tequilaOS/platform_device_qcom_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3623 commits 1 branch 0 tags 4.5 MiB
Commit graph

745 commits

Author SHA1 Message Date
qctecmdr
2ac92009f1 Merge "Allow dumpstate to getattr on vendor_vm_qti_system_file" 2023-05-19 03:49:43 -07:00
qctecmdr
a6e4a4fc6f Merge "DpmService system sepolicy rules for tcm" 2023-05-18 05:26:45 -07:00
Karra Harshitha
1af866422d Allow dumpstate to getattr on vendor_vm_qti_system_file 
Change-Id: Ic34993db1e8886b9869d375a34dd7afe1788cd6d
 2023-05-18 00:46:10 -07:00
Manoj Basapathi
116ad64c2b DpmService system sepolicy rules for tcm 
Change-Id: I537849a84a991f4f9d322234b89d3b7485311a5b
 2023-05-17 17:12:09 +05:30
Anubhav
b4ce30e12d Sepolicy: To access QESDK's own data file 
Change-Id: I1ab1e5cd70383539fcfd98ca70b4d4b31607ec24
 2023-05-07 23:32:22 -07:00
Aleti Nageshwar Reddy
616756ac55 Add permission for system apps to access wifimyftm service 
Add sepolicy rule to allow system apps to access wifimyftm aidl
service.

Change-Id: I649f91fa146f6204961ac4e775ec2650cdf462fe
CRs-Fixed: 3472027
 2023-05-05 12:15:34 +05:30
Jason Wojcik
9cdd74001f Virtualization Service: Rust Implementation 
Change-Id: Ief96bf7dcf76bcf28cc60c34bbeb0db628018ae9
 2023-04-28 10:08:18 -07:00
Libo Jin
7d87edc645 Perf: dontaudit domain while reading vendor.perf.framepacing. 
CRs-Fixed: 3253303
Change-Id: I7d7865103f9b8e2f6ee9572a451f565c03a30d28
 2023-04-25 17:09:22 -07:00
Karra Harshitha
b98853022e Add sepolicy rule for init domain 
Add rule to allow read for vendor_vm_qti_system_file.

Change-Id: Ib0d035d8e11bcbcd654aa05a3d8c76460deb068f
 2023-04-21 04:42:47 -07:00
Kartik Mathur
c9e0d46cc2 SEPOLICY:Disable remote_prov_app for UP1A.230406.001 
Commenting remote_prov_app definition from remote_prov_app.te
for platform LKG UP1A.230406.001

Change-Id: I5086015fdf05b4956a3bfc543852aa1f50b93a8c
 2023-04-19 22:57:35 -07:00
Vamsi Krishna Gattupalli
cf14fad52b Added permission for untrusted app to dsp hal 
Added rule to give unstrusted app permission to
access DSP HAL.

Change-Id: I7a33e402de27d48a5856fd6c7c4c908e6f6a4a25
 2023-04-12 14:28:22 +05:30
Karra Harshitha
aab52cb7a8 Add sepolices to update engine domain. 
While applying OTA update package, update engine
loops through partitions entries/mountpoints.
Add rule to supress search for vendor_vm_qti_system_file.

Change-Id: I23622b14c0329ee24bf98fce81351119e46e1dea
 2023-04-10 22:32:16 -07:00
Anirudh Radhakrishnan
afb8ba7dca Added permission for untrusted app to dsp hal 
Added rule to give unstrusted app permission to
access dsp hal

Change-Id: I8655ebedec1a4065e17b3972c02f44d45f312890
 2023-03-30 22:37:04 -07:00
Swarn Singh
0cbe74eadd Add sepolicy for qtiwifiservice to interact with IWifi hidl 
This commit defines required sepolicy rules for qtiwifiservice apk to
interact with IWifi HAL.

