tequilaOS/platform_device_qcom_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3663 commits 1 branch 0 tags 4.5 MiB
Commit graph

760 commits

Author SHA1 Message Date
Weijie Wang
4049c09d86 Allow radio_cdma_ecm_prop accessible to platform apps 
Change-Id: I3a94cd1f39715686fe7608e77df767e86fd844a9
 2021-09-06 22:47:22 -07:00
Qimeng Pan
ff33021ea5 Add sepolicy to suppress the denials for vendor_persist_camera_prop 
vendor_persist_camera_prop is not necessary for 3rd party apps, so
don't audit it for appdomain to suppress the denial logs.

vendor_persist_camera_prop is the context of below prop, which are
added to standard Android SDK APIs, so all app may touch it.
 - vendor.camera.aux.packagelist
 - persist.vendor.camera.privapp.list

Change-Id: I1198ed3c3441aec5a33f2b781d29100b9d4648af
CRs-Fixed: 3027102
 2021-09-06 21:06:33 -07:00
qctecmdr
d4135c5b49 Merge "sepolicy:qcc: read vendor_qcc_prop" 2021-09-06 16:10:12 -07:00
Kamal Agrawal
619ae9e2ac
sepolicy: Allow kernel to access tracefs instances 
Add policy to allow kernel to access tracefs instances.
Fix is for below error:
W kworker/u16:6: type=1400 audit(0.0:8): avc: denied { search } for
name="instances" dev="tracefs" ino=10847 scontext=u:r:kernel:s0
tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=0

Change-Id: I306353ffbc2675a45bee14d17672fc8829cd374e
 2021-09-06 15:00:14 +05:30
Harikrishnan Hariharan
7a7141041d Allow location service to read property radio_cdma_ecm_prop 
Change-Id: Ie840160eb04420212ef5e20aa53b18f30834e641
CRs-Fixed: 3029071
 2021-09-04 11:01:19 +05:30
ShawnShin
4c26e7e4cb sepolicy:qcc: read vendor_qcc_prop 
add authmgr and netstat for vendor reference to read access to vendor_qcc_prop

Change-Id: I602dfa1b7a6887148fef96b3d7aeb796324363b2
 2021-08-30 15:18:43 -07:00
Swarn Singh
d5fde440c2 Add sepolicy support for qtiwifiservice platform_app 
This commit defines required sepolicy rules for qtiwifiservice apk
requires to interact with IWificfr HAL and wpa_supplicant HAL.

Change-Id: Iaacd7378866b20c65de3ea27a3ae5e08fa39a215
CRs-Fixed: 3020979
 2021-08-24 17:12:03 +05:30
Manoj Basapathi
80576d66be sepolicy : add attributes to mwqem Adapter HAL 
-Update sepolicy attributes to mwqem adapter HAL

CRs-Fixed: 3015739
Change-Id: Ia98a8ee27be9b8c4eebb6a075f4aee36b24797c9
 2021-08-19 17:29:28 +05:30
Samyak Jain
98536d139b selinux for sxrservice and sxrsplitauxservice 
add sepolicy for sxrservice and sxrsplitauxservice

Change-Id: If31f4fe36ce684b9937fca5507ef974a4457e7ae
 2021-08-16 10:24:17 +05:30
qctecmdr
8867713ddb Merge "sepolicy: Add policy to access Limits HAL by SF" 2021-08-10 12:22:58 -07:00
qctecmdr
c50c4df458 Merge "sepolicy: Add qesdk app domain as trusted subject" 2021-08-10 11:54:12 -07:00
qctecmdr
4e73661bc3 Merge "sepolicy: Add sepolicy changes for wificfr server" 2021-08-10 11:23:43 -07:00
Bipin Kumar
e13550c6e3 sepolicy: Add policy to access Limits HAL by SF 
Change-Id: Ia742cbdca593799eb23809d0aaccc0839411f69e
 2021-08-10 06:25:43 -07:00
Swarn Singh
d8a2147502 sepolicy: Add sepolicy changes for wificfr server 
Change-Id: I0f75e617f5aaba7da19ba846ee37d37afa80120a
CRs-Fixed: 2889522
 2021-08-05 15:01:48 +05:30
Benergy Meenan Ravuri
724e328df2 sepolicy: Add qesdk app domain as trusted subject 
Add qesdk app domain as trusted subject

Change-Id: Ie5378ed4a156afe54186b697f13e87492f52d291
 2021-08-04 23:47:04 +05:30
Kakarla Uday Kanth Reddy
68b77ec347 Add sepolicy rules under vendor_qtelephony domain 
Add sepolicy rules under vendor_Qtelephony domain for uimlpaservice
which connects with SMDP server for profile download via socket
connection

Change-Id: I29a3663f10c52f9bc6df3823ba5817e38ace11d3
 2021-08-03 06:44:28 -07:00
ShawnShin
bef34ed7fb sepolicy: authmgr using hidl through native lib 
avc:  denied  { find  } for
interface=vendor.qti.hardware.qccvndhal::IQccvndhal sid=u:r:
platform_app:s0:c512,c768 pid=3859
scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:vendor_hal_qccvndhal_hwservice:s0
tclass=hwservice_manager permissive=0

