tequilaOS/platform_device_qcom_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3500 commits 1 branch 0 tags 4.5 MiB
Commit graph

624 commits

Author SHA1 Message Date
Vivek Arugula
11ff0c9a5d sepolicy: avoid avc denials in USTA test app path 
Change-Id: I8f2ab92e54f66c79a2979c6825aed68f81a1739f
 2019-10-23 13:12:22 -07:00
qctecmdr
8cd61d361c Merge "seploicy: For optimization, removing wildcard entry of thermal" 2019-10-22 05:51:17 -07:00
qctecmdr
5dcffe950e Merge "comment out sepolicy neverallow violations to get kona building" 2019-10-22 04:29:36 -07:00
qctecmdr
425192d813 Merge "mediacodec_service was removed." 2019-10-22 02:39:35 -07:00
Sachin Grover
64d8befcb2 seploicy: For optimization, removing wildcard entry of thermal 
Change-Id: I7a843db2ca19c9e530941eef6c1b012c55a62966
Signed-off-by: Sachin Grover <sgrover@codeaurora.org>
 2019-10-20 23:58:08 -07:00
Divya Sharma
0c15e18c6f comment out sepolicy neverallow violations to get kona building 
Change-Id: I6ea860a26ee95ae825ec35acd448880ad9d744ea
 2019-10-16 15:23:46 -07:00
Divya Sharma
7b5419b36e mediacodec_service was removed. 
Change-Id: Ia0df0b3f3ded1d7f62f5e781b012e9bb9ee2c55a
 2019-10-16 15:21:03 -07:00
Rajesh Yadav
a4d2d0ef49 sepolicy: Add rules for TrustedUI and SystemHelper HALs 
Add sepolicy rules for TrustedUI and SystemHelper HALs.

Change-Id: Ic009028c814367cbcef744d921fc7c22960c1981
 2019-10-15 02:25:18 -07:00
qctecmdr
bb191df06b Merge "sepolicy: add dataservice_app access to uce_services." 2019-10-14 05:24:41 -07:00
qctecmdr
a48ea1f159 Merge "sepolicy: Allow hal_memtrack_default search access to sysfs_kgsl" 2019-10-13 23:23:20 -07:00
Ravi Kumar Siddojigari
966192137d sepolicy: add dataservice_app access to uce_services. 
As the commit  db87060f1c.
removed the access for compile time issue adding it back.

Change-Id: I814fa4355693c4fdabcf735eea3e149446dcbabf
 2019-10-10 12:59:36 +05:30
Jaihind Yadav
db87060f1c sepolicy: uce service is moved to system side. 
As this service is moved to system side so definition should be removed from here.

Change-Id: Ie656558c062196203e27c937700e9b568ca80a5d
 2019-10-03 18:51:17 +05:30
Deepak Kumar
7f2c787c42 sepolicy: Allow hal_memtrack_default search access to sysfs_kgsl 
Grant hal_memtrack_default search access to sysfs_kgsl. This fixes
these avc denials seen in user build:
memtrack@1.0-se: type=1400 audit(0.0:2817): avc: denied { search }
for name="kgsl" dev="sysfs" ino=36355
scontext=u:r:hal_memtrack_default:s0
tcontext=u:object_r:sysfs_kgsl:s0 tclass=dir permissive=0

GL and EGL memory are now accounted properly when
"dumpsys meminfo -a <pid>" is executed in user build.

Change-Id: I1601729d4051bc3447a6f680ff38f3aa031efbde
 2019-10-01 12:57:51 +05:30
qctecmdr
85e1512c76 Merge "sepolicy: allow sensor daemon to use wake-lock" 2019-09-29 00:48:09 -07:00
qctecmdr
a4501a9111 Merge "sepolicy: adding vendor_persist_type attribute." 2019-09-29 00:08:50 -07:00
qctecmdr
74707b14bd Merge "Sepolicy : Add dont audit for vendor_gles_data_file label" 2019-09-28 23:26:06 -07:00
Mohit Aggarwal
6886e3677e sepolicy: Define key for TimeService apk 
Define key for TimeService apk
Change-Id: I612120345bed56fd92d438a0a2db3db6aa919519
 2019-09-26 03:44:36 -07:00
Jaihind Yadav
f66d6d1c7b sepolicy: adding vendor_persist_type attribute. 
adding neverallow so that coredomain should not access persist file.

