tequilaOS/platform_device_qcom_sepolicy

Author	SHA1	Message	Date
Jun Wang	a447e205ce	sepolicy: Add more property rules for scroll optimization feature Allow apps to read the properties of scroll optimization feature. Change-Id: Icd0526c1a905ff935e6d1828fd8a38644525380f	2020-09-16 02:19:51 -07:00
kranthi	38ae21ce3a	Adding new gfx developer tools service Adding new gfx developer tools service (qdtservice). CRs-Fixed: 2772466 Change-Id: Ie534a866705c2870cf7be3afdfb39f022f85ed56	2020-09-08 22:51:00 +05:30
Rajavenu Kyatham	532ce495a9	sepolicy: add sepolicy for new added display prop. - allow the prop settable and gettable. Change-Id: If4e29c1a361197aedf30e0dfae47b19d2c81a5d6 CRs-Fixed: 2732534	2020-08-06 03:02:15 -07:00
Sauvik Saha	58381329b1	ims: Adding diag permissions to telephony * Adding diag permissions for telephony Change-Id: I8e6cb41f06f060eeb38890c5f943cb3a29e93744	2020-07-22 11:40:19 +05:30
Jaihind Yadav	7a12159cc2	moving attributes from vendor to system_ext. Change-Id: Ife18fca781159959f3b6725660884a4df0c0ed6e	2020-07-03 08:37:58 -07:00
David Ng	b4b1deebb4	Map /storage/emulated as media_rw_data_file Files inside /storage/emulated are labeled as media_rw at runtime - but the policy is sdcard_file - match them. Change-Id: Ie9d8890f0bf3bbcc84854f988aad8465d9c7cabc	2020-06-26 15:07:49 -07:00
Rohit Soneta	2fd3cffbd8	sepolicy: Fix system helper HAL issue Change-Id: I8c518f6320f8674463ce5d7989f5f8be37c57978	2020-06-24 15:35:22 +05:30
qctecmdr	b32ca80c52	Merge "sepolicy change for vendor_qtelephony domain"	2020-06-19 05:23:32 -07:00
Sridhar Kasukurthi	b1c710adb4	sepolicy change for vendor_qtelephony domain -All the apps sharing vendor_qtelephony domain are moved to system_ext partition. Move all the policies as well to system component inorder to set right dependencies to ota. Change-Id: I3601930c9a8f644c609591b72a46d29514e0d134 CRs-Fixed: 2709200	2020-06-19 11:58:21 +05:30
Jun Wang	9eaed3d140	sepolicy: add property rule for scroll optimization feature Allow apps to read the property to determine whether the scroll optimization feature is enabled or not. Change-Id: I7ffee73bd4de0283cdd67902f90d49122eb2fcaa	2020-06-15 23:19:31 -07:00
Jaihind Yadav	1f7641cb96	modifying boarconfig.mk to pick system side sepolicy. removing vendor sepolicy from sepolicy this project as it is moved to sepolicy_vndr project. Change-Id: I03f185b2ababf068ff337a7873acec2fe1a8f069	2020-05-23 22:38:57 -07:00
qctecmdr	26862522a4	Merge "sepolicy: Allow qti-testscripts to be killed by lmkd"	2020-05-23 19:47:59 -07:00
Linux Build Service Account	5bfd49e2ab	Merge "sepolicy: adding dontaudit for vendor modprobe." into sepolicy.lnx.6.0	2020-05-13 00:21:14 -07:00
Linux Build Service Account	47d0180911	Merge "sepolicy: adding dontaudit for init_shell" into sepolicy.lnx.6.0	2020-05-13 00:21:12 -07:00
qctecmdr	4f7de76b6d	Merge "sepolicy: allow sensors hal to read adsrpc properties"	2020-05-12 12:37:27 -07:00
qctecmdr	1ac3fa3433	Merge "sepolicy: adding getattr perm for init."	2020-05-12 09:41:36 -07:00
qctecmdr	4280ba1faf	Merge "sepolicy: [AISW-7895] Allow gralloc for hardware buffer"	2020-05-11 22:25:47 -07:00
qctecmdr	c8a61ca0f7	Merge "sepolicy: Changes to allow kill capability"	2020-05-10 03:27:41 -07:00
Jun-Hyung Kwon	b41ca6dfa7	sepolicy: allow sensors hal to read adsrpc properties Change-Id: I6956b7d61339be4665a8d2af47b3c0ba2c88793e	2020-05-07 16:12:45 -07:00
