6e	Merge "Sepolicy: Added rules for QTI HANA55 enablement"	2019-01-28 22:30:17 -08:00
Abhinay Reddy Vanipally	dc6ff6d1bc	sepolicy: Add support for ipa_uc subsys device. Add support for ipa_uc subsys device Change-Id: I23d39e183ae3f2ddaaf9d178fd17bb2a32294d3a	2019-01-28 10:21:28 -08:00
qctecmdr Service	64bfa45fc3	Merge "common: Move sscrpcd from targets to common path"	2019-01-28 01:19:38 -08:00
shoudil	d5509a4dba	sepolicy: add new property and sepolicy Add property ro.vendor.qti.va_aosp.support and sepolicy. The property will be used to detect the framework type at runtime. Change-Id: Id5ede408641cd371d546ee5b35087c71781e380b CRs-Fixed: 2379644	2019-01-24 21:32:14 -08:00
Aman Gupta	2e892172ec	Sepolicy: Added rules for QTI HANA55 enablement QTI policies for MHI node retrival Change-Id: I2a252638c1f167162954206d0ebfac390e1fa756	2019-01-24 18:29:11 -08:00
Vivek Arugula	087da0cd30	common: Move sscrpcd from targets to common path Change-Id: Ia28decb18c387bc22408b70a55b9fc21f01f3c63	2019-01-24 10:50:53 -08:00
qctecmdr Service	5c1c005e3f	Merge "sepolicy: add rs_exec permissions to org.codeaurora.snapcam"	2019-01-23 23:32:19 -08:00
qctecmdr Service	93b5ce4f01	Merge "sepolicy: add bt prop permission to audio hal"	2019-01-23 16:59:06 -08:00
qctecmdr Service	b840fc09b1	Merge "Added device sepolicy rules for NN HAL 1.2 implementation"	2019-01-23 15:19:14 -08:00
qctecmdr Service	2643556c36	Merge "Associate proc_type to proc_audiod and add qti_debugfs fs_type"	2019-01-23 11:33:37 -08:00
Srinu Jella	ef2fbd28be	sepolicy: add bt prop permission to audio hal - Sepolicy rule added to read bluetooth property to be read from Audio hal. Change-Id: Ib9b19b6d00747938e7cbbf87b6324c37e22f5973	2019-01-23 14:55:55 +05:30
Jaihind Yadav	4e58a85d79	sepolicy: add rs_exec permissions to org.codeaurora.snapcam Bug: 123050471 Change-Id: I6bbd8b89b494b8529060eb33a8b8ce79c7cecf7c	2019-01-22 16:29:17 +05:30
Mahesh Kumar Sharma	4b7b683bdb	sepolicy: grant write permission of rkill state to bluetooth Add label for rfkill and extldo node and grant writeable permission to bluetooth. Change-Id: I6cb08069193dcf29675d35bfa4d91d2729cc0518	2019-01-21 14:34:57 -08:00
qctecmdr Service	c02d1b31ae	Merge "sepolicy: added permissions needed for atfwd"	2019-01-21 01:09:30 -08:00
qctecmdr Service	82252acb81	Merge "sepolicy: Add gralloc.qcom to SP HALs"	2019-01-21 01:01:01 -08:00
Biswajit Paul	5edc732c57	Associate proc_type to proc_audiod and add qti_debugfs fs_type proc_audiod was mising the attribute proc_type. Add the same to fix compilation when proc_audiod rules are added. Also add qti_debugfs to enable usage of the same. Change-Id: I160a576dc2ea3ad5f9e9d5c7327ebabdabbc051a	2019-01-18 16:31:55 -08:00
Naseer Ahmed	e025f2ec9a	sepolicy: Add gralloc.qcom to SP HALs Change-Id: I22465657ce3db65fce34579889b8c6762301db45 CRs-Fixed: 2383034	2019-01-18 19:14:26 -05:00
Wileen Chiu	5d9c5005f1	sepolicy: added permissions needed for atfwd Adding sepolicy rules for denials seen for atfwd daemon. Change-Id: Id4b0e2a36222ca12dfe5a6ec4121ab7cf605afe5	2019-01-18 15:09:52 -08:00