Change-Id: If8ab44db78e08e347cb33239bf2544c22c362b5b
 2019-09-25 18:20:24 +05:30
Linux Build Service Account
90ce94f5b4 Merge "Camera: Add permission for Post Proc service" into sepolicy.lnx.6.0 2019-09-24 00:43:26 -07:00
Linux Build Service Account
d5b3815c1c Merge "sepolicy-sensors : allow init daemon to set sensors_prop properties" into sepolicy.lnx.6.0 2019-09-24 00:40:33 -07:00
Sandeep Neerudu
b9cad48c95 sepolicy-sensors : allow init daemon to set sensors_prop properties 
Change-Id: I6b587a167538cc49c9049511f9448ec99c40b212
 2019-09-23 22:14:10 -07:00
Jun-Hyung Kwon
d34d67fc07 sepolicy: allow sensor daemon to use wake-lock 
allow sscrpcd daemon to access wake-lock sysfs nodes

Change-Id: I679b077480aea8d5eef9df0dd346bd65611ee000
 2019-09-23 22:13:38 -07:00
Rama Krishna Nunna
59b232337b Camera: Add permission for Post Proc service 
- New service added for Post Processor

Change-Id: Ib55517449cee80dd4883a75d8ad9bfb0ed6e1ae1
 2019-09-23 09:17:46 -07:00
kranthi
29c5c84110 Sepolicy : Add dont audit for vendor_gles_data_file label 
System process cannot access vendor partition files.

Change-Id: I7fd5805ac98319660c1e5f9fca3ae2137a49d0a0
 2019-09-23 16:41:37 +05:30
Manaf Meethalavalappu Pallikunhi
8d38d15759 sepolicy: add support for limits-cdsp sepolicy context 
Add limits_block_device file contexts for limits partitions
and allow thermal-engine to access this partition.

Add lmh-cdsp sysfs file to sysfs_thermal file context.

Change-Id: I9c18c9d862f5e99ca36cb8c38acd98ac4f152ebf
 2019-09-23 00:06:15 -07:00
Vivek Arugula
11a5a1c2e3 sepolicy : Add policy rules for usta service 
As part of making USTA (Sensor android test application) as
installable, we split the app into 2 parts. One Acts as only UI,
another one acts as service which interacts with sensors native
via JNI. Both the apps are placed in system/app path only.

Change-Id: I58df425bebef96b9d6515179e9581eed03571ad6
 2019-09-13 17:34:22 -07:00
qctecmdr
700457194e Merge "sepolicy: Add permission for QtiMapperExtension version 1.1." 2019-08-09 04:57:41 -07:00
qctecmdr
76f19f2ea6 Merge "sepolicy: Add rules to enhance pkt logging for cnss_diag" 2019-08-09 02:11:29 -07:00
Ashish Kumar
78fbc21a47 sepolicy: Add permission for QtiMapperExtension version 1.1. 
CRs-Fixed: 2505716
Change-Id: I61d02bcccf2069f792f2ee118fcf5dbf9a7b77ee
 2019-08-08 22:25:46 -07:00
Hu Wang
f0b0780006 sepolicy: Add rules to enhance pkt logging for cnss_diag 
Fix sepolicy denies seen when cnss_diag do pkt logging.

CRs-Fixed: 2502031
Change-Id: If0ae5fb9da36483bef686ae86bdd865f8a3e51ec
 2019-08-08 04:48:33 -07:00
kranthi
03232c6a4f Sepolicy : Do not audit untrusted_app_27 to fix avc denials 
Add do not audit rule for unrusted_app_27 to fix AVC
denials for gpubusy and max_gpuclk props

denial:
type=1400 audit(0.0:465): avc: denied { read } for name="max_gpuclk" dev="sysfs"
ino=56328 scontext=u:r:untrusted_app_27:s0:c178,c256,c512,c768 
tcontext=u:object_r:sysfs_kgsl:s0 tclass=file permissive=0 app=com.gameloft.android.ANMP.GloftA9HM

type=1400 audit(0.0:381): avc: denied { read } for name="gpubusy" dev="sysfs" 
ino=56330 scontext=u:r:untrusted_app_27:s0:c168,c256,c512,c768 
tcontext=u:object_r:sysfs_kgsl:s0 tclass=file permissive=0 app=com.tencent.ig

Change-Id: If11c109b5426c598121cff045ad1693d2221d57e
 2019-08-07 11:35:59 +05:30
Jilai Wang
7dab1aa8e1 sepolicy: Allow NN HAL to access npu device node 
This change is to allow NN HAL to access npu device node.

Change-Id: I193a7fb0b571a734804bc31ccf52376e9a13d500
 2019-08-06 16:55:43 -04:00
Jaihind Yadav
4676536dd1 sepolicy: rule to set kptrstrict value 
Change-Id: I05764146d61ff2ff934888280523fa0559dd083c
 2019-07-31 23:22:36 -07:00
qctecmdr
662e886cb2 Merge "sepolicy: Rename vendor defined property" 2019-07-30 12:53:17 -07:00
Jun-Hyung Kwon
2475d56cc7 Revert "sepolicy : Add property access rules for sensors init script" 
This reverts commit 50dbc4287a.

