tequilaOS/platform_device_qcom_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3500 commits 1 branch 0 tags 4.5 MiB
Commit graph

624 commits

Author SHA1 Message Date
Manaf Meethalavalappu Pallikunhi
47f5af3b4a sepolicy: Add vendor limits hal attributes 
Change-Id: I19a50ae280f57b844c044b2161e64abc9d1de655
 2020-11-24 07:19:29 -08:00
Jaihind Yadav
fdb5938c0c making system/product restricted prop. 
making system/product restricted prop all the extendeded core prop defined in public.

Change-Id: Ic7374ee3ed141ce98f16a8b7fc29d8fedcd49149
 2020-11-24 16:38:32 +05:30
Siddeswar Aluganti
f3dcc6a9f1 Fix backward compatibility issue. 
Change-Id: Ie889dc1ad25da6e0a1ff812ee3dd793bd2363c93
 2020-11-12 13:04:56 -08:00
Wileen Chiu
2824781c25 Add QtiTelephonyService to vendor_qtelephony domain 
- QtiTelephonyService is moved from sharing phone
  process uid and needs to be moved into vendor_qtelephony

Change-Id: Ib7b341707daca8deadd2e5e634d4080732f3834f
CRs-Fixed: 2809413
 2020-10-30 11:29:42 -07:00
Biswajit Paul
9926eac1fd Add compatibility with previous Android versions. 
This change adds compatibility cil files for the previous android
version.

Change-Id: I4e40586df87de256d991d10c937c53f92cc55b44
 2020-10-28 18:16:59 -07:00
Jun Wang
a447e205ce sepolicy: Add more property rules for scroll optimization feature 
Allow apps to read the properties of scroll optimization feature.

Change-Id: Icd0526c1a905ff935e6d1828fd8a38644525380f
 2020-09-16 02:19:51 -07:00
kranthi
38ae21ce3a Adding new gfx developer tools service 
Adding new gfx developer tools service (qdtservice).

CRs-Fixed: 2772466
Change-Id: Ie534a866705c2870cf7be3afdfb39f022f85ed56
 2020-09-08 22:51:00 +05:30
Rajavenu Kyatham
532ce495a9 sepolicy: add sepolicy for new added display prop. 
- allow the prop settable and gettable.

Change-Id: If4e29c1a361197aedf30e0dfae47b19d2c81a5d6
CRs-Fixed: 2732534
 2020-08-06 03:02:15 -07:00
Sauvik Saha
58381329b1 ims: Adding diag permissions to telephony 
* Adding diag permissions for telephony

Change-Id: I8e6cb41f06f060eeb38890c5f943cb3a29e93744
 2020-07-22 11:40:19 +05:30
Jaihind Yadav
7a12159cc2 moving attributes from vendor to system_ext. 
Change-Id: Ife18fca781159959f3b6725660884a4df0c0ed6e
 2020-07-03 08:37:58 -07:00
David Ng
b4b1deebb4 Map /storage/emulated as media_rw_data_file 
Files inside /storage/emulated are labeled as media_rw
at runtime - but the policy is sdcard_file - match them.

Change-Id: Ie9d8890f0bf3bbcc84854f988aad8465d9c7cabc
 2020-06-26 15:07:49 -07:00
Rohit Soneta
2fd3cffbd8 sepolicy: Fix system helper HAL issue 
Change-Id: I8c518f6320f8674463ce5d7989f5f8be37c57978
 2020-06-24 15:35:22 +05:30
qctecmdr
b32ca80c52 Merge "sepolicy change for vendor_qtelephony domain" 2020-06-19 05:23:32 -07:00
Sridhar Kasukurthi
b1c710adb4 sepolicy change for vendor_qtelephony domain 
-All the apps sharing vendor_qtelephony domain are
 moved to system_ext partition. Move all the policies
 as well to system component inorder to set right
 dependencies to ota.