Shishir Singh	7029593aa7	sepolicy: Changes to allow kill capability -- Fix for netmgrd kill permission denial. Change-Id: I4360fe357f9ff22ce2a690fcf613a0dba2bf26ec	2020-05-06 02:42:59 -07:00
Santosh Mardi	2a9b25cad4	sepolicy: add support for separate dcvs script From android R version perf events need sepolicy permission, move memlat related commands to separate new script as they result in accessing perf events in kernel. And add support in sepolicy for new script to give permission for perf events. Change-Id: I726bdecebec1a87656d2ef1c63198b1c5d0099f2	2020-05-06 13:20:24 +05:30
Patrick Daly	06518abbdc	sepolicy: Allow qti-testscripts to be killed by lmkd lmkd kills tasks with oom_score_adj >= 0 when the system is under memory pressure. Enhancements have been added to lmkd to support this behavior for processes started from shell as well. Change-Id: Ia28c3373d8b755f911337bb849262e5b654d5041	2020-05-04 05:08:34 -07:00
qctecmdr	95f1cbe94b	Merge "sepolicy: Add sepolicy rules for wireless and cp_slave"	2020-05-03 06:43:36 -07:00
qctecmdr	e9ebdf8b94	Merge "sepolicy: add nlmsg_readpriv capability to ipacm"	2020-05-03 03:54:30 -07:00
Kavya Nunna	359f034ee6	sepolicy: Add sepolicy rules for wireless and cp_slave Add sepolicy rules for wireless and cp_slave to give access to applications like healthd, fastbootd. Change-Id: I697d99b7e43123aca8d05606d943f2620e9f719b Signed-off-by: Kavya Nunna <knunna@codeaurora.org>	2020-04-30 21:08:58 -07:00
Linux Build Service Account	d457bf92af	Merge "sepolicy: removed regexp for ssr nodes from common file" into sepolicy.lnx.6.0	2020-04-30 01:40:51 -07:00
Chaitanya Pratapa	030abbf49b	sepolicy: add nlmsg_readpriv capability to ipacm IPACM needs to get RTM_NEWLINK events to process link up/link down events for peripherals that need IPA offload. Change-Id: I56cb7971d221e56169b5541aaad8b4edb2ad4348	2020-04-29 16:13:41 -07:00
qctecmdr	b02281170b	Merge "Define km41 sepolicy rules"	2020-04-29 04:57:44 -07:00
qctecmdr	8f2453a8c5	Merge "sepolicy:Allow PeripheralManager to seach for vendor_debugfs_ipc dir"	2020-04-28 21:50:50 -07:00
Barani Muthukumaran	1a439c7e88	Define km41 sepolicy rules Change-Id: Ia8938bc1cfb58eb88573d944cfd81867d26845f4	2020-04-28 21:26:41 -07:00
qctecmdr	5e20c878ba	Merge "sepolicy: Correct the wild-card expression of ufs-bsg devices"	2020-04-28 01:18:24 -07:00
qctecmdr	3fc4961539	Merge "sepolicy: Remove labels for usbpd and power_supply properties"	2020-04-28 01:18:24 -07:00
Prasanta Kumar Sahu	7e111f1a5c	sepolicy:Allow PeripheralManager to seach for vendor_debugfs_ipc dir Fix for : avc: denied { search } for comm="Binder:935_2" name= "ipc_logging" dev="debugfs" ino=1051 scontext=u:r:vendor_per_mgr:s0 tcontext=u:object_r:vendor_debugfs_ipc:s0 tclass=dir permissive=0 Change-Id: Ia3defd1129a03596c3f893b6c89414a1aad1091c	2020-04-28 00:32:40 -07:00
Jaihind Yadav	1d5ae3ed52	sepolicy: adding dontaudit for vendor modprobe. Change-Id: I01d08c1b7cc3bbc4115dac0a4d13559a8a47c9ac	2020-04-28 12:11:50 +05:30
Jaihind Yadav	f81e872b01	sepolicy: adding dontaudit for init_shell Change-Id: Ia91078502b448221ad803674a003378e1f7a846c	2020-04-28 12:09:04 +05:30
Jaihind Yadav	a5d7317049	sepolicy: adding getattr perm for init. Change-Id: I4b7295066031aa838139dda203fec019a11386dd	2020-04-27 21:03:43 +05:30