Change-Id: Ib7339e83b0280b2528bc7cfdb01e86f31a576ee7
 2021-07-30 12:41:06 -07:00
Maryia Maskaliova
314839d51a Removed rule for mediaprovider_app perf-hal access 
Remove permissions for mediaprovider_app to interact
with perf-hal

Change-Id: Ibde9381553fd2d9d474eee6ca4c5aac32a89222a
 2021-07-27 12:19:54 -07:00
qctecmdr
cc391f9c83 Merge "Selinux enabled for xrcb_app." 2021-07-22 15:09:40 -07:00
qctecmdr
1b88c99e22 Merge "Allow radio_cdma_ecm_prop accessible to priv apps" 2021-07-22 13:08:58 -07:00
Ashwani Jha
4de60122b0 Selinux enabled for xrcb_app. 
This change enables xrcb application to facilitate
communication between QXR Client apk and QXR hal service.

Change-Id: I8fc2759d5d4710d735de86aca0bd31d1069611f6
 2021-07-22 13:08:51 -07:00
qctecmdr
154aac708d Merge "sepolicy:permission for untrusted_app to access" 2021-07-22 10:56:32 -07:00
Avinash Nalluri
4b013bf171 Allow radio_cdma_ecm_prop accessible to priv apps 
Change-Id: I108adb10a845294b11966b26af7f764417e4490f
CRs-Fixed: 2996994
 2021-07-21 16:11:45 -07:00
Maryia Maskaliova
bed4283d86 sepolicy: allow untrusted apps to access perf hal 
Added rules to allow a subset of untrusted apps to
access perf hal

Change-Id: Ida19d111c270797503785ca09a0b3f28c22a75c6
 2021-07-21 09:04:19 -07:00
Taiyab Haque
a14e33b18a sepolicy:permission for untrusted_app to access 
permission for untrusted_app with sdk version 30
to access qesdk.

Change-Id: I17886936dcdb44b4d824be04dc4e13ae7c9d502c
CRs-Fixed: 2985891
 2021-07-20 10:54:04 +05:30
qctecmdr
5cd71f300f Merge "Selinux: add vendor_perfetto_dump domain" 2021-07-15 02:58:26 -07:00
Pavan Kumar M
4ff9ed9d88 sepolicy: Adding rcs property 
Adding vendor_persist_rcs_prop for
rcs single registration service.

Change-Id: I6ee572ab15b1a2bcf37a15f6b40449b69fd284cc
 2021-07-14 14:34:04 +05:30
Zhiqing Xiong
7e58b8dfb3 Selinux: add vendor_perfetto_dump domain 
Define allow rules for perfetto dump

Change-Id: Icb094cb0f340ecf0ab20dcd1394c02b92b653be7
CRs-Fixed: 2963240
 2021-07-13 14:47:51 +08:00
Taiyab Haque
cc12a0d845 sepolicy: rules for vendor_qesdk_app 
rules for vendor_qesdk_app

Change-Id: I58fe8af7e7f0a7b1050fefb35aa478d3ce095c2d
CRs-Fixed: 2941819
 2021-07-06 12:38:38 +05:30
Shawn Shin
cd12cadf37 sepolicy:qcc-tr: add qccvndhal 
to remove poll in qccvndhal for netstat

Change-Id: I3fde82784ca305be81e4a8c672d820d45c503312
 2021-07-01 17:12:23 -07:00
qctecmdr
5431aebfcb Merge "Update uim_remote service/client under qtlephony domain" 2021-07-01 10:51:16 -07:00
qctecmdr
8c6ba1b100 Merge "Sepolicy: Added SEpolicy for hal_perf attribute" 2021-06-28 21:25:34 -07:00
Devaunsh Sambhav
1350bfb56c QcRilAudio Stable AIDL: SE policy change. 
Change-Id: I88af004e93b7fb1f96aea31234ff37dabf664f25
CRs-Fixed: 2975002
 2021-06-25 11:58:10 -07:00
Richa Agarwal
a2083deda0 Allow WLC access to build_bootimage property 
Created new domain for workloadclassifier service
and added sepolicy rule for it.

Change-Id: Ic07ba81d2172579e77db4a9dca2417e64c284a00
 2021-06-24 12:07:45 -07:00
qctecmdr
fbe4b37b7f Merge "sepolicy: Enable wfdservice as 32 & 64-bit executable" 2021-06-24 00:12:13 -07:00
Kakarla Uday Kanth Reddy
f79da563f4 Update uim_remote service/client under qtlephony domain 
Update uim_remote service/client under qtlephony domain

Change-Id: I973363431ad7ce3a0120d101c5992b18a71b94f7
 2021-06-23 23:37:35 -07:00
phaneendra Reddy
ee58e3684f Sepolicy: Added SEpolicy for hal_perf attribute 
Added fm_app rule to hal_perf attribute
as avc denial issue is seen with fm app.

CRs-Fixed: 2946175
Change-Id: Ife41800f194c4f754062e5301368f31ef1d87d8f
 2021-06-21 00:03:56 -07:00
Manoj Basapathi
dc41715794 sepolicy : add attributes to data HALs 
-Update sepolicy attributes to data factory,
cacert and iwlan service HALs.