Change-Id: Icabbee484129fc3e686d6c3076ccc87612ecc0fc
CRs-Fixed: 3282372
 2023-03-29 09:54:19 -07:00
qctecmdr
2f85120b27 Merge "sepolicy: Remove deprecated xtra_t_app" 2023-03-26 03:47:23 -07:00
qctecmdr
c158fedaef Merge "The sepolicy update for phone link" 2023-03-23 07:01:00 -07:00
qctecmdr
dd468af44b Merge "sepolicy: add qesdk access for untrusted_app_32" 2023-03-20 04:26:27 -07:00
yingjiew
8730afa596 sepolicy: Remove deprecated xtra_t_app 
Change-Id: I85db17f09dbbef61d2b8cccba5cc1ea80f6d4db0
CRs-Fixed: 3438481
 2023-03-17 14:02:47 +08:00
Garrett Slone
5f86d57a42 sepolicy: add qesdk access for untrusted_app_32 
Change-Id: I32709aeb825e2dbbc5ad8049361c569bcd708aa7
 2023-03-07 12:12:54 -08:00
Arthur Shuai
b18d572169 The sepolicy update for phone link 
Change-Id: I8248f7caff7ec0826f7e9285850392ce376e3250
 2023-03-01 09:10:12 -08:00
qctecmdr
e97785ff47 Merge "sepolicy: Add new Sepolicy context for WFD R2 Enablement Property" 2023-02-22 07:35:21 -08:00
Amit Agrawal
77acdc98f1 sepolicy: Add new Sepolicy context for WFD R2 Enablement Property 
Add new SEPolicy Context for WFD R2 Enablement property and allow
system_server and wfdservice to have read permission for the same.

Change-Id: Ie800787d132db204dcdedf5520ef4a07c47b4762
 2023-02-16 13:33:54 +05:30
Prakash Pabba
a4be1b097c remote_prov_app: sepolicy to write tcmd socket. 
- any app using OkHttp stack needs tcmd socket access privilege.

- remote_priv_app uses OkHttp stack, so it needs tcmd socket
 access privilege.

Change-Id: Idcd5e28ebe8af466779ad1112e4da09c3385f27b
 2023-02-15 21:55:42 -08:00
Ayishwarya Narasimhan
4cba34c409 IMS: sepolicy for dcservice 
desc: Add sepolicy for dcservice in dataappservice

Change-Id: Idf332e1df33c06b783b17b82ddfa4791dbdc68d9
 2023-02-03 11:40:07 -08:00
Vaishali Rai
e7e6fdb57b sepolicy: define vendor_hal_imsrtphal attribute 
* define vendor_hal_imsrtphal attribute
* for ImsRtpService AIDL migration

Change-Id: I4fb9c2e4c874c6f991bab06977d775d4c3815771
 2023-02-01 14:45:33 +05:30
Sanghoon Shin
3cdf8e631e sepolicy:qcc: switch to platform app 
qcc app domain switch to platform app from  system

Change-Id: I661fef3af7d0a9518f67e14f2787999f268485e0
 2023-01-31 14:47:44 -08:00
qctecmdr
e08714600b Merge "Qvirtservice hal selinux changes" 2023-01-27 03:19:41 -08:00
qctecmdr
3cb12da175 Merge "Allow qtelephony domain to interact with IAtFwd" 2023-01-27 01:59:35 -08:00
Karra Harshitha
10fd7ed18c Qvirtservice hal selinux changes 
Change-Id: I58d2580c50f4000c47ba0320f7ccf306f91218ef
 2023-01-25 05:31:26 -08:00
Sneh Bansal
d2eb39bf7a Allow qtelephony domain to interact with IAtFwd 
Allow qtelephony domain to interact with IAtFwd interface.

Change-Id: Ibb0f8bed86a8a1bdd084a559b31bf76302a4eef1
CRs-Fixed: 3375535
 2023-01-25 13:02:26 +05:30
P.Adarsh Reddy
2f0bc4276d Adding sepolicies to support vm-system mountpoint on /product. 
Change-Id: Ia28484bbe96057ecf1079e65aa28ca9bc0d83380
 2023-01-16 01:25:11 -08:00
Sneh Bansal
ce9d217c3c Allow radio domain to interact with IAtFwd 
Allow radio domain to interact with IAtFwd interface.

Change-Id: I3d57ef7ba5007af81f71995aabf9c3cdfa978002
CRs-Fixed: 3375535
 2023-01-10 21:29:57 +05:30
Sneh Bansal
b210af5760 Define attributes for AtFwd HAL Stable AIDL 
Change-Id: I8ebbb0949dd91a03502970cc5783ef23e53276dd
CRs-Fixed: 3375535
 2023-01-09 12:09:42 +05:30
Jaihind Yadav
2941cdd7f5 removing vendor_hal_minkipc_service to resolve the build error while generating super image. 
Change-Id: I3cfc09f937195728c08222713beeae594da7356e
 2022-12-28 11:49:46 +05:30
qctecmdr
d941db11bd Merge "Sepolicy: add rules for qsguard" 2022-12-22 05:34:38 -08:00
Zhiqing Xiong
1381e3e9cf Sepolicy: add rules for qsguard 
Qsguard is a native daemon process to monitor screen freeze.
add rules here to allow qsguard working fine