Change-Id: Ia35ac0fc17cf2fc6cde6cc08465cf1d586a28f5d
 2019-07-29 17:59:28 -07:00
Pavan Kumar M
50ef9c7f89 sepolicy: Rename vendor defined property 
All vendor defined properties should begin with
vendor keyword.

Change-Id: I0235d2b37ead9f015fe27075906dbf33b218173f
 2019-07-29 00:22:17 -07:00
qctecmdr
bb7f2ca878 Merge "Sepolicy: Add policy rules for untrusted_app context" 2019-07-28 21:21:10 -07:00
Rahul Janga
0eb606ffab Sepolicy: Add Do not audit for vendor_gles_data_file 
Addressing the following denials:

audit(0.0:118774): avc: denied { read } for name="esx_config.txt"
dev="dm-4" ino=7451 scontext=u:r:system_app:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=file permissive=1

avc: denied { open } for path="/data/vendor/gpu/esx_config.txt"
dev="dm-4" ino=7451 scontext=u:r:system_app:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=file permissive=1

avc: denied { getattr } for path="/data/vendor/gpu/esx_config.txt"
dev="dm-4" ino=7451 scontext=u:r:system_app:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=file permissive=1

Change-Id: I1d9a8c64a2206e3faa9f367f731f3f542ce7fd4b
 2019-07-25 11:06:50 +05:30
Rahul Janga
9610a7ef1f Sepolicy: Add policy rules for untrusted_app context 
Add gpu related policy rules for untrusted_app

Addressing the following denial:

type=1400 audit(0.0:593): avc: denied { search } for name="gpu" dev="dm-0"
ino=405 scontext=u:r:untrusted_app:s0:c144,c256,c512,c768
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=dir permissive=0
app=com.android.chrome

Change-Id: Iabbc7bea6f00a055f7f0ea3d2b926225737b99d5
 2019-07-24 09:54:45 -07:00
qctecmdr
6e692787b6 Merge "Sepolicy: White list adreno_app_profiles lib" 2019-07-24 04:45:42 -07:00
qctecmdr
83bbdc849e Merge "Sepolicy : Do not audit untrusted_app_27 to fix avc denials" 2019-07-23 05:35:59 -07:00
Aditya Nellutla
202f6a1a0f Sepolicy: White list adreno_app_profiles lib 
This change white lists new adreno_app_profiles library
to avoid sepolicy denials.

Change-Id: Ied35b574aff554a8d26e2cee4fa0530098a48080
 2019-07-23 17:40:35 +05:30
Aditya Nellutla
fcbbf0696e Sepolicy : Do not audit untrusted_app_27 to fix avc denials 
Add do not audit rule for unrusted_app_27 to fix AVC
denials for gpubusy and max_gpuclk props

Change-Id: Idc541a0effc6812c12c1ff5024dfd0b6d4171180
 2019-07-23 16:45:49 +05:30
qctecmdr
280fff6e47 Merge "Sepolicy : Do not audit mediaswcodec access to vendor_gles_data_file" 2019-07-23 02:48:00 -07:00
qctecmdr
78d4d2046a Merge "sepolicy permission required for Socket in port_bridge module." 2019-07-22 05:35:32 -07:00
Chinmay Agarwal
9c95b19d57 sepolicy permission required for Socket in port_bridge module. 
Given SE Policy permissions for port-bridge module to create a UNIX
socket and enable communication with clients in different modules.

Change-Id: I1d3a4fdc30847cd8ee7f7715d3249c1957a0776d
 2019-07-22 14:21:49 +05:30
Rahul Janga
026b564bc3 Sepolicy : Do not audit mediaswcodec access to vendor_gles_data_file 
Addressing the following denial:

type=1400 audit(0.0:10197): avc: denied { search } for name="gpu"
dev="dm-4" ino=405 scontext=u:r:mediaswcodec:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=dir permissive=0

Change-Id: I02c0e40e376dc9d856e1541ba85ede5db379d49a
 2019-07-19 13:50:09 +05:30
qctecmdr
c39df4864d Merge "sepolicy: Add write permission to proc file system" 2019-07-18 23:55:40 -07:00
Ankita Bajaj
bd1c72c440 sepolicy: Add write permission to proc file system 
Provide Wi-Fi HAL read and write access to proc file system.
Wi-Fi Hal needs access to proc file system in order to configure
kernel tcp parameters for achieving higher peak throughputs.

