tequilaOS/platform_device_qcom_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3437 commits 1 branch 0 tags 4.5 MiB
Commit graph

569 commits

Author SHA1 Message Date
Subash Abhinov Kasiviswanathan
23e91506ec sepolicy: add permissions to shsusrd to use qipcrtr 
Add shsusrd permission to use qipcrtr socket for qmi messaging.

Change-Id: If41fcc8cc94e211fdef8b30935a633c35546818b
 2020-04-19 23:43:40 -06:00
Subash Abhinov Kasiviswanathan
6002f11d6d sepolicy: create domain and file context for shsusrd 
Create a new domain for shsusrd and file contexts for the log file.
Also permissions to access shared memory in /proc/shs and to
auto start with init.

Change-Id: I236003b72162e32b0f587b067176127388ab4748
 2020-04-19 23:43:00 -06:00
qctecmdr
1076527176 Merge "sepolicy:dontaudit gmscore_app" 2020-04-18 04:49:12 -07:00
qctecmdr
8d092761a8 Merge "sepolicy: Add rules for SystemHelper HAL" 2020-04-18 04:49:12 -07:00
Subash Abhinov Kasiviswanathan
8ea9ea39ef sepolicy: allow netmgrd to access ipc logging 
Allows search of ipc logging directory so kernel can open
ipc logging files indirectly triggered from  netmgrd.

Change-Id: I263a4b251badd9e796a8cfc73b9de17915e7ddc6
 2020-04-17 15:14:34 -07:00
Mohamed Moussa
e6404386d8 sepolicy:dontaudit gmscore_app 
This will silence AVC denials without allowing a permission by using dontaudit rules.

Change-Id: I222c696846a6a21452bd2ef7d3d283f9c6a85f51
 2020-04-15 12:27:18 -07:00
Linux Build Service Account
c067d4eacf Merge "sepolicy: Rename vendor soc_id and soc_name properties" into sepolicy.lnx.6.0 2020-04-15 06:03:10 -07:00
Roopesh Nataraja
b8db03db5c sepolicy: Rename vendor soc_id and soc_name properties 
Change-Id: I0f7ae97ba9480c46b7a00598312089b9b7c39f05
 2020-04-13 11:10:10 -07:00
Nirmal Kumar
48f931a28f hal_bootctl : Update sepolicy for hal_bootctl 
-allow hal_bootctl_server to perform rawio
            -In 'user' builds rawio is not allowed for hal_bootctl_server domain.

Change-Id: I78bedd7aba25a58aba68748b80a1ebf810990860
 2020-04-13 11:05:17 -07:00
Rohit Soneta
fa67406408 sepolicy: Add rules for SystemHelper HAL 
Change-Id: I98ce0f491e1c80ef6d61aff68c192914fbf25073
 2020-04-13 13:35:48 +05:30
qctecmdr
c5cd53ddf0 Merge "Sepolicy: Allow bluetooth to access libsoc_helper" 2020-04-11 01:43:10 -07:00
qctecmdr
f31f365603 Merge "sepolicy: Add rules for QCV init rc and sh scripts" 2020-04-11 01:43:10 -07:00
Jack Pham
9f9a4af25e sepolicy: Allow init (recovery) to access USB sysfs 
Add genfs contexts for USB sysfs entries that control the
operational mode and assign them as vendor_sysfs_usb_device type.
Allow init context to access these paths for recovery mode.

