tequilaOS/platform_device_qcom_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
2903 commits 1 branch 0 tags 4.5 MiB
Commit graph

313 commits

Author SHA1 Message Date
Tharun Kumar Merugu
818b8a81de sepolicy: Allow all processes to access non-secure DSP device node 
Allow all processes to offload to CDSP using the non-secure device
node.

Change-Id: I17036280ab5ee35e802f6a5c0e5f95933a427f8f
 2019-07-03 04:21:20 +05:30
qctecmdr
f48e75edbe Merge "kona: Add rules for kernel 4.19 support for init domain" 2019-06-28 14:25:41 -07:00
qctecmdr
326d19f2fe Merge "sepolicy: Allow binder call action for location from system_server" 2019-06-28 02:06:59 -07:00
David Ng
e9adb2964f kona: Add rules for kernel 4.19 support for init domain 
This is a set of vendor changes necessary for interworking
with kernel verison 4.19 properly.

With kernel 4.19, additional filesystem getattr operations
are performed by init for the firmware mount points.

In addition on bootup after adb remount with Android's
Dynamic Partition feature, init needs access to underlying
block devices for overlayfs mounting.  At that stage of
init, while SELinux is initialized (thus the need to add
these rules), the underlying block device nodes in tmpfs
have not yet be labeled.

Change-Id: Iaf15fda401da7b4a34e281e010e16303966bb2c0
 2019-06-27 18:23:45 -07:00
qctecmdr
e31c7c321e Merge "Sepolicy : Enable smcinvoke_device for Widevine" 2019-06-26 14:10:19 -07:00
Smita Ghosh
9cb4501ac6 Sepolicy: Set genfs context for modem restart_level 
ssr_setup needs permission to write related to restart_level

Change-Id: Ie917cf6d942b7636385a135870651baf7aae62a3
 2019-06-26 09:30:24 -07:00
Harikrishnan Hariharan
1eedfff43e sepolicy: Allow binder call action for location from system_server 
Change-Id: Iff0baf6966b545fa9bdc5d03e0221ee05d144326
CRs-Fixed: 2479129
 2019-06-26 01:46:55 -07:00
Phalguni
0968dd3f1c Sepolicy : Enable smcinvoke_device for Widevine 
Change-Id: Ie3439958b0cb3f6b1b56870c3b3bad49e70e8b4d
 2019-06-25 17:03:06 -07:00
qctecmdr
1ec1fa4cd5 Merge "Add file contexts for new partitions on Kona" 2019-06-25 09:27:05 -07:00
Vinayak Soni
f80ff8d11c Add file contexts for new partitions on Kona 
Add file contexts for multiimgqti, featenabler
and core_nhlos partitions to enable A/B OTA update
on these partitions.

Change-Id: I532be0343de4068fd40b00b675d2765c5e5ab4f0
 2019-06-24 13:58:54 -07:00
Ravi Kumar Siddojigari
5dc863443d sepolicy : adding misc bootup denails 
Following are added
 1.ueventd and vold need search/read access to  /mnt/vendor/persist
 2. system_server need access  to /sys/class/rtc/rtc0 path.

Change-Id: I4d5f322019f1e75aab1be2168eb3805f4f3998c6
 2019-06-24 18:44:04 +05:30
Smita Ghosh
6230a463f5 KONA: Add support for update_engine 
Change-Id: I514d6ece3186bc27a07b38ba76f5154e092428f9
 2019-06-19 17:56:33 -07:00
qctecmdr
f668967b3c Merge "Sepolicy: Add power off alarm app rules" 2019-06-18 14:05:22 -07:00
qctecmdr
a11a323e14 Merge "sepolicy: Do not audit zygote service access to vendor_gles_data_file" 2019-06-18 10:56:07 -07:00
qctecmdr
3c29db5277 Merge "sepolicy: Give read/write permission to vender_gles_data_file" 2019-06-18 08:21:02 -07:00
Xiaoxia Dong
cf1e90774e Sepolicy: Add power off alarm app rules 
Grant access to hal_perf.

Change-Id: If93ccf6884e07c9d524acd8b8c17e3e8dd635543
 2019-06-18 13:59:24 +08:00
Xu Yang
40ce4bbb1d sepolicy: Allow platform app to access hal display color service 
Change-Id: I7d64d51e8d7ec9a9b6a0c129070265cb01c813d4
 2019-06-13 19:22:42 -07:00
Rahul Janga
872951efad sepolicy: Give read/write permission to vender_gles_data_file 
These rules are missed while porting the policies from Android P
to Android Q.

