tequilaOS/platform_device_qcom_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3243 commits 1 branch 0 tags 4.5 MiB
Commit graph

3243 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sean Tranchetti
c3e415cb69 sepolicy: allow netmgrd to access qmipriod properties 
Allows netmgr to control starting/stopping the qmipriod daemon via
setting the relevant android properties.

Change-Id: I35d9af93ff565bddc4813eef8ad36db896d4a400
 2020-03-27 14:30:00 -06:00
Sean Tranchetti
c373d9978c sepolicy: create initial sepolicy for qmipriod 
Creates the initial sepolicy to allow for the qmipriod binary to be
launched on init, as well as access the needed resources.

Change-Id: Ib3c9d1b62148a370ff8bc80598dd550291b2c776
 2020-03-27 14:29:14 -06:00
Sayali Lokhande
4d86cb2738 sepolicy : Allow kernel to search debugfs_mmc dir 
Debugfs is failed to be initialized because of the denial below.
Add selinux policy to fix it.
avc: denied { search } for comm="kworker/0:1" name="mmc0"
dev="debugfs" ino=6562 scontext=u:r:kernel:s0
tcontext=u:object_r:debugfs_mmc:s0 tclass=dir permissive=0

CRs-Fixed: 2636489
Change-Id: I831a363d448b3efe11960c3937b04dbca80d37f3
 2020-03-25 23:02:57 -07:00
qctecmdr
f2ce4398c2 Merge "Update telephony SELinux policies to avoid name collision." 2020-03-25 13:55:36 -07:00
Garik Badalyan
bb15e90b05 Update telephony SELinux policies to avoid name collision. 
-Update telephony SELinux policies to avoid name collision
in future.
-Remove old unused telephony SELinux labels.

Change-Id: I60224d6a34d95c853b7ad32a17ecbce4b7b9b204
CRs-Fixed: 2644933
 2020-03-23 13:27:33 -07:00
Sreelakshmi Gownipalli
51359b97ab diag: Add support for connecting to diag via unix sockets 
Add support to connect to diag unix socket from diag vendor clients.

Change-Id: I65f8738e0473fe1bdbbf369a8f60e86e6c2f8284
 2020-03-23 07:40:45 -07:00
Linux Build Service Account
9c613c7409 Merge "secpolicy: add HAL support for SPU" into sepolicy.lnx.6.0 2020-03-23 06:14:13 -07:00
Linux Build Service Account
5da10e3224 Merge "sepolicy: Enable secure_element 1.2 HAL service" into sepolicy.lnx.6.0 2020-03-23 06:14:12 -07:00
Linux Build Service Account
4118b742f5 Merge "sepolicy: Define new policy rule to read gpu model" into sepolicy.lnx.6.0 2020-03-23 06:13:12 -07:00
Liron Daniel
08e7c09ca3 secpolicy: add HAL support for SPU 
Support v1.0 of SPU HAL which is served by vendor.qti.spu@1.0-server.
This is needed in order to support 3rd party spcom operations.

Change-Id: If2cc4f8b478fc3bceb78ad9becbdd5a1b9417266
 2020-03-22 23:08:10 +02:00
Indranil
ec0008b8f6 sepolicy: Add rules for WFD App 
-- add rules to enable WFD functionality

Change-Id: Ifa3936a96b42cd597e262173df4d19819d7a7d60
 2020-03-20 12:05:29 -07:00
Linux Build Service Account
5d80ff03be Merge "Update device sepolicy rules for NN HAL 1.3" into sepolicy.lnx.6.0 2020-03-20 03:06:08 -07:00
Bhuvan Varshney
96b2bcba10 sepolicy: Enable secure_element 1.2 HAL service 
secure_element HAL 1.2 service is required to be
invoked from the boot.

Added entry for secure_element HAL 1.2 service.