Change-Id: I3601930c9a8f644c609591b72a46d29514e0d134
CRs-Fixed: 2709200
 2020-06-19 11:58:21 +05:30
Jun Wang
9eaed3d140 sepolicy: add property rule for scroll optimization feature 
Allow apps to read the property to determine whether the scroll
optimization feature is enabled or not.

Change-Id: I7ffee73bd4de0283cdd67902f90d49122eb2fcaa
 2020-06-15 23:19:31 -07:00
Jaihind Yadav
1f7641cb96 modifying boarconfig.mk to pick system side sepolicy. 
removing vendor sepolicy from sepolicy this project as
it is moved to sepolicy_vndr project.

Change-Id: I03f185b2ababf068ff337a7873acec2fe1a8f069
 2020-05-23 22:38:57 -07:00
qctecmdr
26862522a4 Merge "sepolicy: Allow qti-testscripts to be killed by lmkd" 2020-05-23 19:47:59 -07:00
Linux Build Service Account
5bfd49e2ab Merge "sepolicy: adding dontaudit for vendor modprobe." into sepolicy.lnx.6.0 2020-05-13 00:21:14 -07:00
Linux Build Service Account
47d0180911 Merge "sepolicy: adding dontaudit for init_shell" into sepolicy.lnx.6.0 2020-05-13 00:21:12 -07:00
qctecmdr
4f7de76b6d Merge "sepolicy: allow sensors hal to read adsrpc properties" 2020-05-12 12:37:27 -07:00
qctecmdr
1ac3fa3433 Merge "sepolicy: adding getattr perm for init." 2020-05-12 09:41:36 -07:00
qctecmdr
4280ba1faf Merge "sepolicy: [AISW-7895] Allow gralloc for hardware buffer" 2020-05-11 22:25:47 -07:00
qctecmdr
c8a61ca0f7 Merge "sepolicy: Changes to allow kill capability" 2020-05-10 03:27:41 -07:00
Jun-Hyung Kwon
b41ca6dfa7 sepolicy: allow sensors hal to read adsrpc properties 
Change-Id: I6956b7d61339be4665a8d2af47b3c0ba2c88793e
 2020-05-07 16:12:45 -07:00
Shishir Singh
7029593aa7 sepolicy: Changes to allow kill capability 
-- Fix for netmgrd kill permission denial.

Change-Id: I4360fe357f9ff22ce2a690fcf613a0dba2bf26ec
 2020-05-06 02:42:59 -07:00
Santosh Mardi
2a9b25cad4 sepolicy: add support for separate dcvs script 
From android R version perf events need sepolicy permission,
move memlat related commands to separate new script as they
result in accessing perf events in kernel.

And add support in sepolicy for new script to give permission
for perf events.

Change-Id: I726bdecebec1a87656d2ef1c63198b1c5d0099f2
 2020-05-06 13:20:24 +05:30
Patrick Daly
06518abbdc sepolicy: Allow qti-testscripts to be killed by lmkd 
lmkd kills tasks with oom_score_adj >= 0 when the system is under memory
pressure. Enhancements have been added to lmkd to support this behavior
for processes started from shell as well.

Change-Id: Ia28c3373d8b755f911337bb849262e5b654d5041
 2020-05-04 05:08:34 -07:00
qctecmdr
95f1cbe94b Merge "sepolicy: Add sepolicy rules for wireless and cp_slave" 2020-05-03 06:43:36 -07:00
qctecmdr
e9ebdf8b94 Merge "sepolicy: add nlmsg_readpriv capability to ipacm" 2020-05-03 03:54:30 -07:00
Kavya Nunna
359f034ee6 sepolicy: Add sepolicy rules for wireless and cp_slave 
Add sepolicy rules for wireless and cp_slave to give access to
applications like healthd, fastbootd.

