tequilaOS/platform_device_qcom_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3500 commits 1 branch 0 tags 4.5 MiB
Commit graph

624 commits

Author SHA1 Message Date
qctecmdr
f2ce4398c2 Merge "Update telephony SELinux policies to avoid name collision." 2020-03-25 13:55:36 -07:00
Garik Badalyan
bb15e90b05 Update telephony SELinux policies to avoid name collision. 
-Update telephony SELinux policies to avoid name collision
in future.
-Remove old unused telephony SELinux labels.

Change-Id: I60224d6a34d95c853b7ad32a17ecbce4b7b9b204
CRs-Fixed: 2644933
 2020-03-23 13:27:33 -07:00
Sreelakshmi Gownipalli
51359b97ab diag: Add support for connecting to diag via unix sockets 
Add support to connect to diag unix socket from diag vendor clients.

Change-Id: I65f8738e0473fe1bdbbf369a8f60e86e6c2f8284
 2020-03-23 07:40:45 -07:00
Linux Build Service Account
4118b742f5 Merge "sepolicy: Define new policy rule to read gpu model" into sepolicy.lnx.6.0 2020-03-23 06:13:12 -07:00
Linux Build Service Account
5d80ff03be Merge "Update device sepolicy rules for NN HAL 1.3" into sepolicy.lnx.6.0 2020-03-20 03:06:08 -07:00
kranthi
dbe56c1472 sepolicy: Define new policy rule to read gpu model 
Add  a new file context label for gpu_model sysfs entry. allowed read
access to that entry.
Addressing the following denials :
type=1400 audit(0.0:62): avc: denied { read } for
name="gpu_model" dev="sysfs" ino=78734 scontext=u:r:mediaserver:s0
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0
type=1400 audit(0.0:88): avc: denied { read } for name="gpu_model"
dev="sysfs" ino=78734 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0 app=com.android.systemui
type=1400 audit(0.0:100): avc: denied { read }
for name="gpu_model" dev="sysfs" ino=78734 scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0
app=com.android.launcher3

Change-Id: I9e1b9ffbb88ea62b4cc530564d811d7cfc640bbc
 2020-03-19 14:16:40 +05:30
qctecmdr
c2740d3582 Merge "sepolicy for imscmservice hal" 2020-03-18 22:44:28 -07:00
Alex Kuoch
1e2814c890 Update device sepolicy rules for NN HAL 1.3 
Change-Id: Iaa6c1251cd3156887b58cf73ce565fb8a749af41
 2020-03-18 14:42:41 -04:00
Shawn Shin
6c80bcc5f2 sepolicy: qcc: move QCC to system-ext partition 
qdmastatsd renamed to qcc_trd and qdma renamed to qcc
vendor_ prefixed

CRs-fixed: 2605804
Change-Id: I55b699228bcf46de57c2dc019fac80bcc55424a1
 2020-03-18 09:20:50 -07:00
Ayishwarya Narasimhan
0a530f0119 sepolicy for imscmservice hal 
Change-Id: I673c43e91da3b66d685a994fe0718dbb1948bc35
 2020-03-17 09:49:16 -07:00
qctecmdr
7f04ba192b Merge "sepolicy: Allow audio hal to access bluetooth property" 2020-03-17 03:38:00 -07:00
qctecmdr
047f367ee8 Merge "sepolicy: Add read dir permission to hal_bootctl.te" 2020-03-17 03:38:00 -07:00
Naval Saini
8778599f9d sepolicy: Allow audio hal to access bluetooth property 
Allow audio hal to access(read) bluetooth persist property

CRs-Fixed: 2620572
Change-Id: I6663a262bfd41ca1de8af8f743e319133045fe17
 2020-03-15 23:12:18 -07:00
qctecmdr
db681779a2 Merge "sepolicy: Allow RPMB service and recovery access bsg device driver nodes" 2020-03-13 05:21:51 -07:00
himta ram
320c36231c sepolicy: move the FM sepolicy rules to product 
Created the new domain for FM.
Moved the FM sepolicy rules to product.

CRs-Fixed: 2641193
Change-Id: I3cfe84dbe93c108124475a3e3825f7f80b5f6e57
 2020-03-13 05:03:36 -07:00
Linux Build Service Account
406b8c8f27 Merge "ims : add tipc socket permission rule" into sepolicy.lnx.6.0 2020-03-12 21:59:52 -07:00
Linux Build Service Account
eefb643ced Merge "sepolicy: adding protected_hwservice attr to hwservice." into sepolicy.lnx.6.0 2020-03-12 21:58:52 -07:00
Linux Build Service Account
42a45deb47 Merge "sepolicy: add permissions for devfreq nodes on lahaina" into sepolicy.lnx.6.0 2020-03-12 21:58:51 -07:00
Linux Build Service Account
d7beb87069 Merge "Adding Kill capability to perf hal service." into sepolicy.lnx.6.0 2020-03-11 19:00:38 -07:00
Amir Vajid
f5411bea95 sepolicy: add permissions for devfreq nodes on lahaina 
Add permissions to access devfreq dcvs nodes on lahaina.

Change-Id: Idc5a192699a697cc8c2e7a2ae1119215a93b407f
 2020-03-11 17:52:09 -07:00
Jaihind Yadav
6d99179f63 sepolicy: adding protected_hwservice attr to hwservice. 
Change-Id: Ic929f39a894cc86572fb55c53bd4d1e1e82306d7
 2020-03-11 05:43:21 -07:00
qctecmdr
3e01e5c665 Merge "sepolicy: add sepolicy label for charge_pump" 2020-03-10 20:35:04 -07:00
Linux Build Service Account
e5489dfaa0 Merge "sepolicy: give se policy permission to npu dcvs nodes" into sepolicy.lnx.6.0 2020-03-10 19:59:05 -07:00
Manoj Basapathi
bfa6c2ffe5 ims : add tipc socket permission rule 
Change-Id: I688c50047a559d00386ec54093d665fffab853b3
 2020-03-10 16:22:44 -07:00
Can Guo
6126a64578 sepolicy: Allow RPMB service and recovery access bsg device driver nodes 
This change is to allow RPMB service and Android recovery access
storage bsg char device driver nodes.

Change-Id: I2441f2de6273c2d44a24d4be5cf8c8d58ec6fcf6
 2020-03-09 23:19:47 -07:00
Linux Build Service Account
1b462b2387 Merge "Revert "Revert "sepolicy: update SELinux rules for ims application""" into sepolicy.lnx.6.0 2020-03-09 06:23:09 -07:00
Smita Ghosh
07d473667a sepolicy: Add read dir permission to hal_bootctl.te 
hal_bootctl needs read permission to sysfs_dt_firmware_android

Change-Id: I6e89b2db756d7070bc4b815cf15a6a4f241d137b
 2020-03-05 17:06:08 -08:00
Wileen Chiu
106d993854 Revert "Revert "sepolicy: update SELinux rules for ims application"" 
This reverts commit 7a059d4202.

