tequilaOS/platform_device_qcom_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3067 commits 1 branch 0 tags 4.5 MiB
Commit graph

367 commits

Author SHA1 Message Date
Sachin Grover
64d8befcb2 seploicy: For optimization, removing wildcard entry of thermal 
Change-Id: I7a843db2ca19c9e530941eef6c1b012c55a62966
Signed-off-by: Sachin Grover <sgrover@codeaurora.org>
 2019-10-20 23:58:08 -07:00
qctecmdr
bb191df06b Merge "sepolicy: add dataservice_app access to uce_services." 2019-10-14 05:24:41 -07:00
qctecmdr
a48ea1f159 Merge "sepolicy: Allow hal_memtrack_default search access to sysfs_kgsl" 2019-10-13 23:23:20 -07:00
Ravi Kumar Siddojigari
966192137d sepolicy: add dataservice_app access to uce_services. 
As the commit  db87060f1c.
removed the access for compile time issue adding it back.

Change-Id: I814fa4355693c4fdabcf735eea3e149446dcbabf
 2019-10-10 12:59:36 +05:30
Jaihind Yadav
db87060f1c sepolicy: uce service is moved to system side. 
As this service is moved to system side so definition should be removed from here.

Change-Id: Ie656558c062196203e27c937700e9b568ca80a5d
 2019-10-03 18:51:17 +05:30
Deepak Kumar
7f2c787c42 sepolicy: Allow hal_memtrack_default search access to sysfs_kgsl 
Grant hal_memtrack_default search access to sysfs_kgsl. This fixes
these avc denials seen in user build:
memtrack@1.0-se: type=1400 audit(0.0:2817): avc: denied { search }
for name="kgsl" dev="sysfs" ino=36355
scontext=u:r:hal_memtrack_default:s0
tcontext=u:object_r:sysfs_kgsl:s0 tclass=dir permissive=0

GL and EGL memory are now accounted properly when
"dumpsys meminfo -a <pid>" is executed in user build.

Change-Id: I1601729d4051bc3447a6f680ff38f3aa031efbde
 2019-10-01 12:57:51 +05:30
qctecmdr
85e1512c76 Merge "sepolicy: allow sensor daemon to use wake-lock" 2019-09-29 00:48:09 -07:00
qctecmdr
a4501a9111 Merge "sepolicy: adding vendor_persist_type attribute." 2019-09-29 00:08:50 -07:00
qctecmdr
74707b14bd Merge "Sepolicy : Add dont audit for vendor_gles_data_file label" 2019-09-28 23:26:06 -07:00
Mohit Aggarwal
6886e3677e sepolicy: Define key for TimeService apk 
Define key for TimeService apk
Change-Id: I612120345bed56fd92d438a0a2db3db6aa919519
 2019-09-26 03:44:36 -07:00
Jaihind Yadav
f66d6d1c7b sepolicy: adding vendor_persist_type attribute. 
adding neverallow so that coredomain should not access persist file.

Change-Id: If8ab44db78e08e347cb33239bf2544c22c362b5b
 2019-09-25 18:20:24 +05:30
Linux Build Service Account
90ce94f5b4 Merge "Camera: Add permission for Post Proc service" into sepolicy.lnx.6.0 2019-09-24 00:43:26 -07:00
Linux Build Service Account
d5b3815c1c Merge "sepolicy-sensors : allow init daemon to set sensors_prop properties" into sepolicy.lnx.6.0 2019-09-24 00:40:33 -07:00
Sandeep Neerudu
b9cad48c95 sepolicy-sensors : allow init daemon to set sensors_prop properties 
Change-Id: I6b587a167538cc49c9049511f9448ec99c40b212
 2019-09-23 22:14:10 -07:00
Jun-Hyung Kwon
d34d67fc07 sepolicy: allow sensor daemon to use wake-lock 
allow sscrpcd daemon to access wake-lock sysfs nodes

Change-Id: I679b077480aea8d5eef9df0dd346bd65611ee000
 2019-09-23 22:13:38 -07:00
Rama Krishna Nunna
59b232337b Camera: Add permission for Post Proc service 
- New service added for Post Processor

Change-Id: Ib55517449cee80dd4883a75d8ad9bfb0ed6e1ae1
 2019-09-23 09:17:46 -07:00
kranthi
29c5c84110 Sepolicy : Add dont audit for vendor_gles_data_file label 
System process cannot access vendor partition files.

Change-Id: I7fd5805ac98319660c1e5f9fca3ae2137a49d0a0
 2019-09-23 16:41:37 +05:30
Manaf Meethalavalappu Pallikunhi
8d38d15759 sepolicy: add support for limits-cdsp sepolicy context 
Add limits_block_device file contexts for limits partitions
and allow thermal-engine to access this partition.

Add lmh-cdsp sysfs file to sysfs_thermal file context.