Change-Id: I697d99b7e43123aca8d05606d943f2620e9f719b
Signed-off-by: Kavya Nunna <knunna@codeaurora.org>
 2020-04-30 21:08:58 -07:00
Linux Build Service Account
d457bf92af Merge "sepolicy: removed regexp for ssr nodes from common file" into sepolicy.lnx.6.0 2020-04-30 01:40:51 -07:00
Chaitanya Pratapa
030abbf49b sepolicy: add nlmsg_readpriv capability to ipacm 
IPACM needs to get RTM_NEWLINK events to process
link up/link down events for peripherals that need IPA
offload.

Change-Id: I56cb7971d221e56169b5541aaad8b4edb2ad4348
 2020-04-29 16:13:41 -07:00
qctecmdr
b02281170b Merge "Define km41 sepolicy rules" 2020-04-29 04:57:44 -07:00
qctecmdr
8f2453a8c5 Merge "sepolicy:Allow PeripheralManager to seach for vendor_debugfs_ipc dir" 2020-04-28 21:50:50 -07:00
Barani Muthukumaran
1a439c7e88 Define km41 sepolicy rules 
Change-Id: Ia8938bc1cfb58eb88573d944cfd81867d26845f4
 2020-04-28 21:26:41 -07:00
qctecmdr
5e20c878ba Merge "sepolicy: Correct the wild-card expression of ufs-bsg devices" 2020-04-28 01:18:24 -07:00
qctecmdr
3fc4961539 Merge "sepolicy: Remove labels for usbpd and power_supply properties" 2020-04-28 01:18:24 -07:00
Prasanta Kumar Sahu
7e111f1a5c sepolicy:Allow PeripheralManager to seach for vendor_debugfs_ipc dir 
Fix for : avc: denied { search } for comm="Binder:935_2" name=
"ipc_logging" dev="debugfs" ino=1051 scontext=u:r:vendor_per_mgr:s0
 tcontext=u:object_r:vendor_debugfs_ipc:s0 tclass=dir permissive=0

Change-Id: Ia3defd1129a03596c3f893b6c89414a1aad1091c
 2020-04-28 00:32:40 -07:00
Jaihind Yadav
1d5ae3ed52 sepolicy: adding dontaudit for vendor modprobe. 
Change-Id: I01d08c1b7cc3bbc4115dac0a4d13559a8a47c9ac
 2020-04-28 12:11:50 +05:30
Jaihind Yadav
f81e872b01 sepolicy: adding dontaudit for init_shell 
Change-Id: Ia91078502b448221ad803674a003378e1f7a846c
 2020-04-28 12:09:04 +05:30
Jaihind Yadav
a5d7317049 sepolicy: adding getattr perm for init. 
Change-Id: I4b7295066031aa838139dda203fec019a11386dd
 2020-04-27 21:03:43 +05:30
kranthi
a715cbecb7 Allowing system process to read gpu model 
Addressing the following denials :
type=1400 audit(0.0:95): avc: denied { read }for name="gpu_model"
dev="sysfs" ino=80653 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0
type=1400 audit(0.0:59): avc: denied { read }for name="gpu_model"
dev="sysfs" ino=80653 scontext=u:r:hal_graphics_allocator_default:s0
tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 tclass=file permissive=0
type=1400 audit(906.783:162): avc: denied { read }for comm="surfaceflinger"
name="gpu_model" dev="sysfs" ino=61205 scontext=u:r:surfaceflinger:s0
tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0 tclass=file permissive=0
type=1400 audit(0.0:345): avc: denied { read } for name="gpu_model"
dev="sysfs" ino=80685 scontext=u:r:mediacodec:s0
tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0
type=1400 audit(0.0:185): avc: denied { read } for name="gpu_model"
dev="sysfs" ino=80685 scontext=u:r:untrusted_app_27:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0
type=1400 audit(0.0:185): avc: denied { read } for name="gpu_model"
dev="sysfs" ino=80685 scontext=u:r:untrusted_app_29:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl_gpu_model:s0

Change-Id: Icd52def059afed9114f0a5a868babc849086dd6f
 2020-04-27 17:40:45 +05:30
Ravi Kumar Siddojigari
47d7262aef sepolicy: removed regexp for ssr nodes from common file 
regexp for ssr node (used for subsys ) are been moved to
target specfic file and is no longer needed .