CRs-Fixed: 2491783
Change-Id: I36613f74aaa4adfc33e68442befcdb78af5edd5c
 2019-07-17 14:06:46 +05:30
Ramkumar Radhakrishnan
718f54d0f1 te: Add access permissions for feature_enabler_client 
Add read/write and get attribute permission for feature_enabler_client
to access files from /mnt/vendor/persist/feature_enabler_client folder

Change-Id: I9a690acd2a55358dfa5ba5a0411b1dad59e5e7f0
 2019-07-16 16:31:19 -07:00
Jilai Wang
8a996616fd sepolicy: Allow appdomain to access NPU device driver node 
This change is to allow appdomain to access NPU device driver
node.

Change-Id: I5c3270afd105c236a8226d94ac7aa028e4ce1047
 2019-07-12 11:23:42 -04:00
qctecmdr
790484ce21 Merge "sepolicy: Add policy rules for untrusted_app27" 2019-07-05 01:52:26 -07:00
qctecmdr
27f397e091 Merge "sepolicy: add sepolicy for new added prop" 2019-07-04 16:57:00 -07:00
qctecmdr
eefd2e03be Merge "sepolicy: Allow all processes to access non-secure DSP device node" 2019-07-03 21:50:38 -07:00
qctecmdr
2f8e6c76ac Merge "sepolicy: Update thermal-engine sepolicy rules for generic vendor file" 2019-07-03 21:45:04 -07:00
qctecmdr
04ad6d3f83 Merge "sepolicy: add permissions to qoslat device on kona" 2019-07-03 21:44:05 -07:00
shoudil
fe25195b29 sepolicy: add sepolicy for new added prop 
Add sepolicy for new property ro.vendor.qti.va_odm.support,
and allow the prop settable for vendor_init.

Change-Id: Ie8b5fa13630c3dc332473088676a59404765745e
CRs-Fixed: 2483344
 2019-07-03 17:28:37 +08:00
Tharun Kumar Merugu
818b8a81de sepolicy: Allow all processes to access non-secure DSP device node 
Allow all processes to offload to CDSP using the non-secure device
node.

Change-Id: I17036280ab5ee35e802f6a5c0e5f95933a427f8f
 2019-07-03 04:21:20 +05:30
Sandeep Neerudu
39b6ea1f19 sepolicy-sensors:allow access to vendor_data_file for On Device Logging 
Change-Id: I85a31c39c82df7a33e632267a90ebfc38982b5d4
 2019-07-02 02:43:20 -07:00
Manaf Meethalavalappu Pallikunhi
00a7aae2a8 sepolicy: Update thermal-engine sepolicy rules for generic vendor file 
Update generic thermal-engine sepolicy rule by adding access of
thermal socket, QMI socket, dsprpc access, uio access etc. and
cleanup unwanted sepolicy access.

Change-Id: I83ba6cbe291d594b8b2d8720046851b3fb550aac
 2019-07-02 14:41:58 +05:30
Rahul Janga
828e434087 sepolicy: Add policy rules for untrusted_app27 
Updated new policy rules for untrusted_app_context.
This change allows apps to access our debug locations.

Change-Id: I9a647ff6e303764a3280aed846e5cb9a4b80ef79
 2019-07-01 19:33:06 +05:30
qctecmdr
f48e75edbe Merge "kona: Add rules for kernel 4.19 support for init domain" 2019-06-28 14:25:41 -07:00
qctecmdr
326d19f2fe Merge "sepolicy: Allow binder call action for location from system_server" 2019-06-28 02:06:59 -07:00
David Ng
e9adb2964f kona: Add rules for kernel 4.19 support for init domain 
This is a set of vendor changes necessary for interworking
with kernel verison 4.19 properly.

With kernel 4.19, additional filesystem getattr operations
are performed by init for the firmware mount points.

In addition on bootup after adb remount with Android's
Dynamic Partition feature, init needs access to underlying
block devices for overlayfs mounting.  At that stage of
init, while SELinux is initialized (thus the need to add
these rules), the underlying block device nodes in tmpfs
have not yet be labeled.

Change-Id: Iaf15fda401da7b4a34e281e010e16303966bb2c0
 2019-06-27 18:23:45 -07:00
Amir Vajid
6143b71b4f sepolicy: add permissions to qoslat device on kona 
Add permissions to access qoslat device on kona.