Change-Id: I3b5c615012bacc440362e23e343ab05db8d3253f
CRs-Fixed: 2616500
 2020-03-05 10:12:46 -08:00
Sai Manobhiram
bac8a9c806 Adding Kill capability to perf hal service. 
Adding permission to kill only the app domain from vendor.
For lito, atoll, trinket.

Change-Id: Id9377a993ca847aaa830d53a330aabad1db3cd17
 2020-03-04 15:21:59 +05:30
Rishiraj Manwatkar
764c97ec56 sepolicy: vendor modprobe changes 
Change-Id: I8d86a719c97135c4b701a4cddd029dfd23aeda71
 2020-03-02 16:33:06 -08:00
Ashay Jaiswal
e23a4ade5e sepolicy: add sepolicy label for charge_pump 
Add sepolicy label to files exposed by charger_pump master and slave
devices.

Change-Id: Id70e39695444573638055f88734f0ae02df25a02
 2020-03-02 09:21:26 +05:30
Benergy Meenan Ravuri
93d59b0028 update sepolicy for init.qcom.testscripts.sh 
Change-Id: Ic15d63db8e71c90781dde48f971920bb49be7852
CRs-Fixed: 2625015
 2020-02-28 17:55:25 -08:00
Santosh Mardi
dce94f494f sepolicy: give se policy permission to npu dcvs nodes 
Give SE policy permission to npu dcvs nodes used to scale
DDR frequency based on traffic from npu->llcc and llcc->ddr.

Change-Id: Ib58f75a65b7979d58128a594769916ec25bf9082
 2020-02-28 01:16:41 -08:00
qctecmdr
2030effbfe Merge "Revert "sepolicy: Define key for TimeService apk"" 2020-02-27 03:04:34 -08:00
vijay rayabarapu
7a059d4202 Revert "sepolicy: update SELinux rules for ims application" 
This reverts commit a9e385381b.

Change-Id: I9006b1af2506bf0b8f0efe62e7aafd16e15ccbb1
 2020-02-26 16:40:05 +05:30
Aditya
1d841a2eeb sepolicy:Restrict access to vendor_restricted_prop 
CRs-Fixed: 2650922

Change-Id: Id93fb2215421d6e86e83a3d577a36aadd6a697ab
 2020-02-26 16:23:45 +05:30
qctecmdr
65ddd18b92 Merge "sepolicy: add audio daemon" 2020-02-23 03:51:27 -08:00
qctecmdr
192c565c82 Merge "sepolicy: update SELinux rules for ims application" 2020-02-20 12:36:54 -08:00
Amritendu Biswas
bcecad1de5 sepolicy for embms hal service 
Allow embmssl hal to access unix_stream_socket,
Allow embmssl hal to access qipcrtr_socket

Change-Id: I84024db652dc839c9f07e46a620e7b9659da7297
 2020-02-19 17:59:07 -08:00
Aalique Grahame
07fe88eee7 sepolicy: add audio daemon 
Add policy for audio adsprpc daemon

Change-Id: Ib05cf29a3e06571e5a718bde9032b19625b5a300
 2020-02-19 16:35:40 -08:00
Wileen Chiu
a9e385381b sepolicy: update SELinux rules for ims application 
Change-Id: I82638566030d660140430176cee0fe4ca605b1ed
CRs-Fixed: 2616500
 2020-02-19 15:10:16 -08:00
qctecmdr
2753577d08 Merge "Add Device Info hal vendor.qti.hardware.radio.internal.deviceinfo@1.0" 2020-02-19 06:56:04 -08:00
Linux Build Service Account
f0545d99ef Merge "sepolicy: categorising product partition sepolicy b/w generic and qva." into sepolicy.lnx.6.0 2020-02-18 19:18:47 -08:00
Avinash Nalluri
17c98d98c5 Add Device Info hal vendor.qti.hardware.radio.internal.deviceinfo@1.0 
- Add new HAL to the config files
- vendor.qti.hardware.radio.internal.deviceinfo@1.0

Change-Id: Ia32ee8d8742850bc95fe5ac8876aca8843d73f3e
CRs-Fixed: 2605646
 2020-02-18 09:55:57 -08:00
qctecmdr
d4ca30ba03 Merge "sepolicy: Add selinux policy for kernel debug script" 2020-02-18 08:57:34 -08:00
qctecmdr
d4cb924ee2 Merge "sepolicy: Add vm block devices labeling" 2020-02-18 05:46:28 -08:00
qctecmdr
a7c80aa192 Merge "lito: Assign subsys nodes file contexts in a dynamic way." 2020-02-18 02:56:24 -08:00
qctecmdr
50f7bc43d5 Merge "Sepolicy changes for new mutualex daemon" 2020-02-18 00:19:38 -08:00
Mohit Aggarwal
6987530a28 Revert "sepolicy: Define key for TimeService apk" 
This reverts commit 6886e3677e.

Change-Id: I9b4414691680c399717370b118e01dbc0d4aac09
 2020-02-18 11:48:29 +05:30
qctecmdr
6cacff8bb7 Merge "sepolicy: add property to generic for loading shsusrd via netmgr" 2020-02-17 21:20:54 -08:00
Jaihind Yadav
9a10acbf78 sepolicy: categorising product partition sepolicy b/w generic and qva. 
Change-Id: I10cb485e1b461e30f5c0e12d277a9b6fda8decee
 2020-02-17 03:34:29 -08:00
P.Adarsh Reddy
f072a4ac23 lito: Assign subsys nodes file contexts in a dynamic way. 
The subsystem name to subsys number mapping is not constant
and can change based on the order of probing OR incase a new
subsystem gets added.
To handle such cases, this change assigns the contexts in a
more dynamic way using regex within file-contexts file.