Change-Id: Ic1f0c5e9237848ac47cebca6e2cbbe9bd25270ad
 2020-04-10 17:09:19 -07:00
Roopesh Nataraja
9074980d8a sepolicy: Add rules for QCV init rc and sh scripts 
- Add rules to allow execution of init.qti.qcv.sh
- Allow init.qti.qcv.sh to set_prop vendor_soc_name_prop
- Allow init.qti.qcv.rc to read vendor_soc_name_prop

Change-Id: I4f548bf0ab424dceba1d5b72c1ec8a596a037431
 2020-04-10 13:57:57 -07:00
Satish kumar sugasi
1f9ac5aeb5 Sepolicy: Allow bluetooth to access libsoc_helper 
Change-Id: Ife1537ad7954a42f6892e442abf1004e57ddf914
 2020-04-09 23:15:11 -07:00
qctecmdr
f511f71e18 Merge "File context for vendor_boot in Lahaina - Use existing boot_block_device label for vendor_boot_[a/b] vendor_custom_ab_block_device cpucp_[a/b] & shrm_[a/b] " 2020-04-09 14:40:36 -07:00
qctecmdr
d12209724a Merge "hal_bootctl : Add sepolicies for hal_bootctl - Access /dev and vendor_bsg device - Allow sys_rawio for capability check in scsi" 2020-04-09 10:48:13 -07:00
Linux Build Service Account
02cbd45b80 Merge "sepolicy: Add custom domain and rules for LibsocHelperTest" into sepolicy.lnx.6.0 2020-04-09 08:25:23 -07:00
Linux Build Service Account
e2bda41177 Merge "sepolicy: Create subsys nodes for Lahaina" into sepolicy.lnx.6.0 2020-04-08 18:39:05 -07:00
David Ng
a8516c5dfa mdm-helper: Add rule for probing ramdump access path 
Add rule for probing ramdump path write access.  This is necessary
as user configuration may still have MDM reporting a ramdump
(configuration of commercial vs debug configs are independent).

Add previously missing entry to handle mdm-helper killing its
forked process that handles EFS sync.  This is purely for left
over EFS sync process cleanup that can occur on mdm-helper
crash/restart (not an expected scenario but purely a robustness
catchall).

Relocate mdm-helper from qva to generic as this is a baseline
daemon dependent only on hardware capability (fusion hardware).

Change-Id: Ic3c573ab9c5b0c1eacf9d61d0002e67bd74e99e8
 2020-04-07 16:31:11 -07:00
Roopesh Nataraja
ced3bd1562 sepolicy: Add custom domain and rules for LibsocHelperTest 
Change-Id: Ic02b251cc5ae13e63e5e9df66193d0b7bbf32516
 2020-04-07 11:48:52 -07:00
Chris Lew
f1eee6b5e6 sepolicy: diag-router: Add mhi device permissions 
diag-router needs mhi character dev read/write permissions to bridge
the diag connection to external socs.

Change-Id: I22028e1c9b164aba24374413e16440e8deae8c4b
 2020-04-06 17:45:07 -07:00
David Ng
e91e433838 sepolicy: Create subsys nodes for Lahaina 
Add subsystem handling mapping for various hw variants of the target.

Change-Id: I1bc38fd92eef09e6f81a6914d3c876e711075d2c
 2020-04-06 17:33:48 -07:00
Nirmal Kumar
b2fb5ba86a hal_bootctl : Add sepolicies for hal_bootctl 
-  Access /dev and vendor_bsg device
            - Allow sys_rawio for capability check in scsi

Change-Id: I051a5e8fa498aa9791d8fb872ec49504ca311db2
 2020-04-06 12:34:53 -07:00
vijaagra
901802b27d sepolicy: Add rule to give perms to read gpuclk 
avc: denied { read } for comm=52756E6E65723A20676C5F34
name="gpuclk" dev="sysfs" ino=78660
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:sysfs_kgsl

Change-Id: I985cc9164c3cd52537ce5abcdcb42d763790aaa7
 2020-04-06 04:54:51 -07:00
Linux Build Service Account
ac290aa388 Merge "sepolicy: Update rpmb device path and type" into sepolicy.lnx.6.0 2020-04-06 00:54:14 -07:00
Linux Build Service Account
a7215f3e9c Merge "Allow fastbootd to access power_supply, usb nodes." into sepolicy.lnx.6.0 2020-04-06 00:53:15 -07:00
P.Adarsh Reddy
822e1e5465 Allow fastbootd to access power_supply, usb nodes. 
This change allows fastbootd (for healthd) to access
the power_supply and usb nodes.