John Zhao	0dbba5d923	sepolicy: timezone to be overrided by vendor Allow the timezone to be overrided by vendor CRs-Fixed: 2293241 Change-Id: I5f253df2ecb41013c9ab33d2087f2e0e2ea9e25a	2019-01-17 23:08:50 -08:00
Alex Kuoch	a20bceae50	Added device sepolicy rules for NN HAL 1.2 implementation Change-Id: Ibedaf1e6b3756664398a2e7f7ebbea9de069ca06	2019-01-17 16:13:13 -05:00
qctecmdr Service	baf172aa10	Merge "sepolicy: add sepolicy for secure ui data files"	2019-01-17 04:37:36 -08:00
Rajesh Yadav	d4888158be	sepolicy: add sepolicy for secure ui data files Add /data/vendor/tui dir read permissions to tee to allow dynamic font loading by sui listener. Change-Id: Ibbb6b27ed896e89d9eab3fc91e58feef6759c079	2019-01-17 17:48:30 +05:30
Divya Sharma	48af07427e	file removed generic/vendor/common/drmserver.te Change-Id: Ie5509b96206257dabbb8ddecaa3ab560971df9a4	2019-01-16 21:47:47 -08:00
qctecmdr Service	f98e11ea8a	Merge "sepolicy: configure framework detect jni as SP-HAL"	2019-01-14 01:05:18 -08:00
Sean Tranchetti	ee012cbc25	selinux: Add policy for port-bridge to support mhi Allow port-bridge to operate over the mhi interface. Change-Id: I1aa0a6ddf2a39344a7e1e56c928cc6947cf8640d	2019-01-10 12:22:31 -07:00
Ankur Sharma	6ed23be2cd	Make sepolicy rules for new domain qtidataservices Adding rules and binder call for the new domain qtidataservices_app which is created as part of moving cne's certifciate API's from system to vendor partition. Change-Id: I1b67595e413983a925d4be4ad182e748de68e309 CRs-Fixed: 2378996	2019-01-10 19:19:51 +05:30
shoudil	1c4c060c2a	sepolicy: configure framework detect jni as SP-HAL Allow vendor apk to access share libs under /vendor to dynamically detetct framework as modified or purs AOSP. Change-Id: Ic5a755fcd2bc8042db9294aff2d7ec69d9db0385 CRs-Fixed: 2376508	2019-01-09 16:54:38 +08:00
qctecmdr Service	714332895d	Merge "sepolicy: Label /data/vendor/tombstones and provide access for rfs_access"	2019-01-07 22:32:02 -08:00
Eric Chang	baff8e9b42	Create new sepolicy domain for qtidataservices Adds selinux policies required to move CNE's certificate API from system to vendor partition Change-Id: I37cc2f23a4b776807e4333c04710eb49b70a7e62	2019-01-07 10:20:40 -08:00
Abhinay Reddy Vanipally	019acee551	sepolicy: Label /data/vendor/tombstones and provide access for rfs_access changing the label /data/vendor/tombstones and provide access for rfs_access Change-Id: Ia05abd97c0125a9d2af183524d1d8731aa8303c0	2019-01-03 09:29:45 -08:00
Aman Gupta	b576ecfec9	Sepolicy: Addressed the DATAQTI denials for IPC Router socket Addressed the DATAQTI denials for IPC Router socket Change-Id: I95bdcbf7608e0973d616cf89a5022bf324247a91	2019-01-02 03:16:33 -08:00
Shaikh Shadul	f9adb88fe8	sepolicy: initial sensors policy changes for common image Change-Id: I7bc74d7b90ef39d878cd4b096713c66f818b4fe6	2018-12-26 14:28:45 +05:30
qctecmdr Service	a7d9f7bc9e	Merge "sepolicy: msmnile: add esoc ssr node"	2018-12-20 23:44:48 -08:00
qctecmdr Service	ae7ff39c1f	Merge "sepolicy: add policies for mdm_helper"	2018-12-20 23:25:54 -08:00
qctecmdr Service	5bfbe5e910	Merge "Add genfs_contexts file for Kona Q"	2018-12-20 23:10:45 -08:00