CRs-Fixed: 2971946
Change-Id: Ifc13d8d5329e6f3de6c88d1f519039b467c72cb2
 2021-06-15 17:26:08 +05:30
Mahesh Raja Bhogineni
ed63f3aab9 sepolicy: Enable wfdservice as 32 & 64-bit executable 
Change-Id: I4509a4a619e555f5f78b7c2996baed8f4a899bd4
 2021-06-07 17:20:27 +05:30
Taiyab Haque
639c212528 QESDK: SELinux policy for QESDK 
SELinux rule for QESDK
CRs-Fixed: 2933136

Change-Id: I3754a9e201b780d7f3628e996578b90d10caa5b1
 2021-06-02 23:27:28 +05:30
appadura
6f7bb5ada1 qvirtmgr: Define selinux qcrosvm type & policies 
Change-Id: I26a0f48fa7e9da2ab67728a75651ab2a4e53310b
 2021-05-31 17:15:39 -07:00
Sanjeev Mittal
e1a5a4b3cb Initial changes for mstat app 
Change-Id: I0881a937374f5833e51b92f725a1547c9957fcbb
 2021-05-24 14:17:49 -07:00
Manoj Basapathi
26db04a735 sepolicy: Add tcmd socket connect rules to system_app. 
-Allow access to system_app by tcmd socket connect rules.

CRs-Fixed: 2943085
Change-Id: I62dc08dd3fe27476c4d06d7c099ff82558de8ad9
 2021-05-11 21:51:27 -07:00
Vidyakumar Athota
9c76b3e95f sepolicy: add hal_audio_client typeattribute in voiceui_app 
Add hal_audio_client attribute in voiceui_app instead
of hal_client_domain to fix compilation errors.

Change-Id: Ia475e9703245d60efa911f9d8bb36cca420b3466
 2021-05-08 09:39:25 +05:30
Aditya Bavanari
28ad0d9ac1 sepolicy: Create new domain for Voice UI App 
Create a new domain for Voice UI App to access ListenSoundModel
HIDL interface APIs.

Change-Id: Id4f06b96676beea245cce809b33002048554bf3f
 2021-05-05 07:58:11 -07:00
qctecmdr
405c3610a7 Merge "sepolicy: fix avc denial of system_data_file search" 2021-05-05 01:33:43 -07:00
Manoj Basapathi
c33554357d sepolicy: fix avc denial of system_data_file search 
add rule to fix avc denial of system_data_file search.

CRs-Fixed: 2938005
Change-Id: I42f30400bef6d924f1a49ea7ec529ab63f281194
 2021-05-05 12:59:32 +05:30
Sauvik Saha
946bbcd057 sepolicy: ims: Add hal_ims_factory attributes 
Add hal_ims_factory server and client attributes

Change-Id: I54b118c55f296f232330d6af35965f54787a539f
 2021-05-04 11:08:59 +05:30
Mulugeta Engdaw
e0032bd9cf QESD: add attributes for qesd hal 
Change-Id: I45c3f1ff8a51f6ab28cfeddbbdeb227fba97ebd2
 2021-04-26 14:53:08 -07:00
qctecmdr
880866b726 Merge "SE policy change for IQtiRadio Stable AIDL" 2021-04-21 12:24:03 -07:00
Avinash Nalluri
f96b6db49a SE policy change for IQtiRadio Stable AIDL 
Change-Id: I9ba0c6e64df3e58ea772797d6a3f819823b128aa
CRs-Fixed: 2925532
 2021-04-16 10:22:25 -07:00
Jaihind Yadav
56367052ad moving qti-test-script to private dir 
Change-Id: I28c46c706b137ee63bc4e87b9f47b62d63e9aa00
 2021-04-15 12:57:47 -07:00
Manoj Basapathi
292ea20060 sepolicy: enable tcmd 
add socket connect rules for tcmd.

we can enable and disable tcmd feature by setting
persist.vendor.tcmd.feature to 1 and 0.

Change-Id: Ia298e37884d2a3d4626550df1a64dff0e53d14f5
 2021-04-12 23:08:58 +05:30
Shawn Shin
aab05e87df sepolicy:qcc: allow IPerf 
avc:  denied  { find } for interface=vendor.qti.hardware.perf::IPerf
sid=u:r:vendor_qcc_netstat_app:s0:c202,c256,c512,c768 pid=3430
scontext=u:r:vendor_qcc_netstat_app:s0:c202,c256,c512,c768
tcontext=u:object_r:vendor_hal_perf_hwservice:s0 tclass=hwservice_manager permissive=0

avc: denied { search } for comm="omm.qti.qcclmtp" name="0" dev="dm-10" ino=504
scontext=u:r:vendor_qcc_lmtp_app:s0
tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir permissive=0

avc: denied { search } for comm="omm.qti.qcclmtp" name="0" dev="dm-10" ino=500
scontext=u:r:vendor_qcc_lmtp_app:s0
tcontext=u:object_r:user_profile_root_file:s0:c512,c768 tclass=dir permissive=0