Change-Id: Ibc688f334381dffec2bf5419305fabcf2ecd72e6
 2020-02-17 14:09:12 +05:30
Ayishwarya Narasimhan
1da1d96826 Sepolicy changes for new mutualex daemon 
Change-Id: Ie3cd5f9c1ced4f40fba5144cc079344c0ab4e2d9
 2020-02-14 10:31:57 -08:00
Subash Abhinov Kasiviswanathan
fb0b4167cb sepolicy: add property to generic for loading shsusrd via netmgr 
Add property to generic sepolicy for loading shsusrd from netmgr.
Fixes the following-

[   66.051992] type=1107 audit(1549.328:591): uid=0 auid=4294967295
ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for
property=persist.vendor.data.shsusr_load pid=921 uid=1001 gid=1001
scontext=u:r:vendor_netmgrd:s0 tcontext=u:object_r:vendor_default_prop:s0
tclass=property_service permissive=0'

CRs-Fixed: 2575687
Change-Id: I32fb31a7f5e64c2095aee081fd855900be0d0701
 2020-02-13 18:09:30 -07:00
David Ng
ba68c652cf sepolicy: Add vm block devices labeling 
Add VM (virtual machine) partition block devices and associated
firmware file labeling and handling policies.

Centralize update_engine_common.te under generic/vendor/common
as the content are all common at this time.

Change-Id: Iba8bf4150db861f97bc9b78b70683f73b6fa7607
 2020-02-13 15:10:53 -08:00
Subbaraman Narayanamurthy
8b21758fcb sepolicy: add genfs_contexts for Lahaina 
Add genfs_contexts for Lahaina with adding rules for power supply
class and LED devices.

Change-Id: Id9e2dbb52a944d59e5e95550de062ed81a3c94fe
 2020-02-13 12:38:44 -08:00
qctecmdr
dc207e5ce7 Merge "Update context of qtidataservices from radio to app" 2020-02-12 13:36:31 -08:00
qctecmdr
7d21b2bf0c Merge "sepolicy: Add sepolicy rules to the kernel-scripts" 2020-02-12 05:43:04 -08:00
Mao Jinlong
467908b46b sepolicy: Add selinux policy for kernel debug script 
Add selinux policy for kernel debug script. This script is
run in boot up phase by vendor init.
·
Change-Id: I8e3fade00c85a48fe2899de8f87b7322bdebf147
 2020-02-12 02:42:03 -08:00
qctecmdr
4265545064 Merge "diag: Fix diag-router selinux denials" 2020-02-11 15:06:36 -08:00
qctecmdr
8c6c92a997 Merge "Add sepolicy for diag-router app" 2020-02-11 11:09:48 -08:00
qctecmdr
47224bd2a5 Merge "sepolicy: Add policies for mapper 4" 2020-02-11 06:13:57 -08:00
qctecmdr
e616895b0d Merge "genfs_contexts: Add label to qdss sysfs nodes for lahaina" 2020-02-10 21:36:38 -08:00
Sreelakshmi Gownipalli
19e2586c95 diag: Fix diag-router selinux denials 
Fix diag-router  selinux denials

Change-Id: Ib50b147ad74b5bd7f8ae744d3b50a13d76c99c8e
 2020-02-06 11:40:17 -08:00
Rama Aparna Mallavarapu
8cdff3101e sepolicy: Add sepolicy rules to the kernel-scripts 
Add file permissions to the kernel scripts.

Change-Id: Ibe2310126ba561be6b842ae93e31695bc45d6c06
 2020-02-05 11:57:26 -08:00
Pavan Kumar M
ae09195021 Update context of qtidataservices from radio to app 
Change-Id: I0d8a6bada4f7e4b73a8bb1bcbb7118fdd28f49f5
 2020-02-05 01:17:44 -08:00
Sreelakshmi Gownipalli
0ac2ef91f5 Add sepolicy for diag-router app 
Add sepolicy to start diag-router app
as daemon.

Change-Id: Ide457c27a393eab878e8f12a2e5d24df93b8dedf
 2020-02-04 23:04:57 -08:00
Tharaga Balachandran
d5c3eb7cba sepolicy: Add policies for mapper 4 
CRs-Fixed: 2612324
Change-Id: I780984a35d22571e8e1cd5de5655f2bb6d563a96
 2020-02-04 11:56:52 -05:00
Jaihind Yadav
3e0f3c1cdc sepolicy : adding misc changes. 
1- adding vendor_ for product partition.
2- adding some of missing change.
3- adding back IAnt hwservice.

Change-Id: I180dced0680f38c7a1817a70b8e0dc24bfb726bf
 2020-02-02 22:29:35 -08:00
Roopesh Nataraja
c98b903f68 sepolicy: Add macro for libsoc helper module 
Adds permissions needed for vendor modules to
get soc info at run time. All native clients
using the libsoc helper module must use
the macro for their domain.

The existing permission needs are empty
(already part of domain) but added placeholder
to allow any underlying mechanism changes that
may require new permissions.

Change-Id: Iaeb93c5473f03c7b3b7956e8bbb5ec6ed733ae4f
 2020-01-29 17:15:50 -08:00
Mao Jinlong
c8a6e9329f genfs_contexts: Add label to qdss sysfs nodes for lahaina 
Add label to qdss sysfs nodes to avoid the denial when qcomsysd accesses
qdss sysfs.

Change-Id: Ifdc5e9c30fed0f2affe7c4601791809b3d1e9ff8
 2020-01-27 12:14:27 -08:00
P.Adarsh Reddy
eca8ae265e Allow update engine to access to metadata_file. 
With virtual-ab feature, update engine needs access
to metadata_file, allow the same.

Change-Id: Ia366da18517db28f4404f2605987e1b36906a83a
 2020-01-23 19:56:47 +05:30
Roopesh Nataraja
b773abb1d9 sepolicy: Add sepolicies to define and use vendor_soc_prop 
Change-Id: I4a144280ae808344bdad6aa6ab67f9aed3354c88
 2020-01-22 15:37:21 -08:00
Indranil
feb73ab88c sepolicy: Add rules for feature_enabler_client for DRM playback 
Change-Id: I580ba99411430d06c664f01b2599a5b49b83b593
 2020-01-22 02:14:18 -08:00
Likai Ding
25515d4cd1 sepolicy: categorize vendor properties 
CRs-Fixed: 2595377
Change-Id: I6d7045e4a235b49c0a312c253c4e236a635a84ad
 2020-01-20 03:16:42 -08:00
Jaihind Yadav
c03022a303 sepolicy: adding vendor_ prefix changes for pub/priv dirs. 
to avoid naming colision with system types we are adding vendor_ prefix for all vendor defined types.