Eric Chang	d792669537	selinux: Add policy for rild to add IDataConnection HAL Denial SELinux : avc: denied { add } for interface= vendor.qti.hardware.data.connection::IDataConnection pid=5619 scontext=u:r:rild:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0 Change-Id: I0d3eedf7e001179f6ed6faa7b2ae93ea2df9306c	2018-12-19 11:25:22 -08:00
Jaihind Yadav	f45cc554e4	sepolicy:removed system_file access for the domain netmgrd and qti_init_shell is accessing system file. due to newrestriction in AOSP it is throwing build error. So removing it. Change-Id: I5c43c38ac0d7e47c9b602a484ceb7b70322debc8	2018-12-19 05:27:49 -08:00
Sahil Madeka	a77ced9488	Add genfs_contexts file for Kona Q Change-Id: Icdd1fe857e76c3d0554d911612fb15562af29925	2018-12-19 04:15:01 -08:00
qctecmdr Service	6efd0a5ed9	Merge "sepolicy: removing /firmware and /bt_firmware labeling"	2018-12-19 01:23:51 -08:00
Jaihind Yadav	a0c3217131	sepolicy: removing /firmware and /bt_firmware labeling /firmare and /bt_firmware is not there for this target. So removing labeling of these partition from file_contetxs. Change-Id: I246dae55956421c502c4eb0a46ea8579187240ee	2018-12-19 00:58:01 -08:00
Jaihind Yadav	0ad82e0e41	Revert "sepolicy: priv_app is no longer client of hal_perf." This reverts commit `ccc837d327`. Change-Id: If69d4a4b27e7b6d69c2ee0dabd5d41d4c4429f98	2018-12-18 02:04:13 -08:00
Jaihind Yadav	672e3dbde7	sepolicy: removing legacy target dir. this target is no longer would be supported on this compponent. So removing it. Change-Id: I70c96a029a476c8067182bdd6dbb0b25d683791a	2018-12-18 12:45:20 +05:30
qctecmdr Service	70e43bc400	Merge "Add macro for framework type detection module"	2018-12-17 01:09:00 -08:00
Jaihind Yadav	ccc837d327	sepolicy: priv_app is no longer client of hal_perf. Due to newrestriction priv_app can't access cgroup. And priv_app is client of hal_perf, so had to remove it. Change-Id: Idb17f438e06bdd71df235072eec4973556ce09d0	2018-12-14 18:48:08 +05:30
Smita Ghosh	0f0c42fe37	Add OTA support for multiimgoem update_engine needs rw access to each of the partitions that needs to be updated by OTA. Change-Id: Id3af536cebd2e280abf89443cb9ac445e009aa7d	2018-12-12 18:42:46 -08:00
Adam Bickett	ec9e378641	sepolicy: msmnile: add esoc ssr node Add esoc node to sysfs_ssr type. This is required to allow subsystem queries for targets with external modem. Change-Id: Ib2f559e27770a5b113e77672554825904b5c707d	2018-12-11 23:04:47 -08:00
Chalapathi Bathala	41c6bfc0aa	sepolicy: add policies for mdm_helper Add policies for mdm_helper Change-Id: Ie233107671fd9566f822d54bc1cd0b22286ca6f3	2018-12-11 10:41:56 -08:00
David Ng	8546ead68d	Add macro for framework type detection module Add permissions needed for clients to use the vendor framework detection library module. All native clients using the framework detection module must use the macro for their domain. The existing permission needs are empty (already part of domain) but added placeholder to allow any underlying mechanism changes that may require new permissions. Change-Id: I88de640608e673a77a357afce11af8cb4d01e2d9	2018-12-07 12:37:19 -08:00
Linux Build Service Account	4327d05bdd	Merge "sepolicy: kernel.te: Add qipcrtr_socket permissions" into sepolicy.lnx.5.9	2018-12-06 09:15:08 -08:00