Change-Id: Ib5c637b28dd65c6958778b02c3026c90b39fe713
 2020-04-03 06:15:04 -07:00
Ayishwarya Narasimhan
feb53b6ee6 sepolicy changes for imsfactory hal 
Change-Id: I72644a4de6e4670dd91a4eb6cb54ea8c29740990
 2020-04-03 01:20:41 -07:00
Nirmal Kumar
090ce33412 File context for vendor_boot in Lahaina 
- Use existing boot_block_device label for vendor_boot_[a/b]
      vendor_custom_ab_block_device cpucp_[a/b]  & shrm_[a/b]
        

Change-Id: If3b72642c3b78cd5ca96d3e4e6d8e3252d19f920
 2020-04-01 10:42:30 -07:00
qctecmdr
6e502ef51a Merge "sepolicy: Add permissions for persist.console.silent.config" 2020-04-01 01:46:08 -07:00
qctecmdr
b03a618e5a Merge "sepolicy: Permissions for v1.3 DRM and clearkey HALs" 2020-03-31 07:02:32 -07:00
qctecmdr
95b74e3405 Merge "sepolicy:Restrict access to vendor_restricted_prop" 2020-03-31 07:02:32 -07:00
qctecmdr
6a91762f95 Merge "Add sepolices to update engine domain." 2020-03-31 07:02:28 -07:00
Murthy Nidadavolu
70c453a603 sepolicy: Permissions for v1.3 DRM and clearkey HALs 
FR60432: OEMCrypto Version 16 support

Allow v1.3 DRM and clearkey HALs in SEPolicy.
Keep v1.2 HALs as well for backward compatibility.

Change-Id: I5aeb50f80507143c8adcf597a78202590447149e
 2020-03-30 10:29:34 +05:30
qctecmdr
89de2e16ae Merge "sepolicy: Allow libsoc_helper vendor clients to read soc_id" 2020-03-27 20:04:42 -07:00
qctecmdr
15d3fce672 Merge "sepolicy: allow netmgrd to access qmipriod properties" 2020-03-27 20:04:42 -07:00
Roopesh Nataraja
d28a917a4a sepolicy: Allow libsoc_helper vendor clients to read soc_id 
Change-Id: I530fa6d368471158ffc04c75d1f3bdb71f6cc0d3
 2020-03-27 17:26:28 -07:00
Sean Tranchetti
c3e415cb69 sepolicy: allow netmgrd to access qmipriod properties 
Allows netmgr to control starting/stopping the qmipriod daemon via
setting the relevant android properties.

Change-Id: I35d9af93ff565bddc4813eef8ad36db896d4a400
 2020-03-27 14:30:00 -06:00
Sean Tranchetti
c373d9978c sepolicy: create initial sepolicy for qmipriod 
Creates the initial sepolicy to allow for the qmipriod binary to be
launched on init, as well as access the needed resources.

Change-Id: Ib3c9d1b62148a370ff8bc80598dd550291b2c776
 2020-03-27 14:29:14 -06:00
P.Adarsh Reddy
f0cca4ea72 Add sepolices to update engine domain. 
While applying OTA update package, update engine
loops through partitions entries/mountpoints.
Add few policies and supress the dac ones.

Change-Id: Ic4ff7e8df86a01a3b7380e0bd458909f9099953e
 2020-03-27 02:49:17 -07:00
Monika Singh
a70ca8717e sepolicy: Update rpmb device path and type 
On 4.19 kernel, due to upstream commit <97548575be>
(mmc: block: Convert RPMB to a character device),
there is a change in RPMB path from "/dev/block/mmcblk0rpmb"
to “/dev/mmcblk0rpmb”. Also block device design for RPMB is
now changed to char device. This change updates RPMB path
and provides required permissions for qseecom to be able to
access new device design for RPMB eMMC device.