Change-Id: I1396f2c6d9576af3c3755096bb1e69d254b6db4e
 2020-01-14 07:14:38 -08:00
Jaihind Yadav
9d9631c596 sepolicy: adding vendor prefix to avoid naming colision 
Change-Id: Ib403824c380696e1fca97ef744863a6e15000395
 2020-01-14 20:31:42 +05:30
Mahesh Sharma
a418dabea1 sepolicy: Add rules for ANT HAL 
Change-Id: I1eb832cc45b50965611e848b78e64ae6fac73977
 2020-01-08 18:03:51 -08:00
qctecmdr
924c188375 Merge "sepolicy: use protected_hwservice" 2020-01-03 01:05:52 -08:00
Likai Ding
4ac1f7d737 sepolicy: use protected_hwservice 
CRs-Fixed: 2595378
Change-Id: I9e2d0cd52162ef5be50e8955c507f49321352ce0
 2020-01-02 15:12:45 +08:00
padarshr
c2ac5d1a41 Add QSPM related dontaudit and thermal sepolicy rules. 
Change-Id: Ie54119ada98cb8692912ca04661e577b4d337a23
 2020-01-01 22:03:26 -08:00
padarshr
3f883456e5 Add file contexts for few new partitions. 
This adds file contexts to few new partitions so
that the ota update engine is allowed to do OTA
over them.

Change-Id: I0290b50a92a7a051a4b285a01b3b70d204be6b82
 2019-12-31 16:58:54 +05:30
qctecmdr
bcd5ee2774 Merge "Add support for lahaina file_contexts" 2019-12-15 23:24:23 -08:00
Subash Abhinov Kasiviswanathan
254cec6163 sepolicy: Add perms for TIPC in netmgrd/rild 
Netmgrd-client communication is changing to TIPC.
Sepolicy needs to grand read/write/bind permissions to netmgrd
and rild to allow communication.

CRs-Fixed: 2586438
Change-Id: I289bbbb2a9aee68fd5f20c0a8144acc71509382b
 2019-12-13 16:21:58 -08:00
Jun-Hyung Kwon
1a04a865e0 sepolicy: allow sensors hal to find graphics mapper service 
allow sensors hal to find graphic mapper service for gralloc1 to
IMapper migration

Change-Id: I9a85e682cac2862b0d6eefa5ff5d6383feba595b
 2019-12-10 10:34:22 -08:00
qctecmdr
af94fa025c Merge "sepolicy-sensors: fix sepolicy denial messages on qsta test app" 2019-12-10 05:10:54 -08:00
qctecmdr
1c3e910343 Merge "sepolicy changes for qcrilNrd daemon" 2019-12-09 10:46:28 -08:00
Smita Ghosh
da37be89a6 Add support for lahaina file_contexts 
Change-Id: Ic0c1b9c865debf567d13a6ebecee3c6f0c9e0573
 2019-12-07 16:38:08 -08:00
Paresh Purabhiya
4786ce5ff7 lito : Enable ODM Partition on Lito 
- Add odm specific policies for lito target

Change-Id: Icdb25b1351690c36edb353f2960c09448982fecb
 2019-12-07 05:52:32 -08:00
Rafeeqh Shaik
fe416219c5 sepolicy changes for qcrilNrd daemon 
qcrilNrd is RIL Daemon. This is new daemon which replaces
qcrild for new targets.

Change-Id: If929028e2a5ee8db77b9df3e4c504871dbf97d16
 2019-12-05 21:01:25 -08:00
Sandeep Neerudu
b99f2ee8f3 sepolicy-sensors: fix sepolicy denial messages on qsta test app 
CR Fixed : 2567282

Change-Id: Ic9e68fae19991ba4931db68507134a68e9c6539b
 2019-11-27 09:06:24 -08:00
Ramkumar Radhakrishnan
bb5d305386 sepolicy: Add permissions for feature_enabler_client 
1. Allow read permission to /mnt/vendor/persist/data/*
2. Binder access for featenab_client.service

Change-Id: I2fcc6e34c5c208c41fcff5ab526a420210a9204c
 2019-11-18 02:17:54 -08:00
Sandeep Neerudu
727a9141ca sepolicy-sensors : allow sensors-hal to access sysfs_adsp_ssr object 
to trigger ssr

Change-Id: Id4a45a972189cdff6d2a4dfd834a977501753b87
 2019-11-13 01:46:47 -08:00
qctecmdr
f04d7607c9 Merge "sepolicy : move lito-sepolicy folder to generic from qva." 2019-11-04 05:14:34 -08:00
qctecmdr
32c73102d0 Merge "sepolicy: Fix avc denials for QSTA test app." 2019-11-04 04:08:15 -08:00
qctecmdr
b2b3c67246 Merge "sepolicy: avoid avc denials in USTA test app path" 2019-11-04 02:58:52 -08:00
qctecmdr
286d083cc4 Merge "Sepolicy: Update the subsystem numbers." 2019-11-04 01:14:07 -08:00
Ravi Kumar Siddojigari
39ec660ac4 sepolicy : move lito-sepolicy folder to generic from qva. 
As change in lito sepolicy handling moving all the sepolicy
related to lito target to  generic folder .

Change-Id: Ib27e9cf90329f6931e79c750a2ab84614e5c2a6d
 2019-10-30 12:24:44 +05:30
Keerthi Gowda Balehalli Satyanarayana
662896ecd8 Sepolicy: Update the subsystem numbers. 
Change-Id: Ic76378f81059b5ff03450b02fdc2d966ef1cc1b8
 2019-10-25 08:29:33 -07:00
Vivek Arugula
0df57d8737 sepolicy: Fix avc denials for QSTA test app. 
This change addresses issue reported in APTSEC-254

Change-Id: I65f0325341f66991f4247d9b45089484a5480909
 2019-10-23 14:07:33 -07:00
Vivek Arugula
11ff0c9a5d sepolicy: avoid avc denials in USTA test app path 
Change-Id: I8f2ab92e54f66c79a2979c6825aed68f81a1739f
 2019-10-23 13:12:22 -07:00
qctecmdr
8cd61d361c Merge "seploicy: For optimization, removing wildcard entry of thermal" 2019-10-22 05:51:17 -07:00
qctecmdr
5dcffe950e Merge "comment out sepolicy neverallow violations to get kona building" 2019-10-22 04:29:36 -07:00
qctecmdr
425192d813 Merge "mediacodec_service was removed." 2019-10-22 02:39:35 -07:00
Sachin Grover
64d8befcb2 seploicy: For optimization, removing wildcard entry of thermal 
Change-Id: I7a843db2ca19c9e530941eef6c1b012c55a62966
Signed-off-by: Sachin Grover <sgrover@codeaurora.org>
 2019-10-20 23:58:08 -07:00
Divya Sharma
0c15e18c6f comment out sepolicy neverallow violations to get kona building 
Change-Id: I6ea860a26ee95ae825ec35acd448880ad9d744ea
 2019-10-16 15:23:46 -07:00
Divya Sharma
7b5419b36e mediacodec_service was removed. 
Change-Id: Ia0df0b3f3ded1d7f62f5e781b012e9bb9ee2c55a
 2019-10-16 15:21:03 -07:00
Rajesh Yadav
a4d2d0ef49 sepolicy: Add rules for TrustedUI and SystemHelper HALs 
Add sepolicy rules for TrustedUI and SystemHelper HALs.