Change-Id: I335aebb35025ae0f3533c4f93d34cfb3dd381783
 2021-04-05 13:22:19 -07:00
qctecmdr
99f75a3fe8 Merge "sepolicy: Add netflix custom property" 2021-04-04 23:24:17 -07:00
Eric Chang
b97a114d2f sepolicy: Allow tethering service 
Change-Id: I84942de1e2a5ad92e2dcc006a00322a1e96f649b
 2021-04-02 13:10:05 -07:00
qctecmdr
25e8cbe2a1 Merge "moving qti-testscript domain out of debug macro" 2021-04-02 07:26:08 -07:00
Shrikara B
844b45d114 sepolicy: Add netflix custom property 
Add netflix custom property in vendor_exported_system_prop.
This property is set during vendor_init and used by
Netflix app to whitelist the targets

Change-Id: I9be42258cbbb4a7452569457539e41f2007ae4ae
 2021-04-01 06:19:39 -07:00
Jaihind Yadav
5af336c1ea moving qti-testscript domain out of debug macro 
Change-Id: I2dc2f404ab17bb78d0319411259c9234cf43cb03
 2021-03-22 16:53:00 +05:30
Phani Deepak Parasuramuni
6d013d5ae0 sepolicy:qcc: Add sepolicy for NetworkStat collector app 
Change-Id: I7e5beac6db1f25784f7aac0d9ec56f14c2b44726
 2021-03-18 06:35:22 -07:00
qctecmdr
2e9a6f20c5 Merge "qcc: qccsyshal ver 1.1" 2021-03-17 13:31:21 -07:00
Sukanya Rajkhowa
5e99b7657f IMS Stable AIDL: SE policy change. 
Change-Id: Ida7c9b9ef4bd33e705935aa18e4ac9a720e71c47
CRs-Fixed: 2894810
 2021-03-16 23:28:36 -07:00
Shawn Shin
29f24d8bb4 qcc: qccsyshal ver 1.1 
to add version 1.1

Change-Id: I381465350dd670e9a61e85c627f1e05949a55262
 2021-03-16 10:35:41 -07:00
Shawn Shin
7597585280 sepolicy: fix avc denial of system_data_file 
fix avc denials of system_data_file and IPerf

avc: denied { search } for comm="alcomm.qti.qdma" name="0" dev="dm-10" ino=496
scontext=u:r:vendor_qcc_app:s0 tcontext=u:object_r:system_data_file:s0:c512,c768
 tclass=dir permissive=0
avc: denied { find } for interface=vendor.qti.hardware.perf::IPerf
sid=u:r:vendor_qcc_lmtp_app:s0 pid=6078 scontext=u:r:vendor_qcc_lmtp_app:s0
 tcontext=u:object_r:vendor_hal_perf_hwservice:s0 tclass=hwservice_manager
 permissive=0

Change-Id: I6a53c353d4429fa8b6d05b5cd411b5efa8c0cc8c
 2021-03-12 14:10:24 -08:00
qctecmdr
068e70349f Merge "Add LocAidlGnss service in hal_gnss_service domain" 2021-03-09 19:09:37 -08:00
Manoj Basapathi
1e4e9d7283 sepolicy : tcmd system sepolicy rules 
-DPM system module movement to vendor
-DPM native module which was in system module moved it to vendor
and redesigned DPM code to meet the backward compatibility.
-dpmservice HAL is introduced to communicate between system
dpmserviceapp and vendor.dpmd module.
-DPM tcmd module is introduced in system partition to handle tcm call
back events from vendor.dpmd
-"persist.vendor.dpm.vndr.feature" is used to control vendor.dpmd
feature
-update sepolicy rules for tcmd system daemon.

CRs-Fixed: 2887227
Change-Id: I149fcb6bdda4cce689a9371aebe6c851e2971dc7
 2021-03-09 03:15:47 -08:00
haohuang
bb50ca6deb Add LocAidlGnss service in hal_gnss_service domain 
Add LocAidlGnss in hal_gnss_service domain to allow
LocAidlGnss to add AIDL services in ServiceManager &
allow LocAidl clients to find & bind LocAidlGnss services.

Change-Id: I08810af32d6bf195005e2fdb44a4c59e4cf2157a
CRs-Fixed: 2871416
 2021-03-09 13:57:20 +08:00
qctecmdr
abc32f5d7e Merge "Telephony: Add below modules to vendor_qtelephony domain" 2021-03-08 10:33:46 -08:00
sumishar
9c23e94083 Permission to access binderfs for binder info 
Change-Id: If386da636f084c2c67ee6323300aae0c2ac75bc5
 2021-03-04 16:29:11 +05:30
Sandeep Gutta
492733a79e Telephony: Add below modules to vendor_qtelephony domain 
Add below modules to vendor_qtelephony domain to be able
to access radio HIDL interfaces

 -uimgbaservice
 -remotesimlockservice
 -DeviceStatisticsService

Change-Id: Ie8a7e87fa70f0a4757d8a5aebb5fa26c217b0554
CRs-Fixed: 2887273
 2021-03-01 13:46:21 +05:30
qctecmdr
7d5102b4a9 Merge "Revert "Add domain and selinux policy for sxrservice"" 2021-02-24 12:51:27 -08:00
Biswajit Paul
37178d6756 Revert "Add domain and selinux policy for sxrservice" 
This reverts commit c4f145a3bf.