Change-Id: I4df4ac51d3df81de5311a071374d489516814603
 2020-04-26 21:57:18 -07:00
Can Guo
902a47d8dc sepolicy: Correct the wild-card expression of ufs-bsg devices 
This change corrects the wild-card expression of /dev/ufs-bsg devices.

Change-Id: I5c978a5116ddc5726de2b7cbdbeae2af2dee88c2
 2020-04-26 21:46:27 -07:00
Camus Wong
b130a28d3b sepolicy: [AISW-7895] Allow gralloc for hardware buffer 
Add SE policy to allow neural network vendor driver to
allocate hardware buffer via Gralloc

Change-Id: Icf4a230df70d1adab987a929134572247b640ddf
 2020-04-25 19:46:21 -04:00
Sahil Chandna
4cab791acf sepolicy: Remove labels for usbpd and power_supply properties 
Remove the regular expression labels for usbpd and power_supply properties.
This helps in overall reduction in boot time.

Change-Id: Ica22cab57f1d0bb93315b74c6dee52a06f2c2855
 2020-04-25 21:19:30 +05:30
qctecmdr
ef73255fb9 Merge "sepolicy: Add rules for vendor_dataservice_app" 2020-04-24 08:57:51 -07:00
Varun Arora
b2ecc38c2d Update hw recovery rules 
Change-Id: Iedcacf65444ee5a4f2a3351645b240249fd4b0d9
 2020-04-23 12:59:31 -07:00
Ayishwarya Narasimhan
7689d8b793 sepolicy: Add rules for vendor_dataservice_app 
Change-Id: I614556e7f081894d8352278f11d1140916d7d5ad
 2020-04-23 11:14:44 -07:00
qctecmdr
e94fb5a533 Merge "sepolicy: Add DPM socket connect rules to gmscore_app." 2020-04-23 03:20:30 -07:00
Manoj Basapathi
efc42dfbcc sepolicy: Add DPM socket connect rules to gmscore_app. 
-Allow access to gmscore_app by DPM socket connect rules.

Change-Id: I6850d1aa69f88d4a312a5fbd2e4152775d3ffa1d
 2020-04-22 19:01:03 +05:30
qctecmdr
9419b1e8cf Merge "mdm-helper: Add rule for probing ramdump access path" 2020-04-22 04:38:29 -07:00
qctecmdr
374e0a3352 Merge "sepolicy: add permissions to shsusrd to use qipcrtr" 2020-04-21 10:20:30 -07:00
qctecmdr
3cbeaf220f Merge "sepolicy: create domain and file context for shsusrd" 2020-04-21 06:09:53 -07:00
qctecmdr
b35317dabc Merge "sepolicy: allow netmgrd to access ipc logging" 2020-04-21 01:14:30 -07:00
Subash Abhinov Kasiviswanathan
23e91506ec sepolicy: add permissions to shsusrd to use qipcrtr 
Add shsusrd permission to use qipcrtr socket for qmi messaging.

Change-Id: If41fcc8cc94e211fdef8b30935a633c35546818b
 2020-04-19 23:43:40 -06:00
Subash Abhinov Kasiviswanathan
6002f11d6d sepolicy: create domain and file context for shsusrd 
Create a new domain for shsusrd and file contexts for the log file.
Also permissions to access shared memory in /proc/shs and to
auto start with init.

Change-Id: I236003b72162e32b0f587b067176127388ab4748
 2020-04-19 23:43:00 -06:00
qctecmdr
1076527176 Merge "sepolicy:dontaudit gmscore_app" 2020-04-18 04:49:12 -07:00
qctecmdr
8d092761a8 Merge "sepolicy: Add rules for SystemHelper HAL" 2020-04-18 04:49:12 -07:00
Subash Abhinov Kasiviswanathan
8ea9ea39ef sepolicy: allow netmgrd to access ipc logging 
Allows search of ipc logging directory so kernel can open
ipc logging files indirectly triggered from  netmgrd.