Change-Id: Ic009028c814367cbcef744d921fc7c22960c1981
 2019-10-15 02:25:18 -07:00
qctecmdr
bb191df06b Merge "sepolicy: add dataservice_app access to uce_services." 2019-10-14 05:24:41 -07:00
qctecmdr
a48ea1f159 Merge "sepolicy: Allow hal_memtrack_default search access to sysfs_kgsl" 2019-10-13 23:23:20 -07:00
Ravi Kumar Siddojigari
966192137d sepolicy: add dataservice_app access to uce_services. 
As the commit  db87060f1c.
removed the access for compile time issue adding it back.

Change-Id: I814fa4355693c4fdabcf735eea3e149446dcbabf
 2019-10-10 12:59:36 +05:30
Jaihind Yadav
db87060f1c sepolicy: uce service is moved to system side. 
As this service is moved to system side so definition should be removed from here.

Change-Id: Ie656558c062196203e27c937700e9b568ca80a5d
 2019-10-03 18:51:17 +05:30
Deepak Kumar
7f2c787c42 sepolicy: Allow hal_memtrack_default search access to sysfs_kgsl 
Grant hal_memtrack_default search access to sysfs_kgsl. This fixes
these avc denials seen in user build:
memtrack@1.0-se: type=1400 audit(0.0:2817): avc: denied { search }
for name="kgsl" dev="sysfs" ino=36355
scontext=u:r:hal_memtrack_default:s0
tcontext=u:object_r:sysfs_kgsl:s0 tclass=dir permissive=0

GL and EGL memory are now accounted properly when
"dumpsys meminfo -a <pid>" is executed in user build.

Change-Id: I1601729d4051bc3447a6f680ff38f3aa031efbde
 2019-10-01 12:57:51 +05:30
qctecmdr
85e1512c76 Merge "sepolicy: allow sensor daemon to use wake-lock" 2019-09-29 00:48:09 -07:00
qctecmdr
a4501a9111 Merge "sepolicy: adding vendor_persist_type attribute." 2019-09-29 00:08:50 -07:00
qctecmdr
74707b14bd Merge "Sepolicy : Add dont audit for vendor_gles_data_file label" 2019-09-28 23:26:06 -07:00
Mohit Aggarwal
6886e3677e sepolicy: Define key for TimeService apk 
Define key for TimeService apk
Change-Id: I612120345bed56fd92d438a0a2db3db6aa919519
 2019-09-26 03:44:36 -07:00
Jaihind Yadav
f66d6d1c7b sepolicy: adding vendor_persist_type attribute. 
adding neverallow so that coredomain should not access persist file.

Change-Id: If8ab44db78e08e347cb33239bf2544c22c362b5b
 2019-09-25 18:20:24 +05:30
Linux Build Service Account
90ce94f5b4 Merge "Camera: Add permission for Post Proc service" into sepolicy.lnx.6.0 2019-09-24 00:43:26 -07:00
Linux Build Service Account
d5b3815c1c Merge "sepolicy-sensors : allow init daemon to set sensors_prop properties" into sepolicy.lnx.6.0 2019-09-24 00:40:33 -07:00
Sandeep Neerudu
b9cad48c95 sepolicy-sensors : allow init daemon to set sensors_prop properties 
Change-Id: I6b587a167538cc49c9049511f9448ec99c40b212
 2019-09-23 22:14:10 -07:00
Jun-Hyung Kwon
d34d67fc07 sepolicy: allow sensor daemon to use wake-lock 
allow sscrpcd daemon to access wake-lock sysfs nodes

Change-Id: I679b077480aea8d5eef9df0dd346bd65611ee000
 2019-09-23 22:13:38 -07:00
Rama Krishna Nunna
59b232337b Camera: Add permission for Post Proc service 
- New service added for Post Processor

Change-Id: Ib55517449cee80dd4883a75d8ad9bfb0ed6e1ae1
 2019-09-23 09:17:46 -07:00
kranthi
29c5c84110 Sepolicy : Add dont audit for vendor_gles_data_file label 
System process cannot access vendor partition files.

Change-Id: I7fd5805ac98319660c1e5f9fca3ae2137a49d0a0
 2019-09-23 16:41:37 +05:30
Manaf Meethalavalappu Pallikunhi
8d38d15759 sepolicy: add support for limits-cdsp sepolicy context 
Add limits_block_device file contexts for limits partitions
and allow thermal-engine to access this partition.

Add lmh-cdsp sysfs file to sysfs_thermal file context.

Change-Id: I9c18c9d862f5e99ca36cb8c38acd98ac4f152ebf
 2019-09-23 00:06:15 -07:00
Vivek Arugula
11a5a1c2e3 sepolicy : Add policy rules for usta service 
As part of making USTA (Sensor android test application) as
installable, we split the app into 2 parts. One Acts as only UI,
another one acts as service which interacts with sensors native
via JNI. Both the apps are placed in system/app path only.

Change-Id: I58df425bebef96b9d6515179e9581eed03571ad6
 2019-09-13 17:34:22 -07:00
qctecmdr
700457194e Merge "sepolicy: Add permission for QtiMapperExtension version 1.1." 2019-08-09 04:57:41 -07:00
qctecmdr
76f19f2ea6 Merge "sepolicy: Add rules to enhance pkt logging for cnss_diag" 2019-08-09 02:11:29 -07:00
Ashish Kumar
78fbc21a47 sepolicy: Add permission for QtiMapperExtension version 1.1. 
CRs-Fixed: 2505716
Change-Id: I61d02bcccf2069f792f2ee118fcf5dbf9a7b77ee
 2019-08-08 22:25:46 -07:00
Hu Wang
f0b0780006 sepolicy: Add rules to enhance pkt logging for cnss_diag 
Fix sepolicy denies seen when cnss_diag do pkt logging.