Change-Id: I944372c6218dd98b6b7996215d06251f571c34e5
 2019-06-26 19:09:34 -07:00
qctecmdr
e31c7c321e Merge "Sepolicy : Enable smcinvoke_device for Widevine" 2019-06-26 14:10:19 -07:00
Smita Ghosh
9cb4501ac6 Sepolicy: Set genfs context for modem restart_level 
ssr_setup needs permission to write related to restart_level

Change-Id: Ie917cf6d942b7636385a135870651baf7aae62a3
 2019-06-26 09:30:24 -07:00
Harikrishnan Hariharan
1eedfff43e sepolicy: Allow binder call action for location from system_server 
Change-Id: Iff0baf6966b545fa9bdc5d03e0221ee05d144326
CRs-Fixed: 2479129
 2019-06-26 01:46:55 -07:00
Phalguni
0968dd3f1c Sepolicy : Enable smcinvoke_device for Widevine 
Change-Id: Ie3439958b0cb3f6b1b56870c3b3bad49e70e8b4d
 2019-06-25 17:03:06 -07:00
qctecmdr
1ec1fa4cd5 Merge "Add file contexts for new partitions on Kona" 2019-06-25 09:27:05 -07:00
Vinayak Soni
f80ff8d11c Add file contexts for new partitions on Kona 
Add file contexts for multiimgqti, featenabler
and core_nhlos partitions to enable A/B OTA update
on these partitions.

Change-Id: I532be0343de4068fd40b00b675d2765c5e5ab4f0
 2019-06-24 13:58:54 -07:00
Ravi Kumar Siddojigari
5dc863443d sepolicy : adding misc bootup denails 
Following are added
 1.ueventd and vold need search/read access to  /mnt/vendor/persist
 2. system_server need access  to /sys/class/rtc/rtc0 path.

Change-Id: I4d5f322019f1e75aab1be2168eb3805f4f3998c6
 2019-06-24 18:44:04 +05:30
Smita Ghosh
6230a463f5 KONA: Add support for update_engine 
Change-Id: I514d6ece3186bc27a07b38ba76f5154e092428f9
 2019-06-19 17:56:33 -07:00
qctecmdr
f668967b3c Merge "Sepolicy: Add power off alarm app rules" 2019-06-18 14:05:22 -07:00
qctecmdr
a11a323e14 Merge "sepolicy: Do not audit zygote service access to vendor_gles_data_file" 2019-06-18 10:56:07 -07:00
qctecmdr
3c29db5277 Merge "sepolicy: Give read/write permission to vender_gles_data_file" 2019-06-18 08:21:02 -07:00
Xiaoxia Dong
cf1e90774e Sepolicy: Add power off alarm app rules 
Grant access to hal_perf.

Change-Id: If93ccf6884e07c9d524acd8b8c17e3e8dd635543
 2019-06-18 13:59:24 +08:00
Xu Yang
40ce4bbb1d sepolicy: Allow platform app to access hal display color service 
Change-Id: I7d64d51e8d7ec9a9b6a0c129070265cb01c813d4
 2019-06-13 19:22:42 -07:00
Rahul Janga
872951efad sepolicy: Give read/write permission to vender_gles_data_file 
These rules are missed while porting the policies from Android P
to Android Q.

Adressing the following denial:

type=1400 audit(14866.629:43): avc: denied { search } for comm="HwBinder:753_1"
name="gpu" dev="sda9" ino=376 scontext=u:r:hal_graphics_allocator_default:s0
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=dir permissive=0

Change-Id: I24434be8d895d5dab8e5c24643c8be48f20d8673
 2019-06-13 18:10:12 +05:30
Rajavenu Kyatham
23a0ea8f24 sepolicy: Add permissions for composer service 
- composer service is required for communication b/w
  SF and HWC. 

Change-Id: I52652d309363b3f0f7b963d615688ce3e11c6fef
CRs-Fixed: 2466343
 2019-06-12 12:20:03 +05:30
qctecmdr
78d4d64afd Merge "sepolicy:Moved NNHAL-1.2v rules to common folder" 2019-06-11 16:31:14 -07:00
qctecmdr
e410bc9a3a Merge "sepolicy: Fix denials in location app" 2019-06-11 13:33:17 -07:00
qctecmdr
de2313a4a8 Merge "Sepolicy: Add sepolicy permissions to NPU LLCC BWMON device" 2019-06-11 10:41:00 -07:00
Harikrishnan Hariharan
acd13b1cee sepolicy: Fix denials in location app 
- Add rule for write access to dpmtcm_socket sock file
- Add few domains to dont audit rule list for vendor_gles_data_file
dir search.

Change-Id: Iabc0250d2ac0bf28e4f4dd3d8c67b4bf20fbeb1e
CRs-Fixed: 2469209
 2019-06-11 22:40:07 +05:30
kranthi
6b7b1f3a39 sepolicy: Do not audit zygote service access to vendor_gles_data_file 
Do not audit zygote service access to vendor_gles_data_file.