Change-Id: Ic256a6f30ee1b7d470486ac6cd22938bc7591890
 2021-02-24 12:27:34 -08:00
qctecmdr
15d82e8cfc Merge "sepolicy: Add sepolicy for IDisplayConfig AIDL" 2021-02-17 13:25:40 -08:00
Aditya Raut
c4f145a3bf Add domain and selinux policy for sxrservice 
Change-Id: Id235ebd7f36f147d2ba485fd9f72326330db2dfe
 2021-02-17 00:19:51 -08:00
Rheygine Medel
aefe85c35d sepolicy: Add sepolicy for IDisplayConfig AIDL 
This change adds the sepolicy for IDisplayConfig AIDL that will
allow the service to run.

Change-Id: I3409a9dc846fce40f634c29f46015c80bbb27638
CRs-Fixed: 2872254
 2021-02-15 13:46:26 -08:00
jkalsi
14def69239 sepolicy qcc : Add system dir search permissions 
Change-Id: Ic953620036199ef441978f57a9411c4460c8bc0a
 2021-02-14 23:38:32 -08:00
Malathi Gottam
1758e1a7c4 sepolicy: add new vendor defined media system property 
New media property is added to be accessed for target based
codec xml selection.

Change-Id: If321b72a22bb9ec0fc76600b15789dbca6f7db30
 2021-02-03 20:06:16 +05:30
jkalsi
bbfafaa878 sepolicy : add vendor_hal_perf for qcc_lmtp_app 
system side changes

Change-Id: I7ed72217e2edd20aae06f07382eeb77c53ed8962
 2021-02-01 01:46:25 -08:00
Malathi Gottam
8f6a5349d7 sepolicy: make vendor parser property public 
Vendor parser property which is extended core prop is made public.

Change-Id: Id7703007a156f8e912bc531e6e1246386aab09cd
 2021-01-24 12:49:29 +05:30
qctecmdr
e855b1f916 Merge "sepolicy: Add properties for powermodule HAL" 2021-01-21 21:30:03 -08:00
Sridhar Kasukurthi
b4470283a6 sepolicy change for ExtTelephonyService 
Change-Id: I9ccf9dbd316d23540523a981c13afb78e3b85e73
CRs-Fixed: 2831956
 2021-01-21 03:52:56 -08:00
Vini Vennapusa
7a08f6e490 sepolicy: Add properties for powermodule HAL 
Added properties/attributes for powermodule HAL.

Change-Id: I75b7c4d5e4a5fb060ac222d403e258ce451bdc20
 2021-01-15 04:37:53 -08:00
Varun Arora
33ee3e9a67 IDemuraFileFinder sepolicy attributes 
Add attributes for Demura HAL

Change-Id: I58e0f5d273e0c9c51200850edd7ae668e0937567
 2021-01-14 15:27:31 -08:00
Jaihind Yadav
fdfc71f612 backporting the changes. 
some of the changes were merged in the comp while merging
backward comptibility changes  so we are backporting it.
we are also removing unwanted types/attr from system_ext_pub_versioned.cil.

Change-Id: I131d073510c31af4b90b81eb154ad5529e822a2a
 2021-01-04 03:42:55 -08:00
Malathi Gottam
9c45ef48d5 sepolicy: make vendor parser property public 
Vendor parser property which is extended core prop is made public.

Change-Id: I3d1d34c4a9174d7f7231483fe3dfae356bb71708
 2020-12-31 20:31:31 +05:30
Jaihind Yadav
7d42dff1e4 moving changes from qva to generic 
1- as system side vendor customization can go to product/system_ext
partition so i think there is no need to keep qva so moving the
changes from qva to generic.

2- adding prebuilts dir for system_ext and product.

Change-Id: I5164a313f7c784e0948ab933dfa6a9581a94b863
 2020-12-24 11:02:04 +05:30
Manaf Meethalavalappu Pallikunhi
47f5af3b4a sepolicy: Add vendor limits hal attributes 
Change-Id: I19a50ae280f57b844c044b2161e64abc9d1de655
 2020-11-24 07:19:29 -08:00
Jaihind Yadav
fdb5938c0c making system/product restricted prop. 
making system/product restricted prop all the extendeded core prop defined in public.

Change-Id: Ic7374ee3ed141ce98f16a8b7fc29d8fedcd49149
 2020-11-24 16:38:32 +05:30
Siddeswar Aluganti
f3dcc6a9f1 Fix backward compatibility issue. 
Change-Id: Ie889dc1ad25da6e0a1ff812ee3dd793bd2363c93
 2020-11-12 13:04:56 -08:00
Wileen Chiu
2824781c25 Add QtiTelephonyService to vendor_qtelephony domain 
- QtiTelephonyService is moved from sharing phone
  process uid and needs to be moved into vendor_qtelephony

Change-Id: Ib7b341707daca8deadd2e5e634d4080732f3834f
CRs-Fixed: 2809413
 2020-10-30 11:29:42 -07:00
Biswajit Paul
9926eac1fd Add compatibility with previous Android versions. 
This change adds compatibility cil files for the previous android
version.