CRs-Fixed: 2502031
Change-Id: If0ae5fb9da36483bef686ae86bdd865f8a3e51ec
 2019-08-08 04:48:33 -07:00
kranthi
03232c6a4f Sepolicy : Do not audit untrusted_app_27 to fix avc denials 
Add do not audit rule for unrusted_app_27 to fix AVC
denials for gpubusy and max_gpuclk props

denial:
type=1400 audit(0.0:465): avc: denied { read } for name="max_gpuclk" dev="sysfs"
ino=56328 scontext=u:r:untrusted_app_27:s0:c178,c256,c512,c768 
tcontext=u:object_r:sysfs_kgsl:s0 tclass=file permissive=0 app=com.gameloft.android.ANMP.GloftA9HM

type=1400 audit(0.0:381): avc: denied { read } for name="gpubusy" dev="sysfs" 
ino=56330 scontext=u:r:untrusted_app_27:s0:c168,c256,c512,c768 
tcontext=u:object_r:sysfs_kgsl:s0 tclass=file permissive=0 app=com.tencent.ig

Change-Id: If11c109b5426c598121cff045ad1693d2221d57e
 2019-08-07 11:35:59 +05:30
Jilai Wang
7dab1aa8e1 sepolicy: Allow NN HAL to access npu device node 
This change is to allow NN HAL to access npu device node.

Change-Id: I193a7fb0b571a734804bc31ccf52376e9a13d500
 2019-08-06 16:55:43 -04:00
Jaihind Yadav
4676536dd1 sepolicy: rule to set kptrstrict value 
Change-Id: I05764146d61ff2ff934888280523fa0559dd083c
 2019-07-31 23:22:36 -07:00
qctecmdr
662e886cb2 Merge "sepolicy: Rename vendor defined property" 2019-07-30 12:53:17 -07:00
Jun-Hyung Kwon
2475d56cc7 Revert "sepolicy : Add property access rules for sensors init script" 
This reverts commit 50dbc4287a.

Change-Id: Ia35ac0fc17cf2fc6cde6cc08465cf1d586a28f5d
 2019-07-29 17:59:28 -07:00
Pavan Kumar M
50ef9c7f89 sepolicy: Rename vendor defined property 
All vendor defined properties should begin with
vendor keyword.

Change-Id: I0235d2b37ead9f015fe27075906dbf33b218173f
 2019-07-29 00:22:17 -07:00
qctecmdr
bb7f2ca878 Merge "Sepolicy: Add policy rules for untrusted_app context" 2019-07-28 21:21:10 -07:00
Rahul Janga
0eb606ffab Sepolicy: Add Do not audit for vendor_gles_data_file 
Addressing the following denials:

audit(0.0:118774): avc: denied { read } for name="esx_config.txt"
dev="dm-4" ino=7451 scontext=u:r:system_app:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=file permissive=1

avc: denied { open } for path="/data/vendor/gpu/esx_config.txt"
dev="dm-4" ino=7451 scontext=u:r:system_app:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=file permissive=1

avc: denied { getattr } for path="/data/vendor/gpu/esx_config.txt"
dev="dm-4" ino=7451 scontext=u:r:system_app:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=file permissive=1

Change-Id: I1d9a8c64a2206e3faa9f367f731f3f542ce7fd4b
 2019-07-25 11:06:50 +05:30
Rahul Janga
9610a7ef1f Sepolicy: Add policy rules for untrusted_app context 
Add gpu related policy rules for untrusted_app

Addressing the following denial:

type=1400 audit(0.0:593): avc: denied { search } for name="gpu" dev="dm-0"
ino=405 scontext=u:r:untrusted_app:s0:c144,c256,c512,c768
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=dir permissive=0
app=com.android.chrome

Change-Id: Iabbc7bea6f00a055f7f0ea3d2b926225737b99d5
 2019-07-24 09:54:45 -07:00
qctecmdr
6e692787b6 Merge "Sepolicy: White list adreno_app_profiles lib" 2019-07-24 04:45:42 -07:00
qctecmdr
83bbdc849e Merge "Sepolicy : Do not audit untrusted_app_27 to fix avc denials" 2019-07-23 05:35:59 -07:00
Aditya Nellutla
202f6a1a0f Sepolicy: White list adreno_app_profiles lib 
This change white lists new adreno_app_profiles library
to avoid sepolicy denials.

Change-Id: Ied35b574aff554a8d26e2cee4fa0530098a48080
 2019-07-23 17:40:35 +05:30
Aditya Nellutla
fcbbf0696e Sepolicy : Do not audit untrusted_app_27 to fix avc denials 
Add do not audit rule for unrusted_app_27 to fix AVC
denials for gpubusy and max_gpuclk props

Change-Id: Idc541a0effc6812c12c1ff5024dfd0b6d4171180
 2019-07-23 16:45:49 +05:30
qctecmdr
280fff6e47 Merge "Sepolicy : Do not audit mediaswcodec access to vendor_gles_data_file" 2019-07-23 02:48:00 -07:00
qctecmdr
78d4d2046a Merge "sepolicy permission required for Socket in port_bridge module." 2019-07-22 05:35:32 -07:00
Chinmay Agarwal
9c95b19d57 sepolicy permission required for Socket in port_bridge module. 
Given SE Policy permissions for port-bridge module to create a UNIX
socket and enable communication with clients in different modules.

Change-Id: I1d3a4fdc30847cd8ee7f7715d3249c1957a0776d
 2019-07-22 14:21:49 +05:30
Rahul Janga
026b564bc3 Sepolicy : Do not audit mediaswcodec access to vendor_gles_data_file 
Addressing the following denial:

type=1400 audit(0.0:10197): avc: denied { search } for name="gpu"
dev="dm-4" ino=405 scontext=u:r:mediaswcodec:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=dir permissive=0

Change-Id: I02c0e40e376dc9d856e1541ba85ede5db379d49a
 2019-07-19 13:50:09 +05:30
qctecmdr
c39df4864d Merge "sepolicy: Add write permission to proc file system" 2019-07-18 23:55:40 -07:00
Ankita Bajaj
bd1c72c440 sepolicy: Add write permission to proc file system 
Provide Wi-Fi HAL read and write access to proc file system.
Wi-Fi Hal needs access to proc file system in order to configure
kernel tcp parameters for achieving higher peak throughputs.

CRs-Fixed: 2491783
Change-Id: I36613f74aaa4adfc33e68442befcdb78af5edd5c
 2019-07-17 14:06:46 +05:30
Ramkumar Radhakrishnan
718f54d0f1 te: Add access permissions for feature_enabler_client 
Add read/write and get attribute permission for feature_enabler_client
to access files from /mnt/vendor/persist/feature_enabler_client folder

Change-Id: I9a690acd2a55358dfa5ba5a0411b1dad59e5e7f0
 2019-07-16 16:31:19 -07:00
Jilai Wang
8a996616fd sepolicy: Allow appdomain to access NPU device driver node 
This change is to allow appdomain to access NPU device driver
node.