Addressing the following denial:

type=1400 audit(0.0:123): avc: denied { search } for name="gpu" dev="dm-0"
ino=1654839 scontext=u:r:zygote:s0 tcontext=u:object_r:
vendor_gles_data_file:s0 tclass=dir permissive=0

CRs-Fixed: 2465123

Change-Id: I6cc6e3e6e393a7181bd9fea6992e6f86f987f0d5
 2019-06-11 07:29:51 -07:00
Rajavenu Kyatham
e3f33989ec sepolicy: Add permissions for composer service 
CRs-Fixed: 2466343
Change-Id: I5a66822c1c8b46093cd62eb08aa1ff48b1c658b7
 2019-06-10 04:12:38 -07:00
Nitin Shivpure
ebc9ef5c11 sepolicy: allow bluetooth hal to access persist/bluetooth data 
allow bluetooth hal to access(read, write, create) persist bluetooth
data.

Change-Id: Idee1f22f12c9852532325577efd534a731985d45
 2019-06-10 12:52:52 +05:30
vishawar
29f7028ff8 sepolicy:Moved NNHAL-1.2v rules to common folder 
-Removed target specific data rules
-Added rules to common folder

Change-Id: I935dc8025f98c9cf18db15e01276c9237f6e77eb
 2019-06-10 10:48:17 +05:30
qctecmdr
345bdfcd92 Merge "sepolicy: add sysfs paths for mhi timesync feature support" 2019-06-08 12:37:14 -07:00
Rama Aparna Mallavarapu
813d7dac28 Sepolicy: Add sepolicy permissions to NPU LLCC BWMON device 
Add permissions to npu llcc bw device so that post boot script
can modify them at boot.

Change-Id: I6be945877cdf379cba40e19e6a24a787c918cb9f
 2019-06-07 12:14:00 -07:00
Mohit Aggarwal
938a52c749 sepolicy: allow time-services to access perf hal 
Allow time-services to access perf hal

Change-Id: Iaca0b6e47b63aeccdf5e5faa3628a0cc53017be0
 2019-06-06 10:42:17 +05:30
Sujeev Dias
10553605a6 sepolicy: add sysfs paths for mhi timesync feature support 
Add sysfs path for mhi timesync feature files to be read from
userspace applications/services.

CRs-Fixed: 2426302
Change-Id: Ib28800e000774d8ce27dd9a78db9efd6ebdbdb00
 2019-06-04 17:47:19 -07:00
qctecmdr
fb960e3998 Merge "Sepolicy: Add vendor_adsprpc_prop to app.te" 2019-06-04 02:53:26 -07:00
qctecmdr
56ec950386 Merge "sepolicy: Add permissions for feature_enabler_client app" 2019-06-03 15:59:39 -07:00
Ramkumar Radhakrishnan
9adc02b0ab sepolicy: Add permissions for feature_enabler_client app 
Add permission for feature enabler client app to have read and write
access to qseecom node, ion node,and mink socket

Change-Id: I08d5c5a27846fc5c22d505a66544645cb0543223
 2019-06-03 14:35:27 -07:00
qctecmdr
97c0281668 Merge "genfs_contexts: Add label to graphics sysfs nodes for kona" 2019-06-03 13:25:05 -07:00
qctecmdr
15bee8edb0 Merge "Sepolicy : Enable qce_device" 2019-06-01 06:15:04 -07:00
Phalguni
0b9199016f Sepolicy : Enable qce_device 
Change-Id: Ibdb12124a8568759ba057ac6e7cce70c93a78889
 2019-05-31 11:11:12 -07:00
Abhimanyu Garg
2470da3fec genfs_contexts: Add label to graphics sysfs nodes for kona 
Add label to graphics sysfs nodes to avoid the denial for perf
features.

Change-Id: I553f629493cbab21affb2d91b9695bc9263ed405
 2019-05-31 10:24:32 -07:00
shann
674bed6d2f sepolicy: add sepolicy for usta_app to open system_data_file 
The error is encountered when usta_app (test app) is trying to open
system_data_file(/data/misc/gpu/adreno_config.txt). Providing only open
permission to the test app.

Addressing the issue:
avc: denied { open } for comm="RenderThread" path="/data/misc/gpu/adreno_config.txt"
dev="dm-0" ino=1180432 scontext=u:r:usta_app:s0 tcontext=u:object_r:system_data_file:s0
tclass=file permissive=1

JIRAs-Fixed: APTSEC-22
CRs-Fixed: 2460155

Change-Id: I73828c62fac6022197ff58f04494331a609a4175
 2019-05-31 02:40:34 -07:00
Harikrishnan Hariharan
4829c3a00a sepolicy: allow gnss hal to access health hal 
Add rule for gnss hal to listen battery status.

Change-Id: If9874ab9bbb92a42b74ec696f55725b98a913f9e
CRs-fixed: 2411905
 2019-05-29 23:28:21 -07:00
Ananth Raghavan Subramanian
ab0c44baeb sepolicy: Allow init to access mem_sleep 
Add labels for the mem_sleep node and allow the init shell to access it.