Change-Id: I7545b9b30b9b8f1c0fd8aacd38048516c2f86970
 2020-03-27 11:46:14 +05:30
qctecmdr
a88906f9e2 Merge "sepolicy: vendor modprobe changes" 2020-03-26 19:41:05 -07:00
Sayali Lokhande
4d86cb2738 sepolicy : Allow kernel to search debugfs_mmc dir 
Debugfs is failed to be initialized because of the denial below.
Add selinux policy to fix it.
avc: denied { search } for comm="kworker/0:1" name="mmc0"
dev="debugfs" ino=6562 scontext=u:r:kernel:s0
tcontext=u:object_r:debugfs_mmc:s0 tclass=dir permissive=0

CRs-Fixed: 2636489
Change-Id: I831a363d448b3efe11960c3937b04dbca80d37f3
 2020-03-25 23:02:57 -07:00
Srinivasarao P
7b50fbd4ec sepolicy: Add permissions for persist.console.silent.config 
provide permissions to read property persist.console.silent.config
to fix avc denial issues.

Change-Id: I85c13f99239f433daf9bc64fbb52cb61c5666b9c
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
 2020-03-25 22:34:28 -07:00
qctecmdr
f2ce4398c2 Merge "Update telephony SELinux policies to avoid name collision." 2020-03-25 13:55:36 -07:00
Garik Badalyan
bb15e90b05 Update telephony SELinux policies to avoid name collision. 
-Update telephony SELinux policies to avoid name collision
in future.
-Remove old unused telephony SELinux labels.

Change-Id: I60224d6a34d95c853b7ad32a17ecbce4b7b9b204
CRs-Fixed: 2644933
 2020-03-23 13:27:33 -07:00
Sreelakshmi Gownipalli
51359b97ab diag: Add support for connecting to diag via unix sockets 
Add support to connect to diag unix socket from diag vendor clients.

Change-Id: I65f8738e0473fe1bdbbf369a8f60e86e6c2f8284
 2020-03-23 07:40:45 -07:00
Linux Build Service Account
4118b742f5 Merge "sepolicy: Define new policy rule to read gpu model" into sepolicy.lnx.6.0 2020-03-23 06:13:12 -07:00
Linux Build Service Account
5d80ff03be Merge "Update device sepolicy rules for NN HAL 1.3" into sepolicy.lnx.6.0 2020-03-20 03:06:08 -07:00
kranthi
dbe56c1472 sepolicy: Define new policy rule to read gpu model 
Add  a new file context label for gpu_model sysfs entry. allowed read
access to that entry.
Addressing the following denials :
type=1400 audit(0.0:62): avc: denied { read } for
name="gpu_model" dev="sysfs" ino=78734 scontext=u:r:mediaserver:s0
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0
type=1400 audit(0.0:88): avc: denied { read } for name="gpu_model"
dev="sysfs" ino=78734 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0 app=com.android.systemui
type=1400 audit(0.0:100): avc: denied { read }
for name="gpu_model" dev="sysfs" ino=78734 scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0
app=com.android.launcher3

Change-Id: I9e1b9ffbb88ea62b4cc530564d811d7cfc640bbc
 2020-03-19 14:16:40 +05:30
qctecmdr
c2740d3582 Merge "sepolicy for imscmservice hal" 2020-03-18 22:44:28 -07:00
Alex Kuoch
1e2814c890 Update device sepolicy rules for NN HAL 1.3 
Change-Id: Iaa6c1251cd3156887b58cf73ce565fb8a749af41
 2020-03-18 14:42:41 -04:00
Shawn Shin
6c80bcc5f2 sepolicy: qcc: move QCC to system-ext partition 
qdmastatsd renamed to qcc_trd and qdma renamed to qcc
vendor_ prefixed