Change-Id: I8ba27a5521d5809dcdd6c8f6f7a63286cccc431d
 2020-03-19 21:16:30 -07:00
kranthi
dbe56c1472 sepolicy: Define new policy rule to read gpu model 
Add  a new file context label for gpu_model sysfs entry. allowed read
access to that entry.
Addressing the following denials :
type=1400 audit(0.0:62): avc: denied { read } for
name="gpu_model" dev="sysfs" ino=78734 scontext=u:r:mediaserver:s0
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0
type=1400 audit(0.0:88): avc: denied { read } for name="gpu_model"
dev="sysfs" ino=78734 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0 app=com.android.systemui
type=1400 audit(0.0:100): avc: denied { read }
for name="gpu_model" dev="sysfs" ino=78734 scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0
app=com.android.launcher3

Change-Id: I9e1b9ffbb88ea62b4cc530564d811d7cfc640bbc
 2020-03-19 14:16:40 +05:30
qctecmdr
44d5a4d12a Merge "sepolicy: Add sepolicy rules for qseecom hal" 2020-03-18 22:44:28 -07:00
qctecmdr
c2740d3582 Merge "sepolicy for imscmservice hal" 2020-03-18 22:44:28 -07:00
Alex Kuoch
1e2814c890 Update device sepolicy rules for NN HAL 1.3 
Change-Id: Iaa6c1251cd3156887b58cf73ce565fb8a749af41
 2020-03-18 14:42:41 -04:00
Shawn Shin
6c80bcc5f2 sepolicy: qcc: move QCC to system-ext partition 
qdmastatsd renamed to qcc_trd and qdma renamed to qcc
vendor_ prefixed

CRs-fixed: 2605804
Change-Id: I55b699228bcf46de57c2dc019fac80bcc55424a1
 2020-03-18 09:20:50 -07:00
Anmolpreet Kaur
0bf77a4ae8 sepolicy: Add sepolicy rules for qseecom hal 
Add new policy for QSEECom HIDL implementation
which makes qseecom available to system processes.

Change-Id: I2d47148c7f9f01a01d7595575842b08585ea2907
 2020-03-18 02:01:21 -07:00
Ayishwarya Narasimhan
0a530f0119 sepolicy for imscmservice hal 
Change-Id: I673c43e91da3b66d685a994fe0718dbb1948bc35
 2020-03-17 09:49:16 -07:00
qctecmdr
7f04ba192b Merge "sepolicy: Allow audio hal to access bluetooth property" 2020-03-17 03:38:00 -07:00
qctecmdr
047f367ee8 Merge "sepolicy: Add read dir permission to hal_bootctl.te" 2020-03-17 03:38:00 -07:00
Naval Saini
8778599f9d sepolicy: Allow audio hal to access bluetooth property 
Allow audio hal to access(read) bluetooth persist property

CRs-Fixed: 2620572
Change-Id: I6663a262bfd41ca1de8af8f743e319133045fe17
 2020-03-15 23:12:18 -07:00
qctecmdr
db681779a2 Merge "sepolicy: Allow RPMB service and recovery access bsg device driver nodes" 2020-03-13 05:21:51 -07:00
himta ram
320c36231c sepolicy: move the FM sepolicy rules to product 
Created the new domain for FM.
Moved the FM sepolicy rules to product.

CRs-Fixed: 2641193
Change-Id: I3cfe84dbe93c108124475a3e3825f7f80b5f6e57
 2020-03-13 05:03:36 -07:00
Linux Build Service Account
406b8c8f27 Merge "ims : add tipc socket permission rule" into sepolicy.lnx.6.0 2020-03-12 21:59:52 -07:00
Linux Build Service Account
8f46b09fe4 Merge "sepolicy: add policy for qseecom hal" into sepolicy.lnx.6.0 2020-03-12 21:59:52 -07:00
Linux Build Service Account
eefb643ced Merge "sepolicy: adding protected_hwservice attr to hwservice." into sepolicy.lnx.6.0 2020-03-12 21:58:52 -07:00
Linux Build Service Account
42a45deb47 Merge "sepolicy: add permissions for devfreq nodes on lahaina" into sepolicy.lnx.6.0 2020-03-12 21:58:51 -07:00
Linux Build Service Account
3e1af0ab46 Merge "sepolicy: WFD app sepolicy change" into sepolicy.lnx.6.0 2020-03-12 04:30:50 -07:00
Linux Build Service Account
18b5882707 Merge "atoll: Add sepolicy for gralloc and vulkan lib" into sepolicy.lnx.6.0 2020-03-12 04:30:39 -07:00
Linux Build Service Account
b465dbb1ae Merge "Sepolicy: Allow socket creation, permission to access IOP/servtracker." into sepolicy.lnx.6.0 2020-03-12 02:06:36 -07:00
Linux Build Service Account
d7beb87069 Merge "Adding Kill capability to perf hal service." into sepolicy.lnx.6.0 2020-03-11 19:00:38 -07:00
Amir Vajid
f5411bea95 sepolicy: add permissions for devfreq nodes on lahaina 
Add permissions to access devfreq dcvs nodes on lahaina.