Change-Id: Id9ba40a2c0c52e9ab08b249291a5090b249ce64d
 2019-05-29 09:51:38 -07:00
qctecmdr
a8130be8b8 Merge "sepolicy : Add rule to set property for wlan driver/fw ver info" 2019-05-29 01:50:22 -07:00
qctecmdr
4fd76090d3 Merge "sepolicy: add SE policy rules for hta runtime libraries" 2019-05-28 10:21:15 -07:00
Vinay Gannevaram
839229b542 sepolicy : Add rule to set property for wlan driver/fw ver info 
wlan driver/fw version are set at property at enforcing mode.
Add rules to allow to set wlan driver/fw version info

CRs-Fixed: 2460816
Change-Id: Ic0bb570cd53fe450512496c5864f432ce3219bbe
 2019-05-28 20:44:09 +05:30
Ravi Kumar Siddojigari
4cb4eee99e sepolicy : clean-up of netd_socket usage. 
As public defination of netd_scoket is removed removing all the
references to this.

Change-Id: I752d1d546d5d6e76dc4e43fc3d4a90b0aca077c8
 2019-05-28 11:47:01 +05:30
Devi Sandeep Endluri V V
6a63afe092 sepolicy: add rules for imshelper_app 
Add rules to allow imshelper_app to search
radio_data_file

Change-Id: I1184833d2cde889292aa4cf205e748cecb23ae3c
 2019-05-27 00:37:30 -07:00
Tharaga Balachandran
3dd3609333 sepolicy: Add policies for mapper and allocator 
CRs-Fixed: 2451972
Change-Id: I3415b9672066bdbd6726fcd32b165980b0c7eeca
 2019-05-24 11:53:40 -07:00
Jilai Wang
530c3e89b0 sepolicy: add SE policy rules for hta runtime libraries 
Add hta runtime libraries to file_contexts for allowing applications from
data partition to link to them.

Change-Id: Ib6318f59fd1b0f7d462f587721d90bd3c1f909b0
 2019-05-23 16:17:45 -04:00
qctecmdr
07a510a630 Merge "sepolicy: Add SEPolicy for Power 1.2 HAL service" 2019-05-22 11:11:03 -07:00
qctecmdr
1746d28635 Merge "recovery: Add non-ab dynamic partitions policies" 2019-05-22 04:49:59 -07:00
Tharun Kumar Merugu
747bd62df7 Sepolicy: Add vendor_adsprpc_prop to app.te 
Add vendor_adsprpc_prop to app.te

Change-Id: Iadd721e6face7badcd1472abc4759dd8a366444f
 2019-05-22 14:30:56 +05:30
padarshr
0a4914f674 recovery: Add non-ab dynamic partitions policies 
With dynamic partitions enabled, recovery, while doing non-a/b ota
needs read access to sysfs_dm, allow the same.

Change-Id: I98d3d2421ffd49df1d2b84bb42cab9ee529d530a
 2019-05-22 01:05:33 -07:00
qctecmdr
b291856fc9 Merge "Add support for" 2019-05-22 00:00:07 -07:00
Mulugeta Engdaw
6310eac02a Add support for 
1. Fastbootd to flash physical and logical partitions
2. Update engine to update newly created partitions
3. Change the label for the super block device

Change-Id: I4c38960e2cbacd3bfe81208d6f451ab09e7b3943
 2019-05-21 22:06:55 -07:00
Tyler Wear
57528806a2 iwlan: Logging Property 
Add runtime property to enable logcat logging for iwlan services.

Change-Id: I41d1129611a8026ae2943c77492715c3eca975b2
 2019-05-21 16:01:46 -07:00
Ananth Raghavan Subramanian
d1f4773fb1 sepolicy: Add SEPolicy for Power 1.2 HAL service 
Change-Id: Ifd78b40bf597dc02ca2ca3a8e471b348f72f8c4a
 2019-05-21 11:17:47 -07:00
qctecmdr
04c14f1d19 Merge "Sepolicy: Add selinux permission for QtiMapper interface." 2019-05-21 09:36:08 -07:00
qctecmdr
93114e2f63 Merge "sepolicy : startup scripts are given permission to read /proc/meminfo" 2019-05-21 02:29:14 -07:00
Ashish Kumar
47a514ed91 Sepolicy: Add selinux permission for QtiMapper interface. 
CRs-Fixed: 2451646
Change-Id: Ic909d367ac4bec149451b1fb68b400f27c62491f
 2019-05-21 13:57:17 +05:30
qctecmdr
8844b19e03 Merge "sepolicy: Add persist file access rules for USTA test App" 2019-05-21 00:17:27 -07:00
qctecmdr
4a93f74008 Merge "Sepolicy: Set genfs context for modem restart_level" 2019-05-20 14:26:03 -07:00
Eric Chang
22585dcd63 selinux: Add permission for qtidataservices to call location 
Change-Id: I3742196a3a5c9f1ff66ec34eedfac5b879928e3a
 2019-05-20 10:48:20 -07:00
vishawar
00f64065c3 Added device sepolicy rules for NN HAL data files for kona 
Change-Id: I8d5daa58201fd72a5a88670f7c97e8e681ad2bf3
 2019-05-20 05:31:14 -07:00
Mulugeta Engdaw
45ce93a6cc Allow system_server to read Peripheral Manager prop. 
Allow system_server to read/access peripheral manager prop
during shutdown.