Change-Id: I9c18c9d862f5e99ca36cb8c38acd98ac4f152ebf
 2019-09-23 00:06:15 -07:00
Vivek Arugula
11a5a1c2e3 sepolicy : Add policy rules for usta service 
As part of making USTA (Sensor android test application) as
installable, we split the app into 2 parts. One Acts as only UI,
another one acts as service which interacts with sensors native
via JNI. Both the apps are placed in system/app path only.

Change-Id: I58df425bebef96b9d6515179e9581eed03571ad6
 2019-09-13 17:34:22 -07:00
qctecmdr
700457194e Merge "sepolicy: Add permission for QtiMapperExtension version 1.1." 2019-08-09 04:57:41 -07:00
qctecmdr
76f19f2ea6 Merge "sepolicy: Add rules to enhance pkt logging for cnss_diag" 2019-08-09 02:11:29 -07:00
Ashish Kumar
78fbc21a47 sepolicy: Add permission for QtiMapperExtension version 1.1. 
CRs-Fixed: 2505716
Change-Id: I61d02bcccf2069f792f2ee118fcf5dbf9a7b77ee
 2019-08-08 22:25:46 -07:00
Hu Wang
f0b0780006 sepolicy: Add rules to enhance pkt logging for cnss_diag 
Fix sepolicy denies seen when cnss_diag do pkt logging.

CRs-Fixed: 2502031
Change-Id: If0ae5fb9da36483bef686ae86bdd865f8a3e51ec
 2019-08-08 04:48:33 -07:00
kranthi
03232c6a4f Sepolicy : Do not audit untrusted_app_27 to fix avc denials 
Add do not audit rule for unrusted_app_27 to fix AVC
denials for gpubusy and max_gpuclk props

denial:
type=1400 audit(0.0:465): avc: denied { read } for name="max_gpuclk" dev="sysfs"
ino=56328 scontext=u:r:untrusted_app_27:s0:c178,c256,c512,c768 
tcontext=u:object_r:sysfs_kgsl:s0 tclass=file permissive=0 app=com.gameloft.android.ANMP.GloftA9HM

type=1400 audit(0.0:381): avc: denied { read } for name="gpubusy" dev="sysfs" 
ino=56330 scontext=u:r:untrusted_app_27:s0:c168,c256,c512,c768 
tcontext=u:object_r:sysfs_kgsl:s0 tclass=file permissive=0 app=com.tencent.ig

Change-Id: If11c109b5426c598121cff045ad1693d2221d57e
 2019-08-07 11:35:59 +05:30
Jilai Wang
7dab1aa8e1 sepolicy: Allow NN HAL to access npu device node 
This change is to allow NN HAL to access npu device node.

Change-Id: I193a7fb0b571a734804bc31ccf52376e9a13d500
 2019-08-06 16:55:43 -04:00
Jaihind Yadav
4676536dd1 sepolicy: rule to set kptrstrict value 
Change-Id: I05764146d61ff2ff934888280523fa0559dd083c
 2019-07-31 23:22:36 -07:00
qctecmdr
662e886cb2 Merge "sepolicy: Rename vendor defined property" 2019-07-30 12:53:17 -07:00
Jun-Hyung Kwon
2475d56cc7 Revert "sepolicy : Add property access rules for sensors init script" 
This reverts commit 50dbc4287a.

Change-Id: Ia35ac0fc17cf2fc6cde6cc08465cf1d586a28f5d
 2019-07-29 17:59:28 -07:00
Pavan Kumar M
50ef9c7f89 sepolicy: Rename vendor defined property 
All vendor defined properties should begin with
vendor keyword.

Change-Id: I0235d2b37ead9f015fe27075906dbf33b218173f
 2019-07-29 00:22:17 -07:00
qctecmdr
bb7f2ca878 Merge "Sepolicy: Add policy rules for untrusted_app context" 2019-07-28 21:21:10 -07:00
Rahul Janga
0eb606ffab Sepolicy: Add Do not audit for vendor_gles_data_file 
Addressing the following denials:

audit(0.0:118774): avc: denied { read } for name="esx_config.txt"
dev="dm-4" ino=7451 scontext=u:r:system_app:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=file permissive=1

avc: denied { open } for path="/data/vendor/gpu/esx_config.txt"
dev="dm-4" ino=7451 scontext=u:r:system_app:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=file permissive=1

avc: denied { getattr } for path="/data/vendor/gpu/esx_config.txt"
dev="dm-4" ino=7451 scontext=u:r:system_app:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=file permissive=1

Change-Id: I1d9a8c64a2206e3faa9f367f731f3f542ce7fd4b
 2019-07-25 11:06:50 +05:30
Rahul Janga
9610a7ef1f Sepolicy: Add policy rules for untrusted_app context 
Add gpu related policy rules for untrusted_app