Change-Id: I4e40586df87de256d991d10c937c53f92cc55b44
 2020-10-28 18:16:59 -07:00
Jun Wang
a447e205ce sepolicy: Add more property rules for scroll optimization feature 
Allow apps to read the properties of scroll optimization feature.

Change-Id: Icd0526c1a905ff935e6d1828fd8a38644525380f
 2020-09-16 02:19:51 -07:00
kranthi
38ae21ce3a Adding new gfx developer tools service 
Adding new gfx developer tools service (qdtservice).

CRs-Fixed: 2772466
Change-Id: Ie534a866705c2870cf7be3afdfb39f022f85ed56
 2020-09-08 22:51:00 +05:30
Rajavenu Kyatham
532ce495a9 sepolicy: add sepolicy for new added display prop. 
- allow the prop settable and gettable.

Change-Id: If4e29c1a361197aedf30e0dfae47b19d2c81a5d6
CRs-Fixed: 2732534
 2020-08-06 03:02:15 -07:00
Sauvik Saha
58381329b1 ims: Adding diag permissions to telephony 
* Adding diag permissions for telephony

Change-Id: I8e6cb41f06f060eeb38890c5f943cb3a29e93744
 2020-07-22 11:40:19 +05:30
Jaihind Yadav
7a12159cc2 moving attributes from vendor to system_ext. 
Change-Id: Ife18fca781159959f3b6725660884a4df0c0ed6e
 2020-07-03 08:37:58 -07:00
David Ng
b4b1deebb4 Map /storage/emulated as media_rw_data_file 
Files inside /storage/emulated are labeled as media_rw
at runtime - but the policy is sdcard_file - match them.

Change-Id: Ie9d8890f0bf3bbcc84854f988aad8465d9c7cabc
 2020-06-26 15:07:49 -07:00
Rohit Soneta
2fd3cffbd8 sepolicy: Fix system helper HAL issue 
Change-Id: I8c518f6320f8674463ce5d7989f5f8be37c57978
 2020-06-24 15:35:22 +05:30
qctecmdr
b32ca80c52 Merge "sepolicy change for vendor_qtelephony domain" 2020-06-19 05:23:32 -07:00
Sridhar Kasukurthi
b1c710adb4 sepolicy change for vendor_qtelephony domain 
-All the apps sharing vendor_qtelephony domain are
 moved to system_ext partition. Move all the policies
 as well to system component inorder to set right
 dependencies to ota.

Change-Id: I3601930c9a8f644c609591b72a46d29514e0d134
CRs-Fixed: 2709200
 2020-06-19 11:58:21 +05:30
Jun Wang
9eaed3d140 sepolicy: add property rule for scroll optimization feature 
Allow apps to read the property to determine whether the scroll
optimization feature is enabled or not.

Change-Id: I7ffee73bd4de0283cdd67902f90d49122eb2fcaa
 2020-06-15 23:19:31 -07:00
Jaihind Yadav
1f7641cb96 modifying boarconfig.mk to pick system side sepolicy. 
removing vendor sepolicy from sepolicy this project as
it is moved to sepolicy_vndr project.

Change-Id: I03f185b2ababf068ff337a7873acec2fe1a8f069
 2020-05-23 22:38:57 -07:00
qctecmdr
26862522a4 Merge "sepolicy: Allow qti-testscripts to be killed by lmkd" 2020-05-23 19:47:59 -07:00
Linux Build Service Account
5bfd49e2ab Merge "sepolicy: adding dontaudit for vendor modprobe." into sepolicy.lnx.6.0 2020-05-13 00:21:14 -07:00
Linux Build Service Account
47d0180911 Merge "sepolicy: adding dontaudit for init_shell" into sepolicy.lnx.6.0 2020-05-13 00:21:12 -07:00
qctecmdr
4f7de76b6d Merge "sepolicy: allow sensors hal to read adsrpc properties" 2020-05-12 12:37:27 -07:00
qctecmdr
1ac3fa3433 Merge "sepolicy: adding getattr perm for init." 2020-05-12 09:41:36 -07:00
qctecmdr
4280ba1faf Merge "sepolicy: [AISW-7895] Allow gralloc for hardware buffer" 2020-05-11 22:25:47 -07:00
qctecmdr
c8a61ca0f7 Merge "sepolicy: Changes to allow kill capability" 2020-05-10 03:27:41 -07:00
Jun-Hyung Kwon
b41ca6dfa7 sepolicy: allow sensors hal to read adsrpc properties 
Change-Id: I6956b7d61339be4665a8d2af47b3c0ba2c88793e
 2020-05-07 16:12:45 -07:00
Shishir Singh
7029593aa7 sepolicy: Changes to allow kill capability 
-- Fix for netmgrd kill permission denial.

Change-Id: I4360fe357f9ff22ce2a690fcf613a0dba2bf26ec
 2020-05-06 02:42:59 -07:00
Santosh Mardi
2a9b25cad4 sepolicy: add support for separate dcvs script 
From android R version perf events need sepolicy permission,
move memlat related commands to separate new script as they
result in accessing perf events in kernel.

And add support in sepolicy for new script to give permission
for perf events.