CRs-fixed: 2605804
Change-Id: I55b699228bcf46de57c2dc019fac80bcc55424a1
 2020-03-18 09:20:50 -07:00
Ayishwarya Narasimhan
0a530f0119 sepolicy for imscmservice hal 
Change-Id: I673c43e91da3b66d685a994fe0718dbb1948bc35
 2020-03-17 09:49:16 -07:00
qctecmdr
7f04ba192b Merge "sepolicy: Allow audio hal to access bluetooth property" 2020-03-17 03:38:00 -07:00
qctecmdr
047f367ee8 Merge "sepolicy: Add read dir permission to hal_bootctl.te" 2020-03-17 03:38:00 -07:00
Naval Saini
8778599f9d sepolicy: Allow audio hal to access bluetooth property 
Allow audio hal to access(read) bluetooth persist property

CRs-Fixed: 2620572
Change-Id: I6663a262bfd41ca1de8af8f743e319133045fe17
 2020-03-15 23:12:18 -07:00
qctecmdr
db681779a2 Merge "sepolicy: Allow RPMB service and recovery access bsg device driver nodes" 2020-03-13 05:21:51 -07:00
himta ram
320c36231c sepolicy: move the FM sepolicy rules to product 
Created the new domain for FM.
Moved the FM sepolicy rules to product.

CRs-Fixed: 2641193
Change-Id: I3cfe84dbe93c108124475a3e3825f7f80b5f6e57
 2020-03-13 05:03:36 -07:00
Linux Build Service Account
406b8c8f27 Merge "ims : add tipc socket permission rule" into sepolicy.lnx.6.0 2020-03-12 21:59:52 -07:00
Linux Build Service Account
eefb643ced Merge "sepolicy: adding protected_hwservice attr to hwservice." into sepolicy.lnx.6.0 2020-03-12 21:58:52 -07:00
Linux Build Service Account
42a45deb47 Merge "sepolicy: add permissions for devfreq nodes on lahaina" into sepolicy.lnx.6.0 2020-03-12 21:58:51 -07:00
Linux Build Service Account
d7beb87069 Merge "Adding Kill capability to perf hal service." into sepolicy.lnx.6.0 2020-03-11 19:00:38 -07:00
Amir Vajid
f5411bea95 sepolicy: add permissions for devfreq nodes on lahaina 
Add permissions to access devfreq dcvs nodes on lahaina.

Change-Id: Idc5a192699a697cc8c2e7a2ae1119215a93b407f
 2020-03-11 17:52:09 -07:00
Jaihind Yadav
6d99179f63 sepolicy: adding protected_hwservice attr to hwservice. 
Change-Id: Ic929f39a894cc86572fb55c53bd4d1e1e82306d7
 2020-03-11 05:43:21 -07:00
qctecmdr
3e01e5c665 Merge "sepolicy: add sepolicy label for charge_pump" 2020-03-10 20:35:04 -07:00
Linux Build Service Account
e5489dfaa0 Merge "sepolicy: give se policy permission to npu dcvs nodes" into sepolicy.lnx.6.0 2020-03-10 19:59:05 -07:00
Manoj Basapathi
bfa6c2ffe5 ims : add tipc socket permission rule 
Change-Id: I688c50047a559d00386ec54093d665fffab853b3
 2020-03-10 16:22:44 -07:00
Can Guo
6126a64578 sepolicy: Allow RPMB service and recovery access bsg device driver nodes 
This change is to allow RPMB service and Android recovery access
storage bsg char device driver nodes.