Adressing the following denial:

type=1400 audit(14866.629:43): avc: denied { search } for comm="HwBinder:753_1"
name="gpu" dev="sda9" ino=376 scontext=u:r:hal_graphics_allocator_default:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=dir permissive=0

Change-Id: I24434be8d895d5dab8e5c24643c8be48f20d8673
 2019-06-13 18:10:12 +05:30
Rajavenu Kyatham
23a0ea8f24 sepolicy: Add permissions for composer service 
- composer service is required for communication b/w
  SF and HWC. 

Change-Id: I52652d309363b3f0f7b963d615688ce3e11c6fef
CRs-Fixed: 2466343
 2019-06-12 12:20:03 +05:30
qctecmdr
78d4d64afd Merge "sepolicy:Moved NNHAL-1.2v rules to common folder" 2019-06-11 16:31:14 -07:00
qctecmdr
e410bc9a3a Merge "sepolicy: Fix denials in location app" 2019-06-11 13:33:17 -07:00
qctecmdr
de2313a4a8 Merge "Sepolicy: Add sepolicy permissions to NPU LLCC BWMON device" 2019-06-11 10:41:00 -07:00
Harikrishnan Hariharan
acd13b1cee sepolicy: Fix denials in location app 
- Add rule for write access to dpmtcm_socket sock file
- Add few domains to dont audit rule list for vendor_gles_data_file
dir search.

Change-Id: Iabc0250d2ac0bf28e4f4dd3d8c67b4bf20fbeb1e
CRs-Fixed: 2469209
 2019-06-11 22:40:07 +05:30
kranthi
6b7b1f3a39 sepolicy: Do not audit zygote service access to vendor_gles_data_file 
Do not audit zygote service access to vendor_gles_data_file.

Addressing the following denial:

type=1400 audit(0.0:123): avc: denied { search } for name="gpu" dev="dm-0"
ino=1654839 scontext=u:r:zygote:s0 tcontext=u:object_r:
vendor_gles_data_file:s0 tclass=dir permissive=0

CRs-Fixed: 2465123

Change-Id: I6cc6e3e6e393a7181bd9fea6992e6f86f987f0d5
 2019-06-11 07:29:51 -07:00
Rajavenu Kyatham
e3f33989ec sepolicy: Add permissions for composer service 
CRs-Fixed: 2466343
Change-Id: I5a66822c1c8b46093cd62eb08aa1ff48b1c658b7
 2019-06-10 04:12:38 -07:00
Nitin Shivpure
ebc9ef5c11 sepolicy: allow bluetooth hal to access persist/bluetooth data 
allow bluetooth hal to access(read, write, create) persist bluetooth
data.

Change-Id: Idee1f22f12c9852532325577efd534a731985d45
 2019-06-10 12:52:52 +05:30
vishawar
29f7028ff8 sepolicy:Moved NNHAL-1.2v rules to common folder 
-Removed target specific data rules
-Added rules to common folder

Change-Id: I935dc8025f98c9cf18db15e01276c9237f6e77eb
 2019-06-10 10:48:17 +05:30
qctecmdr
345bdfcd92 Merge "sepolicy: add sysfs paths for mhi timesync feature support" 2019-06-08 12:37:14 -07:00
Rama Aparna Mallavarapu
813d7dac28 Sepolicy: Add sepolicy permissions to NPU LLCC BWMON device 
Add permissions to npu llcc bw device so that post boot script
can modify them at boot.

Change-Id: I6be945877cdf379cba40e19e6a24a787c918cb9f
 2019-06-07 12:14:00 -07:00
Mohit Aggarwal
938a52c749 sepolicy: allow time-services to access perf hal 
Allow time-services to access perf hal

Change-Id: Iaca0b6e47b63aeccdf5e5faa3628a0cc53017be0
 2019-06-06 10:42:17 +05:30
Sujeev Dias
10553605a6 sepolicy: add sysfs paths for mhi timesync feature support 
Add sysfs path for mhi timesync feature files to be read from
userspace applications/services.