Change-Id: Idc5a192699a697cc8c2e7a2ae1119215a93b407f
 2020-03-11 17:52:09 -07:00
Jaihind Yadav
6d99179f63 sepolicy: adding protected_hwservice attr to hwservice. 
Change-Id: Ic929f39a894cc86572fb55c53bd4d1e1e82306d7
 2020-03-11 05:43:21 -07:00
Linux Build Service Account
24fba3f75d Merge "sepolicy: Install modules to sys-ext partition" into sepolicy.lnx.6.0 2020-03-11 04:34:52 -07:00
Indranil
2835c026a5 sepolicy: Install modules to sys-ext partition 
Change-Id: I8c91c1a45c3e932861fca2873a2eaa9652ac6d30
 2020-03-10 23:04:46 -07:00
qctecmdr
3e01e5c665 Merge "sepolicy: add sepolicy label for charge_pump" 2020-03-10 20:35:04 -07:00
Linux Build Service Account
e5489dfaa0 Merge "sepolicy: give se policy permission to npu dcvs nodes" into sepolicy.lnx.6.0 2020-03-10 19:59:05 -07:00
Manoj Basapathi
bfa6c2ffe5 ims : add tipc socket permission rule 
Change-Id: I688c50047a559d00386ec54093d665fffab853b3
 2020-03-10 16:22:44 -07:00
Can Guo
6126a64578 sepolicy: Allow RPMB service and recovery access bsg device driver nodes 
This change is to allow RPMB service and Android recovery access
storage bsg char device driver nodes.

Change-Id: I2441f2de6273c2d44a24d4be5cf8c8d58ec6fcf6
 2020-03-09 23:19:47 -07:00
Lubin Yin
40209bf7a9 sepolicy: WFD app sepolicy change 
Because of the system UID removal from WFD app, give permissions to wfd
app instead of system app

Change-Id: Ic56db7fec69e1b16e761162ef0393cabb375de50
 2020-03-09 09:47:00 -07:00
Linux Build Service Account
1b462b2387 Merge "Revert "Revert "sepolicy: update SELinux rules for ims application""" into sepolicy.lnx.6.0 2020-03-09 06:23:09 -07:00
Linux Build Service Account
c2e52493fd Merge "update sepolicy for init.qcom.testscripts.sh" into sepolicy.lnx.6.0 2020-03-09 06:23:08 -07:00
Bharat Pawar
d3512e61be atoll: Add sepolicy for gralloc and vulkan lib 
Change-Id: I4b5d99f73612c8599459dbbebb97f30c9e26a7aa
 2020-03-09 02:58:52 -07:00
Smita Ghosh
07d473667a sepolicy: Add read dir permission to hal_bootctl.te 
hal_bootctl needs read permission to sysfs_dt_firmware_android

Change-Id: I6e89b2db756d7070bc4b815cf15a6a4f241d137b
 2020-03-05 17:06:08 -08:00
Wileen Chiu
106d993854 Revert "Revert "sepolicy: update SELinux rules for ims application"" 
This reverts commit 7a059d4202.

Change-Id: I3b5c615012bacc440362e23e343ab05db8d3253f
CRs-Fixed: 2616500
 2020-03-05 10:12:46 -08:00
Linux Build Service Account
bd7360b0a8 Merge "sepolicy: Update path for qspmsvc" into sepolicy.lnx.6.0 2020-03-05 06:11:50 -08:00
Sai Manobhiram
317f328fc0 Sepolicy: Allow socket creation, permission to access IOP/servtracker. 
Netlink Socket : Add a policy for allowing to create a socket from perf hal
and getting data
IOP : perf-hal needs access to IOP serivice.
ServcTracker: Perf-hal needs access to service tracker Hal.
Meminfo, KGSL_MEM : Accessing proc_meminfo and kgsl sys_fs nodes for reading data.

Change-Id: Ic12bf00bb8c9227221556c043d8169c4611f2b69
 2020-03-04 15:44:44 +05:30
Sai Manobhiram
bac8a9c806 Adding Kill capability to perf hal service. 
Adding permission to kill only the app domain from vendor.
For lito, atoll, trinket.

Change-Id: Id9377a993ca847aaa830d53a330aabad1db3cd17
 2020-03-04 15:21:59 +05:30