Change-Id: I2441f2de6273c2d44a24d4be5cf8c8d58ec6fcf6
 2020-03-09 23:19:47 -07:00
Linux Build Service Account
1b462b2387 Merge "Revert "Revert "sepolicy: update SELinux rules for ims application""" into sepolicy.lnx.6.0 2020-03-09 06:23:09 -07:00
Smita Ghosh
07d473667a sepolicy: Add read dir permission to hal_bootctl.te 
hal_bootctl needs read permission to sysfs_dt_firmware_android

Change-Id: I6e89b2db756d7070bc4b815cf15a6a4f241d137b
 2020-03-05 17:06:08 -08:00
Wileen Chiu
106d993854 Revert "Revert "sepolicy: update SELinux rules for ims application"" 
This reverts commit 7a059d4202.

Change-Id: I3b5c615012bacc440362e23e343ab05db8d3253f
CRs-Fixed: 2616500
 2020-03-05 10:12:46 -08:00
Sai Manobhiram
bac8a9c806 Adding Kill capability to perf hal service. 
Adding permission to kill only the app domain from vendor.
For lito, atoll, trinket.

Change-Id: Id9377a993ca847aaa830d53a330aabad1db3cd17
 2020-03-04 15:21:59 +05:30
Rishiraj Manwatkar
764c97ec56 sepolicy: vendor modprobe changes 
Change-Id: I8d86a719c97135c4b701a4cddd029dfd23aeda71
 2020-03-02 16:33:06 -08:00
Ashay Jaiswal
e23a4ade5e sepolicy: add sepolicy label for charge_pump 
Add sepolicy label to files exposed by charger_pump master and slave
devices.

Change-Id: Id70e39695444573638055f88734f0ae02df25a02
 2020-03-02 09:21:26 +05:30
Benergy Meenan Ravuri
93d59b0028 update sepolicy for init.qcom.testscripts.sh 
Change-Id: Ic15d63db8e71c90781dde48f971920bb49be7852
CRs-Fixed: 2625015
 2020-02-28 17:55:25 -08:00
Santosh Mardi
dce94f494f sepolicy: give se policy permission to npu dcvs nodes 
Give SE policy permission to npu dcvs nodes used to scale
DDR frequency based on traffic from npu->llcc and llcc->ddr.

Change-Id: Ib58f75a65b7979d58128a594769916ec25bf9082
 2020-02-28 01:16:41 -08:00
qctecmdr
2030effbfe Merge "Revert "sepolicy: Define key for TimeService apk"" 2020-02-27 03:04:34 -08:00
vijay rayabarapu
7a059d4202 Revert "sepolicy: update SELinux rules for ims application" 
This reverts commit a9e385381b.

Change-Id: I9006b1af2506bf0b8f0efe62e7aafd16e15ccbb1
 2020-02-26 16:40:05 +05:30
Aditya
1d841a2eeb sepolicy:Restrict access to vendor_restricted_prop 
CRs-Fixed: 2650922

Change-Id: Id93fb2215421d6e86e83a3d577a36aadd6a697ab
 2020-02-26 16:23:45 +05:30
qctecmdr
65ddd18b92 Merge "sepolicy: add audio daemon" 2020-02-23 03:51:27 -08:00
qctecmdr
192c565c82 Merge "sepolicy: update SELinux rules for ims application" 2020-02-20 12:36:54 -08:00
Amritendu Biswas
bcecad1de5 sepolicy for embms hal service 
Allow embmssl hal to access unix_stream_socket,
Allow embmssl hal to access qipcrtr_socket

Change-Id: I84024db652dc839c9f07e46a620e7b9659da7297
 2020-02-19 17:59:07 -08:00
Aalique Grahame
07fe88eee7 sepolicy: add audio daemon 
Add policy for audio adsprpc daemon