Addressing the following denial:

type=1400 audit(0.0:593): avc: denied { search } for name="gpu" dev="dm-0"
ino=405 scontext=u:r:untrusted_app:s0:c144,c256,c512,c768
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=dir permissive=0
app=com.android.chrome

Change-Id: Iabbc7bea6f00a055f7f0ea3d2b926225737b99d5
 2019-07-24 09:54:45 -07:00
qctecmdr
6e692787b6 Merge "Sepolicy: White list adreno_app_profiles lib" 2019-07-24 04:45:42 -07:00
qctecmdr
83bbdc849e Merge "Sepolicy : Do not audit untrusted_app_27 to fix avc denials" 2019-07-23 05:35:59 -07:00
Aditya Nellutla
202f6a1a0f Sepolicy: White list adreno_app_profiles lib 
This change white lists new adreno_app_profiles library
to avoid sepolicy denials.

Change-Id: Ied35b574aff554a8d26e2cee4fa0530098a48080
 2019-07-23 17:40:35 +05:30
Aditya Nellutla
fcbbf0696e Sepolicy : Do not audit untrusted_app_27 to fix avc denials 
Add do not audit rule for unrusted_app_27 to fix AVC
denials for gpubusy and max_gpuclk props

Change-Id: Idc541a0effc6812c12c1ff5024dfd0b6d4171180
 2019-07-23 16:45:49 +05:30
qctecmdr
280fff6e47 Merge "Sepolicy : Do not audit mediaswcodec access to vendor_gles_data_file" 2019-07-23 02:48:00 -07:00
qctecmdr
78d4d2046a Merge "sepolicy permission required for Socket in port_bridge module." 2019-07-22 05:35:32 -07:00
Chinmay Agarwal
9c95b19d57 sepolicy permission required for Socket in port_bridge module. 
Given SE Policy permissions for port-bridge module to create a UNIX
socket and enable communication with clients in different modules.

Change-Id: I1d3a4fdc30847cd8ee7f7715d3249c1957a0776d
 2019-07-22 14:21:49 +05:30
Rahul Janga
026b564bc3 Sepolicy : Do not audit mediaswcodec access to vendor_gles_data_file 
Addressing the following denial:

type=1400 audit(0.0:10197): avc: denied { search } for name="gpu"
dev="dm-4" ino=405 scontext=u:r:mediaswcodec:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=dir permissive=0

Change-Id: I02c0e40e376dc9d856e1541ba85ede5db379d49a
 2019-07-19 13:50:09 +05:30
qctecmdr
c39df4864d Merge "sepolicy: Add write permission to proc file system" 2019-07-18 23:55:40 -07:00
Ankita Bajaj
bd1c72c440 sepolicy: Add write permission to proc file system 
Provide Wi-Fi HAL read and write access to proc file system.
Wi-Fi Hal needs access to proc file system in order to configure
kernel tcp parameters for achieving higher peak throughputs.

CRs-Fixed: 2491783
Change-Id: I36613f74aaa4adfc33e68442befcdb78af5edd5c
 2019-07-17 14:06:46 +05:30
Ramkumar Radhakrishnan
718f54d0f1 te: Add access permissions for feature_enabler_client 
Add read/write and get attribute permission for feature_enabler_client
to access files from /mnt/vendor/persist/feature_enabler_client folder

Change-Id: I9a690acd2a55358dfa5ba5a0411b1dad59e5e7f0
 2019-07-16 16:31:19 -07:00
Jilai Wang
8a996616fd sepolicy: Allow appdomain to access NPU device driver node 
This change is to allow appdomain to access NPU device driver
node.

Change-Id: I5c3270afd105c236a8226d94ac7aa028e4ce1047
 2019-07-12 11:23:42 -04:00
qctecmdr
790484ce21 Merge "sepolicy: Add policy rules for untrusted_app27" 2019-07-05 01:52:26 -07:00
qctecmdr
27f397e091 Merge "sepolicy: add sepolicy for new added prop" 2019-07-04 16:57:00 -07:00
qctecmdr
eefd2e03be Merge "sepolicy: Allow all processes to access non-secure DSP device node" 2019-07-03 21:50:38 -07:00
qctecmdr
2f8e6c76ac Merge "sepolicy: Update thermal-engine sepolicy rules for generic vendor file" 2019-07-03 21:45:04 -07:00
qctecmdr
04ad6d3f83 Merge "sepolicy: add permissions to qoslat device on kona" 2019-07-03 21:44:05 -07:00
shoudil
fe25195b29 sepolicy: add sepolicy for new added prop 
Add sepolicy for new property ro.vendor.qti.va_odm.support,
and allow the prop settable for vendor_init.

Change-Id: Ie8b5fa13630c3dc332473088676a59404765745e
CRs-Fixed: 2483344
 2019-07-03 17:28:37 +08:00