Change-Id: I263a4b251badd9e796a8cfc73b9de17915e7ddc6
 2020-04-17 15:14:34 -07:00
Mohamed Moussa
e6404386d8 sepolicy:dontaudit gmscore_app 
This will silence AVC denials without allowing a permission by using dontaudit rules.

Change-Id: I222c696846a6a21452bd2ef7d3d283f9c6a85f51
 2020-04-15 12:27:18 -07:00
Linux Build Service Account
c067d4eacf Merge "sepolicy: Rename vendor soc_id and soc_name properties" into sepolicy.lnx.6.0 2020-04-15 06:03:10 -07:00
Roopesh Nataraja
b8db03db5c sepolicy: Rename vendor soc_id and soc_name properties 
Change-Id: I0f7ae97ba9480c46b7a00598312089b9b7c39f05
 2020-04-13 11:10:10 -07:00
Nirmal Kumar
48f931a28f hal_bootctl : Update sepolicy for hal_bootctl 
-allow hal_bootctl_server to perform rawio
            -In 'user' builds rawio is not allowed for hal_bootctl_server domain.

Change-Id: I78bedd7aba25a58aba68748b80a1ebf810990860
 2020-04-13 11:05:17 -07:00
Rohit Soneta
fa67406408 sepolicy: Add rules for SystemHelper HAL 
Change-Id: I98ce0f491e1c80ef6d61aff68c192914fbf25073
 2020-04-13 13:35:48 +05:30
qctecmdr
c5cd53ddf0 Merge "Sepolicy: Allow bluetooth to access libsoc_helper" 2020-04-11 01:43:10 -07:00
qctecmdr
f31f365603 Merge "sepolicy: Add rules for QCV init rc and sh scripts" 2020-04-11 01:43:10 -07:00
Jack Pham
9f9a4af25e sepolicy: Allow init (recovery) to access USB sysfs 
Add genfs contexts for USB sysfs entries that control the
operational mode and assign them as vendor_sysfs_usb_device type.
Allow init context to access these paths for recovery mode.

Change-Id: Ic1f0c5e9237848ac47cebca6e2cbbe9bd25270ad
 2020-04-10 17:09:19 -07:00
Roopesh Nataraja
9074980d8a sepolicy: Add rules for QCV init rc and sh scripts 
- Add rules to allow execution of init.qti.qcv.sh
- Allow init.qti.qcv.sh to set_prop vendor_soc_name_prop
- Allow init.qti.qcv.rc to read vendor_soc_name_prop

Change-Id: I4f548bf0ab424dceba1d5b72c1ec8a596a037431
 2020-04-10 13:57:57 -07:00
Satish kumar sugasi
1f9ac5aeb5 Sepolicy: Allow bluetooth to access libsoc_helper 
Change-Id: Ife1537ad7954a42f6892e442abf1004e57ddf914
 2020-04-09 23:15:11 -07:00
qctecmdr
f511f71e18 Merge "File context for vendor_boot in Lahaina - Use existing boot_block_device label for vendor_boot_[a/b] vendor_custom_ab_block_device cpucp_[a/b] & shrm_[a/b] " 2020-04-09 14:40:36 -07:00
qctecmdr
d12209724a Merge "hal_bootctl : Add sepolicies for hal_bootctl - Access /dev and vendor_bsg device - Allow sys_rawio for capability check in scsi" 2020-04-09 10:48:13 -07:00
Linux Build Service Account
02cbd45b80 Merge "sepolicy: Add custom domain and rules for LibsocHelperTest" into sepolicy.lnx.6.0 2020-04-09 08:25:23 -07:00
Linux Build Service Account
e2bda41177 Merge "sepolicy: Create subsys nodes for Lahaina" into sepolicy.lnx.6.0 2020-04-08 18:39:05 -07:00
David Ng
a8516c5dfa mdm-helper: Add rule for probing ramdump access path 
Add rule for probing ramdump path write access.  This is necessary
as user configuration may still have MDM reporting a ramdump
(configuration of commercial vs debug configs are independent).