Change-Id: Ib05cf29a3e06571e5a718bde9032b19625b5a300
 2020-02-19 16:35:40 -08:00
Wileen Chiu
a9e385381b sepolicy: update SELinux rules for ims application 
Change-Id: I82638566030d660140430176cee0fe4ca605b1ed
CRs-Fixed: 2616500
 2020-02-19 15:10:16 -08:00
qctecmdr
2753577d08 Merge "Add Device Info hal vendor.qti.hardware.radio.internal.deviceinfo@1.0" 2020-02-19 06:56:04 -08:00
Linux Build Service Account
f0545d99ef Merge "sepolicy: categorising product partition sepolicy b/w generic and qva." into sepolicy.lnx.6.0 2020-02-18 19:18:47 -08:00
Avinash Nalluri
17c98d98c5 Add Device Info hal vendor.qti.hardware.radio.internal.deviceinfo@1.0 
- Add new HAL to the config files
- vendor.qti.hardware.radio.internal.deviceinfo@1.0

Change-Id: Ia32ee8d8742850bc95fe5ac8876aca8843d73f3e
CRs-Fixed: 2605646
 2020-02-18 09:55:57 -08:00
qctecmdr
d4ca30ba03 Merge "sepolicy: Add selinux policy for kernel debug script" 2020-02-18 08:57:34 -08:00
qctecmdr
d4cb924ee2 Merge "sepolicy: Add vm block devices labeling" 2020-02-18 05:46:28 -08:00
qctecmdr
a7c80aa192 Merge "lito: Assign subsys nodes file contexts in a dynamic way." 2020-02-18 02:56:24 -08:00
qctecmdr
50f7bc43d5 Merge "Sepolicy changes for new mutualex daemon" 2020-02-18 00:19:38 -08:00
Mohit Aggarwal
6987530a28 Revert "sepolicy: Define key for TimeService apk" 
This reverts commit 6886e3677e.

Change-Id: I9b4414691680c399717370b118e01dbc0d4aac09
 2020-02-18 11:48:29 +05:30
qctecmdr
6cacff8bb7 Merge "sepolicy: add property to generic for loading shsusrd via netmgr" 2020-02-17 21:20:54 -08:00
Jaihind Yadav
9a10acbf78 sepolicy: categorising product partition sepolicy b/w generic and qva. 
Change-Id: I10cb485e1b461e30f5c0e12d277a9b6fda8decee
 2020-02-17 03:34:29 -08:00
P.Adarsh Reddy
f072a4ac23 lito: Assign subsys nodes file contexts in a dynamic way. 
The subsystem name to subsys number mapping is not constant
and can change based on the order of probing OR incase a new
subsystem gets added.
To handle such cases, this change assigns the contexts in a
more dynamic way using regex within file-contexts file.

Change-Id: Ibc688f334381dffec2bf5419305fabcf2ecd72e6
 2020-02-17 14:09:12 +05:30
Ayishwarya Narasimhan
1da1d96826 Sepolicy changes for new mutualex daemon 
Change-Id: Ie3cd5f9c1ced4f40fba5144cc079344c0ab4e2d9
 2020-02-14 10:31:57 -08:00
Subash Abhinov Kasiviswanathan
fb0b4167cb sepolicy: add property to generic for loading shsusrd via netmgr 
Add property to generic sepolicy for loading shsusrd from netmgr.
Fixes the following-

[   66.051992] type=1107 audit(1549.328:591): uid=0 auid=4294967295
ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for
property=persist.vendor.data.shsusr_load pid=921 uid=1001 gid=1001
scontext=u:r:vendor_netmgrd:s0 tcontext=u:object_r:vendor_default_prop:s0
tclass=property_service permissive=0'

CRs-Fixed: 2575687
Change-Id: I32fb31a7f5e64c2095aee081fd855900be0d0701
 2020-02-13 18:09:30 -07:00
David Ng
ba68c652cf sepolicy: Add vm block devices labeling 
Add VM (virtual machine) partition block devices and associated
firmware file labeling and handling policies.

Centralize update_engine_common.te under generic/vendor/common
as the content are all common at this time.

Change-Id: Iba8bf4150db861f97bc9b78b70683f73b6fa7607
 2020-02-13 15:10:53 -08:00