CRs-Fixed: 2426302
Change-Id: Ib28800e000774d8ce27dd9a78db9efd6ebdbdb00
 2019-06-04 17:47:19 -07:00
qctecmdr
fb960e3998 Merge "Sepolicy: Add vendor_adsprpc_prop to app.te" 2019-06-04 02:53:26 -07:00
qctecmdr
56ec950386 Merge "sepolicy: Add permissions for feature_enabler_client app" 2019-06-03 15:59:39 -07:00
Ramkumar Radhakrishnan
9adc02b0ab sepolicy: Add permissions for feature_enabler_client app 
Add permission for feature enabler client app to have read and write
access to qseecom node, ion node,and mink socket

Change-Id: I08d5c5a27846fc5c22d505a66544645cb0543223
 2019-06-03 14:35:27 -07:00
qctecmdr
97c0281668 Merge "genfs_contexts: Add label to graphics sysfs nodes for kona" 2019-06-03 13:25:05 -07:00
qctecmdr
15bee8edb0 Merge "Sepolicy : Enable qce_device" 2019-06-01 06:15:04 -07:00
Phalguni
0b9199016f Sepolicy : Enable qce_device 
Change-Id: Ibdb12124a8568759ba057ac6e7cce70c93a78889
 2019-05-31 11:11:12 -07:00
Abhimanyu Garg
2470da3fec genfs_contexts: Add label to graphics sysfs nodes for kona 
Add label to graphics sysfs nodes to avoid the denial for perf
features.

Change-Id: I553f629493cbab21affb2d91b9695bc9263ed405
 2019-05-31 10:24:32 -07:00
shann
674bed6d2f sepolicy: add sepolicy for usta_app to open system_data_file 
The error is encountered when usta_app (test app) is trying to open
system_data_file(/data/misc/gpu/adreno_config.txt). Providing only open
permission to the test app.

Addressing the issue:
avc: denied { open } for comm="RenderThread" path="/data/misc/gpu/adreno_config.txt"
dev="dm-0" ino=1180432 scontext=u:r:usta_app:s0 tcontext=u:object_r:system_data_file:s0
tclass=file permissive=1

JIRAs-Fixed: APTSEC-22
CRs-Fixed: 2460155

Change-Id: I73828c62fac6022197ff58f04494331a609a4175
 2019-05-31 02:40:34 -07:00
Harikrishnan Hariharan
4829c3a00a sepolicy: allow gnss hal to access health hal 
Add rule for gnss hal to listen battery status.

Change-Id: If9874ab9bbb92a42b74ec696f55725b98a913f9e
CRs-fixed: 2411905
 2019-05-29 23:28:21 -07:00
Ananth Raghavan Subramanian
ab0c44baeb sepolicy: Allow init to access mem_sleep 
Add labels for the mem_sleep node and allow the init shell to access it.

Change-Id: Id9ba40a2c0c52e9ab08b249291a5090b249ce64d
 2019-05-29 09:51:38 -07:00
qctecmdr
a8130be8b8 Merge "sepolicy : Add rule to set property for wlan driver/fw ver info" 2019-05-29 01:50:22 -07:00
qctecmdr
4fd76090d3 Merge "sepolicy: add SE policy rules for hta runtime libraries" 2019-05-28 10:21:15 -07:00
Vinay Gannevaram
839229b542 sepolicy : Add rule to set property for wlan driver/fw ver info 
wlan driver/fw version are set at property at enforcing mode.
Add rules to allow to set wlan driver/fw version info

CRs-Fixed: 2460816
Change-Id: Ic0bb570cd53fe450512496c5864f432ce3219bbe
 2019-05-28 20:44:09 +05:30
Ravi Kumar Siddojigari
4cb4eee99e sepolicy : clean-up of netd_socket usage. 
As public defination of netd_scoket is removed removing all the
references to this.

Change-Id: I752d1d546d5d6e76dc4e43fc3d4a90b0aca077c8
 2019-05-28 11:47:01 +05:30
Devi Sandeep Endluri V V
6a63afe092 sepolicy: add rules for imshelper_app 
Add rules to allow imshelper_app to search
radio_data_file

Change-Id: I1184833d2cde889292aa4cf205e748cecb23ae3c
 2019-05-27 00:37:30 -07:00
Tharaga Balachandran
3dd3609333 sepolicy: Add policies for mapper and allocator 
CRs-Fixed: 2451972
Change-Id: I3415b9672066bdbd6726fcd32b165980b0c7eeca
 2019-05-24 11:53:40 -07:00
Jilai Wang
530c3e89b0 sepolicy: add SE policy rules for hta runtime libraries 
Add hta runtime libraries to file_contexts for allowing applications from
data partition to link to them.

Change-Id: Ib6318f59fd1b0f7d462f587721d90bd3c1f909b0
 2019-05-23 16:17:45 -04:00
qctecmdr
07a510a630 Merge "sepolicy: Add SEPolicy for Power 1.2 HAL service" 2019-05-22 11:11:03 -07:00
qctecmdr
1746d28635 Merge "recovery: Add non-ab dynamic partitions policies" 2019-05-22 04:49:59 -07:00