Add previously missing entry to handle mdm-helper killing its
forked process that handles EFS sync.  This is purely for left
over EFS sync process cleanup that can occur on mdm-helper
crash/restart (not an expected scenario but purely a robustness
catchall).

Relocate mdm-helper from qva to generic as this is a baseline
daemon dependent only on hardware capability (fusion hardware).

Change-Id: Ic3c573ab9c5b0c1eacf9d61d0002e67bd74e99e8
 2020-04-07 16:31:11 -07:00
Roopesh Nataraja
ced3bd1562 sepolicy: Add custom domain and rules for LibsocHelperTest 
Change-Id: Ic02b251cc5ae13e63e5e9df66193d0b7bbf32516
 2020-04-07 11:48:52 -07:00
Chris Lew
f1eee6b5e6 sepolicy: diag-router: Add mhi device permissions 
diag-router needs mhi character dev read/write permissions to bridge
the diag connection to external socs.

Change-Id: I22028e1c9b164aba24374413e16440e8deae8c4b
 2020-04-06 17:45:07 -07:00
David Ng
e91e433838 sepolicy: Create subsys nodes for Lahaina 
Add subsystem handling mapping for various hw variants of the target.

Change-Id: I1bc38fd92eef09e6f81a6914d3c876e711075d2c
 2020-04-06 17:33:48 -07:00
Nirmal Kumar
b2fb5ba86a hal_bootctl : Add sepolicies for hal_bootctl 
-  Access /dev and vendor_bsg device
            - Allow sys_rawio for capability check in scsi

Change-Id: I051a5e8fa498aa9791d8fb872ec49504ca311db2
 2020-04-06 12:34:53 -07:00
vijaagra
901802b27d sepolicy: Add rule to give perms to read gpuclk 
avc: denied { read } for comm=52756E6E65723A20676C5F34
name="gpuclk" dev="sysfs" ino=78660
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:sysfs_kgsl

Change-Id: I985cc9164c3cd52537ce5abcdcb42d763790aaa7
 2020-04-06 04:54:51 -07:00
Linux Build Service Account
ac290aa388 Merge "sepolicy: Update rpmb device path and type" into sepolicy.lnx.6.0 2020-04-06 00:54:14 -07:00
Linux Build Service Account
a7215f3e9c Merge "Allow fastbootd to access power_supply, usb nodes." into sepolicy.lnx.6.0 2020-04-06 00:53:15 -07:00
P.Adarsh Reddy
822e1e5465 Allow fastbootd to access power_supply, usb nodes. 
This change allows fastbootd (for healthd) to access
the power_supply and usb nodes.

Change-Id: Ib5c637b28dd65c6958778b02c3026c90b39fe713
 2020-04-03 06:15:04 -07:00
Ayishwarya Narasimhan
feb53b6ee6 sepolicy changes for imsfactory hal 
Change-Id: I72644a4de6e4670dd91a4eb6cb54ea8c29740990
 2020-04-03 01:20:41 -07:00
Nirmal Kumar
090ce33412 File context for vendor_boot in Lahaina 
- Use existing boot_block_device label for vendor_boot_[a/b]
      vendor_custom_ab_block_device cpucp_[a/b]  & shrm_[a/b]
        

Change-Id: If3b72642c3b78cd5ca96d3e4e6d8e3252d19f920
 2020-04-01 10:42:30 -07:00
qctecmdr
6e502ef51a Merge "sepolicy: Add permissions for persist.console.silent.config" 2020-04-01 01:46:08 -07:00
qctecmdr
b03a618e5a Merge "sepolicy: Permissions for v1.3 DRM and clearkey HALs" 2020-03-31 07:02:32 -07:00
qctecmdr
95b74e3405 Merge "sepolicy:Restrict access to vendor_restricted_prop" 2020-03-31 07:02:32 -07:00
qctecmdr
6a91762f95 Merge "Add sepolices to update engine domain." 2020-03-31 07:02:28 -07:00
Murthy Nidadavolu
70c453a603 sepolicy: Permissions for v1.3 DRM and clearkey HALs 
FR60432: OEMCrypto Version 16 support

Allow v1.3 DRM and clearkey HALs in SEPolicy.
Keep v1.2 HALs as well for backward compatibility.