Change-Id: I726bdecebec1a87656d2ef1c63198b1c5d0099f2
 2020-05-06 13:20:24 +05:30
Patrick Daly
06518abbdc sepolicy: Allow qti-testscripts to be killed by lmkd 
lmkd kills tasks with oom_score_adj >= 0 when the system is under memory
pressure. Enhancements have been added to lmkd to support this behavior
for processes started from shell as well.

Change-Id: Ia28c3373d8b755f911337bb849262e5b654d5041
 2020-05-04 05:08:34 -07:00
qctecmdr
95f1cbe94b Merge "sepolicy: Add sepolicy rules for wireless and cp_slave" 2020-05-03 06:43:36 -07:00
qctecmdr
e9ebdf8b94 Merge "sepolicy: add nlmsg_readpriv capability to ipacm" 2020-05-03 03:54:30 -07:00
Kavya Nunna
359f034ee6 sepolicy: Add sepolicy rules for wireless and cp_slave 
Add sepolicy rules for wireless and cp_slave to give access to
applications like healthd, fastbootd.

Change-Id: I697d99b7e43123aca8d05606d943f2620e9f719b
Signed-off-by: Kavya Nunna <knunna@codeaurora.org>
 2020-04-30 21:08:58 -07:00
Linux Build Service Account
d457bf92af Merge "sepolicy: removed regexp for ssr nodes from common file" into sepolicy.lnx.6.0 2020-04-30 01:40:51 -07:00
Chaitanya Pratapa
030abbf49b sepolicy: add nlmsg_readpriv capability to ipacm 
IPACM needs to get RTM_NEWLINK events to process
link up/link down events for peripherals that need IPA
offload.

Change-Id: I56cb7971d221e56169b5541aaad8b4edb2ad4348
 2020-04-29 16:13:41 -07:00
qctecmdr
b02281170b Merge "Define km41 sepolicy rules" 2020-04-29 04:57:44 -07:00
qctecmdr
8f2453a8c5 Merge "sepolicy:Allow PeripheralManager to seach for vendor_debugfs_ipc dir" 2020-04-28 21:50:50 -07:00
Barani Muthukumaran
1a439c7e88 Define km41 sepolicy rules 
Change-Id: Ia8938bc1cfb58eb88573d944cfd81867d26845f4
 2020-04-28 21:26:41 -07:00
qctecmdr
5e20c878ba Merge "sepolicy: Correct the wild-card expression of ufs-bsg devices" 2020-04-28 01:18:24 -07:00
qctecmdr
3fc4961539 Merge "sepolicy: Remove labels for usbpd and power_supply properties" 2020-04-28 01:18:24 -07:00
Prasanta Kumar Sahu
7e111f1a5c sepolicy:Allow PeripheralManager to seach for vendor_debugfs_ipc dir 
Fix for : avc: denied { search } for comm="Binder:935_2" name=
"ipc_logging" dev="debugfs" ino=1051 scontext=u:r:vendor_per_mgr:s0
 tcontext=u:object_r:vendor_debugfs_ipc:s0 tclass=dir permissive=0

Change-Id: Ia3defd1129a03596c3f893b6c89414a1aad1091c
 2020-04-28 00:32:40 -07:00
Jaihind Yadav
1d5ae3ed52 sepolicy: adding dontaudit for vendor modprobe. 
Change-Id: I01d08c1b7cc3bbc4115dac0a4d13559a8a47c9ac
 2020-04-28 12:11:50 +05:30
Jaihind Yadav
f81e872b01 sepolicy: adding dontaudit for init_shell 
Change-Id: Ia91078502b448221ad803674a003378e1f7a846c
 2020-04-28 12:09:04 +05:30
Jaihind Yadav
a5d7317049 sepolicy: adding getattr perm for init. 
Change-Id: I4b7295066031aa838139dda203fec019a11386dd
 2020-04-27 21:03:43 +05:30
kranthi
a715cbecb7 Allowing system process to read gpu model 
Addressing the following denials :
type=1400 audit(0.0:95): avc: denied { read }for name="gpu_model"
dev="sysfs" ino=80653 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0
type=1400 audit(0.0:59): avc: denied { read }for name="gpu_model"
dev="sysfs" ino=80653 scontext=u:r:hal_graphics_allocator_default:s0
tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 tclass=file permissive=0
type=1400 audit(906.783:162): avc: denied { read }for comm="surfaceflinger"
name="gpu_model" dev="sysfs" ino=61205 scontext=u:r:surfaceflinger:s0
tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 tclass=file permissive=0
type=1400 audit(0.0:345): avc: denied { read } for name="gpu_model"
dev="sysfs" ino=80685 scontext=u:r:mediacodec:s0
tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0
type=1400 audit(0.0:185): avc: denied { read } for name="gpu_model"
dev="sysfs" ino=80685 scontext=u:r:untrusted_app_27:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0
type=1400 audit(0.0:185): avc: denied { read } for name="gpu_model"
dev="sysfs" ino=80685 scontext=u:r:untrusted_app_29:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0

Change-Id: Icd52def059afed9114f0a5a868babc849086dd6f
 2020-04-27 17:40:45 +05:30
Ravi Kumar Siddojigari
47d7262aef sepolicy: removed regexp for ssr nodes from common file 
regexp for ssr node (used for subsys ) are been moved to
target specfic file and is no longer needed .