Change-Id: I5c3270afd105c236a8226d94ac7aa028e4ce1047
 2019-07-12 11:23:42 -04:00
qctecmdr
790484ce21 Merge "sepolicy: Add policy rules for untrusted_app27" 2019-07-05 01:52:26 -07:00
qctecmdr
27f397e091 Merge "sepolicy: add sepolicy for new added prop" 2019-07-04 16:57:00 -07:00
qctecmdr
eefd2e03be Merge "sepolicy: Allow all processes to access non-secure DSP device node" 2019-07-03 21:50:38 -07:00
qctecmdr
2f8e6c76ac Merge "sepolicy: Update thermal-engine sepolicy rules for generic vendor file" 2019-07-03 21:45:04 -07:00
qctecmdr
04ad6d3f83 Merge "sepolicy: add permissions to qoslat device on kona" 2019-07-03 21:44:05 -07:00
shoudil
fe25195b29 sepolicy: add sepolicy for new added prop 
Add sepolicy for new property ro.vendor.qti.va_odm.support,
and allow the prop settable for vendor_init.

Change-Id: Ie8b5fa13630c3dc332473088676a59404765745e
CRs-Fixed: 2483344
 2019-07-03 17:28:37 +08:00
Tharun Kumar Merugu
818b8a81de sepolicy: Allow all processes to access non-secure DSP device node 
Allow all processes to offload to CDSP using the non-secure device
node.

Change-Id: I17036280ab5ee35e802f6a5c0e5f95933a427f8f
 2019-07-03 04:21:20 +05:30
Sandeep Neerudu
39b6ea1f19 sepolicy-sensors:allow access to vendor_data_file for On Device Logging 
Change-Id: I85a31c39c82df7a33e632267a90ebfc38982b5d4
 2019-07-02 02:43:20 -07:00
Manaf Meethalavalappu Pallikunhi
00a7aae2a8 sepolicy: Update thermal-engine sepolicy rules for generic vendor file 
Update generic thermal-engine sepolicy rule by adding access of
thermal socket, QMI socket, dsprpc access, uio access etc. and
cleanup unwanted sepolicy access.

Change-Id: I83ba6cbe291d594b8b2d8720046851b3fb550aac
 2019-07-02 14:41:58 +05:30
Rahul Janga
828e434087 sepolicy: Add policy rules for untrusted_app27 
Updated new policy rules for untrusted_app_context.
This change allows apps to access our debug locations.

Change-Id: I9a647ff6e303764a3280aed846e5cb9a4b80ef79
 2019-07-01 19:33:06 +05:30
qctecmdr
f48e75edbe Merge "kona: Add rules for kernel 4.19 support for init domain" 2019-06-28 14:25:41 -07:00
qctecmdr
326d19f2fe Merge "sepolicy: Allow binder call action for location from system_server" 2019-06-28 02:06:59 -07:00
David Ng
e9adb2964f kona: Add rules for kernel 4.19 support for init domain 
This is a set of vendor changes necessary for interworking
with kernel verison 4.19 properly.

With kernel 4.19, additional filesystem getattr operations
are performed by init for the firmware mount points.

In addition on bootup after adb remount with Android's
Dynamic Partition feature, init needs access to underlying
block devices for overlayfs mounting.  At that stage of
init, while SELinux is initialized (thus the need to add
these rules), the underlying block device nodes in tmpfs
have not yet be labeled.

Change-Id: Iaf15fda401da7b4a34e281e010e16303966bb2c0
 2019-06-27 18:23:45 -07:00
Amir Vajid
6143b71b4f sepolicy: add permissions to qoslat device on kona 
Add permissions to access qoslat device on kona.

Change-Id: I944372c6218dd98b6b7996215d06251f571c34e5
 2019-06-26 19:09:34 -07:00
qctecmdr
e31c7c321e Merge "Sepolicy : Enable smcinvoke_device for Widevine" 2019-06-26 14:10:19 -07:00
Smita Ghosh
9cb4501ac6 Sepolicy: Set genfs context for modem restart_level 
ssr_setup needs permission to write related to restart_level

Change-Id: Ie917cf6d942b7636385a135870651baf7aae62a3
 2019-06-26 09:30:24 -07:00
Harikrishnan Hariharan
1eedfff43e sepolicy: Allow binder call action for location from system_server 
Change-Id: Iff0baf6966b545fa9bdc5d03e0221ee05d144326
CRs-Fixed: 2479129
 2019-06-26 01:46:55 -07:00
Phalguni
0968dd3f1c Sepolicy : Enable smcinvoke_device for Widevine 
Change-Id: Ie3439958b0cb3f6b1b56870c3b3bad49e70e8b4d
 2019-06-25 17:03:06 -07:00
qctecmdr
1ec1fa4cd5 Merge "Add file contexts for new partitions on Kona" 2019-06-25 09:27:05 -07:00
Vinayak Soni
f80ff8d11c Add file contexts for new partitions on Kona 
Add file contexts for multiimgqti, featenabler
and core_nhlos partitions to enable A/B OTA update
on these partitions.

Change-Id: I532be0343de4068fd40b00b675d2765c5e5ab4f0
 2019-06-24 13:58:54 -07:00
Ravi Kumar Siddojigari
5dc863443d sepolicy : adding misc bootup denails 
Following are added
 1.ueventd and vold need search/read access to  /mnt/vendor/persist
 2. system_server need access  to /sys/class/rtc/rtc0 path.

Change-Id: I4d5f322019f1e75aab1be2168eb3805f4f3998c6
 2019-06-24 18:44:04 +05:30
Smita Ghosh
6230a463f5 KONA: Add support for update_engine 
Change-Id: I514d6ece3186bc27a07b38ba76f5154e092428f9
 2019-06-19 17:56:33 -07:00
qctecmdr
f668967b3c Merge "Sepolicy: Add power off alarm app rules" 2019-06-18 14:05:22 -07:00
qctecmdr
a11a323e14 Merge "sepolicy: Do not audit zygote service access to vendor_gles_data_file" 2019-06-18 10:56:07 -07:00
qctecmdr
3c29db5277 Merge "sepolicy: Give read/write permission to vender_gles_data_file" 2019-06-18 08:21:02 -07:00
Xiaoxia Dong
cf1e90774e Sepolicy: Add power off alarm app rules 
Grant access to hal_perf.