kranthi	a715cbecb7	Allowing system process to read gpu model Addressing the following denials : type=1400 audit(0.0:95): avc: denied { read }for name="gpu_model" dev="sysfs" ino=80653 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 type=1400 audit(0.0:59): avc: denied { read }for name="gpu_model" dev="sysfs" ino=80653 scontext=u:r:hal_graphics_allocator_default:s0 tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 tclass=file permissive=0 type=1400 audit(906.783:162): avc: denied { read }for comm="surfaceflinger" name="gpu_model" dev="sysfs" ino=61205 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 tclass=file permissive=0 type=1400 audit(0.0:345): avc: denied { read } for name="gpu_model" dev="sysfs" ino=80685 scontext=u:r:mediacodec:s0 tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 type=1400 audit(0.0:185): avc: denied { read } for name="gpu_model" dev="sysfs" ino=80685 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 type=1400 audit(0.0:185): avc: denied { read } for name="gpu_model" dev="sysfs" ino=80685 scontext=u:r:untrusted_app_29:s0:c512,c768 tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 Change-Id: Icd52def059afed9114f0a5a868babc849086dd6f	2020-04-27 17:40:45 +05:30
Ravi Kumar Siddojigari	47d7262aef	sepolicy: removed regexp for ssr nodes from common file regexp for ssr node (used for subsys ) are been moved to target specfic file and is no longer needed . Change-Id: I4df4ac51d3df81de5311a071374d489516814603	2020-04-26 21:57:18 -07:00
Can Guo	902a47d8dc	sepolicy: Correct the wild-card expression of ufs-bsg devices This change corrects the wild-card expression of /dev/ufs-bsg devices. Change-Id: I5c978a5116ddc5726de2b7cbdbeae2af2dee88c2	2020-04-26 21:46:27 -07:00
Camus Wong	b130a28d3b	sepolicy: [AISW-7895] Allow gralloc for hardware buffer Add SE policy to allow neural network vendor driver to allocate hardware buffer via Gralloc Change-Id: Icf4a230df70d1adab987a929134572247b640ddf	2020-04-25 19:46:21 -04:00
Sahil Chandna	4cab791acf	sepolicy: Remove labels for usbpd and power_supply properties Remove the regular expression labels for usbpd and power_supply properties. This helps in overall reduction in boot time. Change-Id: Ica22cab57f1d0bb93315b74c6dee52a06f2c2855	2020-04-25 21:19:30 +05:30
qctecmdr	ef73255fb9	Merge "sepolicy: Add rules for vendor_dataservice_app"	2020-04-24 08:57:51 -07:00
Varun Arora	b2ecc38c2d	Update hw recovery rules Change-Id: Iedcacf65444ee5a4f2a3351645b240249fd4b0d9	2020-04-23 12:59:31 -07:00
Ayishwarya Narasimhan	7689d8b793	sepolicy: Add rules for vendor_dataservice_app Change-Id: I614556e7f081894d8352278f11d1140916d7d5ad	2020-04-23 11:14:44 -07:00
qctecmdr	e94fb5a533	Merge "sepolicy: Add DPM socket connect rules to gmscore_app."	2020-04-23 03:20:30 -07:00
Manoj Basapathi	efc42dfbcc	sepolicy: Add DPM socket connect rules to gmscore_app. -Allow access to gmscore_app by DPM socket connect rules. Change-Id: I6850d1aa69f88d4a312a5fbd2e4152775d3ffa1d	2020-04-22 19:01:03 +05:30
qctecmdr	9419b1e8cf	Merge "mdm-helper: Add rule for probing ramdump access path"	2020-04-22 04:38:29 -07:00
qctecmdr	374e0a3352	Merge "sepolicy: add permissions to shsusrd to use qipcrtr"	2020-04-21 10:20:30 -07:00
qctecmdr	3cbeaf220f	Merge "sepolicy: create domain and file context for shsusrd"	2020-04-21 06:09:53 -07:00
qctecmdr	b35317dabc	Merge "sepolicy: allow netmgrd to access ipc logging"	2020-04-21 01:14:30 -07:00

1 2 3 4 5 ...

569 commits