Change-Id: Ibbbc9525ef081c877ac604299feba4a867a17c53
CRs-Fixed: 3365426
 2022-12-22 13:27:12 +08:00
PavanKumar S.R
43dd6269b5 Remove vendor_qesdk_service_new 
Change-Id: I704ca491d1f1e43d66e8971fc6205f08f0967299
 2022-11-13 22:26:20 -08:00
PavanKumar S.R
19aab3c302 vendor_service replaced with hal_service_type 
Change-Id: I0f3e052f4bf5fecf4a8d225b2edbd08463dd1d06
 2022-09-28 00:41:00 -07:00
Jaihind Yadav
802dc91c24 adding compat/33.0.cil file for system_ext and product. 
Change-Id: I5979017c48f27363bd1fdc178ead5bd290da7105
 2022-08-01 23:57:59 -07:00
Arun Kumar Neelakantam
6ec871b660 sepolicy: Add systemhelper_app binder calls 
Add systemhelper_app binder client/server calls to allow clients to get
required permissions with hal_client_domain().

Change-Id: I1e181f2f03c32e013143b61d9caac7e720b4bdca
 2022-06-15 05:47:53 -07:00
Jaihind Yadav
007fd2fbe2 fixing the build error while making super image. 
vendor_afp_prop was not correctly added in *cil file.

Change-Id: I0473c076451f26fcf349a6a88b3c474fac9d3961
 2022-06-14 10:40:38 +05:30
Jaihind Yadav
880c16c6bd sepolicy: adding neverallow for custom halserverdomain. 
any hal domain which is using this custom bypass macro
will get the neverallow error unless it is whitelisted.

Change-Id: I87ecce04033e8fe5d5d6c4114c6af1ed774df916
 2022-06-10 23:15:49 +05:30
qctecmdr
d506f156a0 Merge "MinkIPC over AIBinder SEPolicy" 2022-06-08 15:58:16 -07:00
Tsung Cheng Lin
57eba52929 MinkIPC over AIBinder SEPolicy 
- Add SEPolicy for new service

Change-Id: I4e494e2391ec892942756ca76068b89a4f381a79
 2022-06-07 09:14:35 -07:00
Rajat Asthana
003b40203c Add rule to not audit when WLC accesses incremental_prop and proc 
While full scan in WLC, if an app invokes incfs filesystem, it causes
an avc denial denial for accessing incremental_prop and proc
filesystem. Since, WLC does not directly access the incremental
property, and that doesn't affects the classification of the apk,
add a rule to not audit when wlc reads the incremental_prop
and proc_filesystems.

Change-Id: Ic89327a7c048b760c24a1fc272dd2ee848689699
 2022-06-06 08:02:11 -07:00
Sanghoon Shin
419ded622f sepolicy:qcc: add qcc path to dropbox 
allow both "qcc" and "qdma" in preparation to transition to "qcc"
to avoid use "qdma" word in implementation

Change-Id: I608f8ecc14e56f3b17823c759c7064f09601f594
 2022-05-31 14:43:47 -07:00
qctecmdr
20b0f2dece Merge "Sepolicy: allow vendor_perfetto_dump to read/write trace_data_file" 2022-05-31 08:54:27 -07:00
Zhiqing Xiong
e640ad7890 Sepolicy: allow vendor_perfetto_dump to read/write trace_data_file 
As perfetto_traces_data_file is going to be neverallow, change
to trace_data_file instead.
add allow rules vendor_perfetto_dump to read/write trace_data_file

Change-Id: Ic0569110c81c95cc6756ddc3e551733cd5411ae9
CRs-Fixed: 3194279
 2022-05-25 11:00:26 +08:00
Kripa Bhat
b4c37c6568 Add sepolicy for supporting gpu profiling 
Add missing vendor_hal_qspmhal policy

Change-Id: I9aae25a16a9ce3f32516ceecc758f54ec3d4e4f4
 2022-05-18 23:48:18 -07:00
Libo Jin
55d88c0c3e Perf:add property permission for AFP 
CRs-Fixed: 3155750
Change-Id: Ibb58a13cbcc4f148a55a9c3a5ada82fc031a0cac
 2022-05-16 00:01:07 -07:00