Change-Id: If93ccf6884e07c9d524acd8b8c17e3e8dd635543
 2019-06-18 13:59:24 +08:00
Xu Yang
40ce4bbb1d sepolicy: Allow platform app to access hal display color service 
Change-Id: I7d64d51e8d7ec9a9b6a0c129070265cb01c813d4
 2019-06-13 19:22:42 -07:00
Rahul Janga
872951efad sepolicy: Give read/write permission to vender_gles_data_file 
These rules are missed while porting the policies from Android P
to Android Q.

Adressing the following denial:

type=1400 audit(14866.629:43): avc: denied { search } for comm="HwBinder:753_1"
name="gpu" dev="sda9" ino=376 scontext=u:r:hal_graphics_allocator_default:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=dir permissive=0

Change-Id: I24434be8d895d5dab8e5c24643c8be48f20d8673
 2019-06-13 18:10:12 +05:30
Rajavenu Kyatham
23a0ea8f24 sepolicy: Add permissions for composer service 
- composer service is required for communication b/w
  SF and HWC. 

Change-Id: I52652d309363b3f0f7b963d615688ce3e11c6fef
CRs-Fixed: 2466343
 2019-06-12 12:20:03 +05:30
qctecmdr
78d4d64afd Merge "sepolicy:Moved NNHAL-1.2v rules to common folder" 2019-06-11 16:31:14 -07:00
qctecmdr
e410bc9a3a Merge "sepolicy: Fix denials in location app" 2019-06-11 13:33:17 -07:00
qctecmdr
de2313a4a8 Merge "Sepolicy: Add sepolicy permissions to NPU LLCC BWMON device" 2019-06-11 10:41:00 -07:00
Harikrishnan Hariharan
acd13b1cee sepolicy: Fix denials in location app 
- Add rule for write access to dpmtcm_socket sock file
- Add few domains to dont audit rule list for vendor_gles_data_file
dir search.

Change-Id: Iabc0250d2ac0bf28e4f4dd3d8c67b4bf20fbeb1e
CRs-Fixed: 2469209
 2019-06-11 22:40:07 +05:30
kranthi
6b7b1f3a39 sepolicy: Do not audit zygote service access to vendor_gles_data_file 
Do not audit zygote service access to vendor_gles_data_file.

Addressing the following denial:

type=1400 audit(0.0:123): avc: denied { search } for name="gpu" dev="dm-0"
ino=1654839 scontext=u:r:zygote:s0 tcontext=u:object_r:
vendor_gles_data_file:s0 tclass=dir permissive=0

CRs-Fixed: 2465123

Change-Id: I6cc6e3e6e393a7181bd9fea6992e6f86f987f0d5
 2019-06-11 07:29:51 -07:00
Rajavenu Kyatham
e3f33989ec sepolicy: Add permissions for composer service 
CRs-Fixed: 2466343
Change-Id: I5a66822c1c8b46093cd62eb08aa1ff48b1c658b7
 2019-06-10 04:12:38 -07:00
Nitin Shivpure
ebc9ef5c11 sepolicy: allow bluetooth hal to access persist/bluetooth data 
allow bluetooth hal to access(read, write, create) persist bluetooth
data.

Change-Id: Idee1f22f12c9852532325577efd534a731985d45
 2019-06-10 12:52:52 +05:30
vishawar
29f7028ff8 sepolicy:Moved NNHAL-1.2v rules to common folder 
-Removed target specific data rules
-Added rules to common folder

Change-Id: I935dc8025f98c9cf18db15e01276c9237f6e77eb
 2019-06-10 10:48:17 +05:30
qctecmdr
345bdfcd92 Merge "sepolicy: add sysfs paths for mhi timesync feature support" 2019-06-08 12:37:14 -07:00
Rama Aparna Mallavarapu
813d7dac28 Sepolicy: Add sepolicy permissions to NPU LLCC BWMON device 
Add permissions to npu llcc bw device so that post boot script
can modify them at boot.

Change-Id: I6be945877cdf379cba40e19e6a24a787c918cb9f
 2019-06-07 12:14:00 -07:00
Mohit Aggarwal
938a52c749 sepolicy: allow time-services to access perf hal 
Allow time-services to access perf hal

Change-Id: Iaca0b6e47b63aeccdf5e5faa3628a0cc53017be0
 2019-06-06 10:42:17 +05:30
Sujeev Dias
10553605a6 sepolicy: add sysfs paths for mhi timesync feature support 
Add sysfs path for mhi timesync feature files to be read from
userspace applications/services.

CRs-Fixed: 2426302
Change-Id: Ib28800e000774d8ce27dd9a78db9efd6ebdbdb00
 2019-06-04 17:47:19 -07:00
qctecmdr
fb960e3998 Merge "Sepolicy: Add vendor_adsprpc_prop to app.te" 2019-06-04 02:53:26 -07:00
qctecmdr
56ec950386 Merge "sepolicy: Add permissions for feature_enabler_client app" 2019-06-03 15:59:39 -07:00
Ramkumar Radhakrishnan
9adc02b0ab sepolicy: Add permissions for feature_enabler_client app 
Add permission for feature enabler client app to have read and write
access to qseecom node, ion node,and mink socket

Change-Id: I08d5c5a27846fc5c22d505a66544645cb0543223
 2019-06-03 14:35:27 -07:00
qctecmdr
97c0281668 Merge "genfs_contexts: Add label to graphics sysfs nodes for kona" 2019-06-03 13:25:05 -07:00
qctecmdr
15bee8edb0 Merge "Sepolicy : Enable qce_device" 2019-06-01 06:15:04 -07:00
Phalguni
0b9199016f Sepolicy : Enable qce_device 
Change-Id: Ibdb12124a8568759ba057ac6e7cce70c93a78889
 2019-05-31 11:11:12 -07:00
Abhimanyu Garg
2470da3fec genfs_contexts: Add label to graphics sysfs nodes for kona 
Add label to graphics sysfs nodes to avoid the denial for perf
features.

Change-Id: I553f629493cbab21affb2d91b9695bc9263ed405
 2019-05-31 10:24:32 -07:00
shann
674bed6d2f sepolicy: add sepolicy for usta_app to open system_data_file 
The error is encountered when usta_app (test app) is trying to open
system_data_file(/data/misc/gpu/adreno_config.txt). Providing only open
permission to the test app.

Addressing the issue:
avc: denied { open } for comm="RenderThread" path="/data/misc/gpu/adreno_config.txt"
dev="dm-0" ino=1180432 scontext=u:r:usta_app:s0 tcontext=u:object_r:system_data_file:s0
tclass=file permissive=1

JIRAs-Fixed: APTSEC-22
CRs-Fixed: 2460155

Change-Id: I73828c62fac6022197ff58f04494331a609a4175
 2019-05-31 02:40:34 -07:00