Chris Lew	e0eb6bb836	sepolicy: kernel.te: Add qipcrtr_socket permissions Give kernel permissions to create qipcrtr_socket which is used for diag and kernel qmi. Change-Id: Id7911a882ea39b9dc84344f38466e845aef3dbd8	2018-12-04 16:30:52 -08:00
Eric Chang	9413225997	selinux: Add policy for rild to add IWlan HAL. Change-Id: Ife3b1197be06593aae1eb031f79ca64c513d8b6e	2018-11-27 13:35:49 -08:00
Hemant Gupta	c21eb88d4b	sepolicy : Address BT denials resulting in error popups Address BT denials resulting in error popups. Change-Id: Ifba5c183739663113dd58814fbf445ae51cefd77	2018-11-27 16:21:06 +05:30
Ravi Kumar Siddojigari	4106db5b4f	sepolicy : cleanup and misc denials addressed . as part of bringup addressed misc denials and code cleanup Change-Id: Ifba5c183739663113dd58814fbf445ae51cefe77	2018-11-15 22:25:34 -08:00
Siddeswar Aluganti	424bfd1ce2	Fix build error. Change-Id: I96aef4e64d51c4d5f7bb10a1d9a91a468d230107	2018-11-13 15:25:23 -08:00
David Ng	f555172e7b	Add JTAG console labeling (hvc0) and fix generic/vendor/test Add console labeling for JTAG console device. Debug builds only as not expecting console via JTAG in a commercial configuration. Fix generic/vendor/test policy pickup. Change-Id: I03257ad59f7b4f41680da3942606dd40c147bcbf	2018-11-08 18:40:06 -08:00
mraja	b2fbfd7d3a	sepolicy: following the AOSP model to label the nodes. sdd node was labeled as ssd_Device for some target but ssd_block_device for other. So making it unique across all target. Change-Id: I1248585c0c6ab33fbc9daaa8d0ab8d6299ec2fb8	2018-11-02 18:17:29 +05:30
Ravi Kumar Siddojigari	59906d1904	sepolicy : cleanup of duplicate rules #1 domain.te already had given access to r_dir_file({domain - isolated_app}, sysfs_soc); r_dir_file({domain - isolated_app}, sysfs_esoc); r_dir_file({domain - isolated_app}, sysfs_ssr); r_dir_file({domain - isolated_app}, sysfs_thermal); so removing all the duplicate rules covering this Change-Id: Ic74a8c62a81567dbe5bfc69f691bc2239565ba5f	2018-11-02 01:21:27 -07:00
Jaihind Yadav	f90c624e54	sepolicy: fix system_file_type and get_prop for coredomians. As part of new AOSP restriction all the domains which are working from system partation should have "system_file_type" attribute else will lead to compile time failure . For reading / setting any property we should be using following macros . set_prop( domain, property_label) get_prop( domain, property_label) So addressing these as part of new requirments . Change-Id: I6ef373404640f285a57484024665a42f615ce863	2018-11-02 01:21:04 -07:00
Jaihind Yadav	fd253c8e33	sepolicy: changes needed to get the target boot to UI. Adding the label to services/daemon which was not getting started due to incorrect label and add the sepolicy rules to get the target to boot in enfrocing mode. Change-Id: I12fc4bfe38153cd51fb2d9b869f05a06c9d2c61f	2018-11-01 15:47:55 -07:00
Jaihind Yadav	07a6077476	sepolicy: inital commit for seperation of generic to qva restructuring dir sturcture. adding support of upcomming target. Change-Id: I6b23e7c0c8bed79146b29c681c7ef1f5311e1234	2018-10-31 17:47:16 +05:30

... 3 4 5 6 7 ...

441 commits