Change-Id: I4df4ac51d3df81de5311a071374d489516814603
 2020-04-26 21:57:18 -07:00
Can Guo
902a47d8dc sepolicy: Correct the wild-card expression of ufs-bsg devices 
This change corrects the wild-card expression of /dev/ufs-bsg devices.

Change-Id: I5c978a5116ddc5726de2b7cbdbeae2af2dee88c2
 2020-04-26 21:46:27 -07:00
Camus Wong
b130a28d3b sepolicy: [AISW-7895] Allow gralloc for hardware buffer 
Add SE policy to allow neural network vendor driver to
allocate hardware buffer via Gralloc

Change-Id: Icf4a230df70d1adab987a929134572247b640ddf
 2020-04-25 19:46:21 -04:00
Sahil Chandna
4cab791acf sepolicy: Remove labels for usbpd and power_supply properties 
Remove the regular expression labels for usbpd and power_supply properties.
This helps in overall reduction in boot time.

Change-Id: Ica22cab57f1d0bb93315b74c6dee52a06f2c2855
 2020-04-25 21:19:30 +05:30
qctecmdr
ef73255fb9 Merge "sepolicy: Add rules for vendor_dataservice_app" 2020-04-24 08:57:51 -07:00
Varun Arora
b2ecc38c2d Update hw recovery rules 
Change-Id: Iedcacf65444ee5a4f2a3351645b240249fd4b0d9
 2020-04-23 12:59:31 -07:00
Ayishwarya Narasimhan
7689d8b793 sepolicy: Add rules for vendor_dataservice_app 
Change-Id: I614556e7f081894d8352278f11d1140916d7d5ad
 2020-04-23 11:14:44 -07:00
qctecmdr
e94fb5a533 Merge "sepolicy: Add DPM socket connect rules to gmscore_app." 2020-04-23 03:20:30 -07:00
Manoj Basapathi
efc42dfbcc sepolicy: Add DPM socket connect rules to gmscore_app. 
-Allow access to gmscore_app by DPM socket connect rules.

Change-Id: I6850d1aa69f88d4a312a5fbd2e4152775d3ffa1d
 2020-04-22 19:01:03 +05:30
qctecmdr
9419b1e8cf Merge "mdm-helper: Add rule for probing ramdump access path" 2020-04-22 04:38:29 -07:00
qctecmdr
374e0a3352 Merge "sepolicy: add permissions to shsusrd to use qipcrtr" 2020-04-21 10:20:30 -07:00
qctecmdr
3cbeaf220f Merge "sepolicy: create domain and file context for shsusrd" 2020-04-21 06:09:53 -07:00
qctecmdr
b35317dabc Merge "sepolicy: allow netmgrd to access ipc logging" 2020-04-21 01:14:30 -07:00
Subash Abhinov Kasiviswanathan
23e91506ec sepolicy: add permissions to shsusrd to use qipcrtr 
Add shsusrd permission to use qipcrtr socket for qmi messaging.

Change-Id: If41fcc8cc94e211fdef8b30935a633c35546818b
 2020-04-19 23:43:40 -06:00
Subash Abhinov Kasiviswanathan
6002f11d6d sepolicy: create domain and file context for shsusrd 
Create a new domain for shsusrd and file contexts for the log file.
Also permissions to access shared memory in /proc/shs and to
auto start with init.

Change-Id: I236003b72162e32b0f587b067176127388ab4748
 2020-04-19 23:43:00 -06:00
qctecmdr
1076527176 Merge "sepolicy:dontaudit gmscore_app" 2020-04-18 04:49:12 -07:00
qctecmdr
8d092761a8 Merge "sepolicy: Add rules for SystemHelper HAL" 2020-04-18 04:49:12 -07:00
Subash Abhinov Kasiviswanathan
8ea9ea39ef sepolicy: allow netmgrd to access ipc logging 
Allows search of ipc logging directory so kernel can open
ipc logging files indirectly triggered from  netmgrd.

Change-Id: I263a4b251badd9e796a8cfc73b9de17915e7ddc6
 2020-04-17 15:14:34 -07:00
Mohamed Moussa
e6404386d8 sepolicy:dontaudit gmscore_app 
This will silence AVC denials without allowing a permission by using dontaudit rules.

Change-Id: I222c696846a6a21452bd2ef7d3d283f9c6a85f51
 2020-04-15 12:27:18 -07:00
Linux Build Service Account
c067d4eacf Merge "sepolicy: Rename vendor soc_id and soc_name properties" into sepolicy.lnx.6.0 2020-04-15 06:03:10 -07:00
Roopesh Nataraja
b8db03db5c sepolicy: Rename vendor soc_id and soc_name properties 
Change-Id: I0f7ae97ba9480c46b7a00598312089b9b7c39f05
 2020-04-13 11:10:10 -07:00
Nirmal Kumar
48f931a28f hal_bootctl : Update sepolicy for hal_bootctl 
-allow hal_bootctl_server to perform rawio
            -In 'user' builds rawio is not allowed for hal_bootctl_server domain.

Change-Id: I78bedd7aba25a58aba68748b80a1ebf810990860
 2020-04-13 11:05:17 -07:00