Change-Id: I5aeb50f80507143c8adcf597a78202590447149e
 2020-03-30 10:29:34 +05:30
qctecmdr
89de2e16ae Merge "sepolicy: Allow libsoc_helper vendor clients to read soc_id" 2020-03-27 20:04:42 -07:00
qctecmdr
15d3fce672 Merge "sepolicy: allow netmgrd to access qmipriod properties" 2020-03-27 20:04:42 -07:00
Roopesh Nataraja
d28a917a4a sepolicy: Allow libsoc_helper vendor clients to read soc_id 
Change-Id: I530fa6d368471158ffc04c75d1f3bdb71f6cc0d3
 2020-03-27 17:26:28 -07:00
Sean Tranchetti
c3e415cb69 sepolicy: allow netmgrd to access qmipriod properties 
Allows netmgr to control starting/stopping the qmipriod daemon via
setting the relevant android properties.

Change-Id: I35d9af93ff565bddc4813eef8ad36db896d4a400
 2020-03-27 14:30:00 -06:00
Sean Tranchetti
c373d9978c sepolicy: create initial sepolicy for qmipriod 
Creates the initial sepolicy to allow for the qmipriod binary to be
launched on init, as well as access the needed resources.

Change-Id: Ib3c9d1b62148a370ff8bc80598dd550291b2c776
 2020-03-27 14:29:14 -06:00
P.Adarsh Reddy
f0cca4ea72 Add sepolices to update engine domain. 
While applying OTA update package, update engine
loops through partitions entries/mountpoints.
Add few policies and supress the dac ones.

Change-Id: Ic4ff7e8df86a01a3b7380e0bd458909f9099953e
 2020-03-27 02:49:17 -07:00
Monika Singh
a70ca8717e sepolicy: Update rpmb device path and type 
On 4.19 kernel, due to upstream commit <97548575be>
(mmc: block: Convert RPMB to a character device),
there is a change in RPMB path from "/dev/block/mmcblk0rpmb"
to “/dev/mmcblk0rpmb”. Also block device design for RPMB is
now changed to char device. This change updates RPMB path
and provides required permissions for qseecom to be able to
access new device design for RPMB eMMC device.

Change-Id: I7545b9b30b9b8f1c0fd8aacd38048516c2f86970
 2020-03-27 11:46:14 +05:30
qctecmdr
a88906f9e2 Merge "sepolicy: vendor modprobe changes" 2020-03-26 19:41:05 -07:00
Sayali Lokhande
4d86cb2738 sepolicy : Allow kernel to search debugfs_mmc dir 
Debugfs is failed to be initialized because of the denial below.
Add selinux policy to fix it.
avc: denied { search } for comm="kworker/0:1" name="mmc0"
dev="debugfs" ino=6562 scontext=u:r:kernel:s0
tcontext=u:object_r:debugfs_mmc:s0 tclass=dir permissive=0

CRs-Fixed: 2636489
Change-Id: I831a363d448b3efe11960c3937b04dbca80d37f3
 2020-03-25 23:02:57 -07:00
Srinivasarao P
7b50fbd4ec sepolicy: Add permissions for persist.console.silent.config 
provide permissions to read property persist.console.silent.config
to fix avc denial issues.

Change-Id: I85c13f99239f433daf9bc64fbb52cb61c5666b9c
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
 2020-03-25 22:34:28 -07:00