Files Affected:
generic/vendor/common/system_server.te

Test:
confirmed prop value is read during shutdown.

Change-Id: I44a4f312320cb15e31e473e6b8f5220804ce29fc
 2019-05-17 11:36:57 -07:00
Smita Ghosh
e7b9fe2a1c Sepolicy: Set genfs context for modem restart_level 
If this is not set, modem ssr fails

Change-Id: Ie6d035f80f897cd278facb885e937ebf37b79900
 2019-05-17 10:49:59 -07:00
qctecmdr
625a956160 Merge "sepolicy: Add vendor grep file context." 2019-05-17 05:54:28 -07:00
Ravi Kumar Siddojigari
ae4f642494 sepolicy : startup scripts are given permission to read /proc/meminfo 
post_boot or other startup scrpits need access to /proc/meminfo
so adding the required permission.

Change-Id: Ia3ecab3b049af4204c8af85bdee6eba2fa5849bd
 2019-05-17 12:19:49 +05:30
qctecmdr
f45ff29020 Merge "sepolicy: Give read/write permission to vender_gles_data_file" 2019-05-16 05:41:03 -07:00
qctecmdr
d2cb04b0d9 Merge "sepolicy: Add permission to access min_level_change node for hdcp" 2019-05-16 03:41:20 -07:00
Sandeep Neerudu
50dbc4287a sepolicy : Add property access rules for sensors init script 
Change-Id: I59d8cfbe7b6dd88e748a33ffad9a006026ba3573
 2019-05-16 01:23:12 -07:00
qctecmdr
5091e4e873 Merge "sepolicy: Allow camera to access cvp" 2019-05-15 21:56:05 -07:00
qctecmdr
89c497f151 Merge "Camera: Allow camera to access GPU device" 2019-05-15 10:35:10 -07:00
Ruofei Ma
715d9362c8 sepolicy: Allow camera to access cvp 
Add rule to allow camera to access cvp device.

Change-Id: I3d35546cea0ba3fa700eb18a7178d6fa153d251a
 2019-05-15 10:06:05 -07:00
Sandeep Neerudu
01daaa8332 sepolicy: Add persist file access rules for USTA test App 
Change-Id: I1ea7b7bd2a77dc37021fc3312ca04e25eeff06a9
 2019-05-15 06:35:49 -07:00
qctecmdr
3e491f0340 Merge "sepolicy: allow property settable for vendor_init" 2019-05-15 04:46:24 -07:00
Vijay Dandiga
48242a3651 sepolicy: Add vendor grep file context. 
grep is used in detecting RAM size in post init scripts.
Based on RAM size, few memory parameters are set.

Change-Id: Iee3cb90fe43c3b0f182dcffd71bc7bcac652188d
 2019-05-15 16:08:16 +05:30
qctecmdr
0e7f78678e Merge "Camera: Add permission to access camera library for passthrough hidl" 2019-05-14 23:10:42 -07:00
Pu Chen
635f6ca03c Camera: Allow camera to access GPU device 
Add rule to access GPU device.

Change-Id: I7fb469c478184075f7bf2c50e8a256d6c392a9dc
 2019-05-14 15:48:02 -07:00
Ravikanth Tuniki
0c661ba66a sepolicy: Add permission to access min_level_change node for hdcp 
CRs-Fixed: 2449926
Change-Id: Ia5e79827f17adf7924da1eac99e2ece892ba07ab
 2019-05-14 16:44:12 +05:30
Mao Jinlong
9f773f683b genfs_contexts: Add label to qdss sysfs nodes for kona and lito 
Add label to qdss sysfs nodes to avoid the denial when qcomsysd accesses
qdss sysfs.

Change-Id: I38c8900b11343a6579c88b3a799f070d01936423
 2019-05-14 15:33:24 +08:00
Vijay Agrawal
9e590042e9 sepolicy: Give read/write permission to vender_gles_data_file 
Add sepolicy for untrusted_app_25, priv_app.te, domain.te
to read/write vender_gles_data_file to access system_server,
surfaceflinger, bootanim, system_app, platform_app,
priv_app, radio, shell

04-11 21:12:48.359  8395  8395 W RenderThread: type=1400
audit(0.0:1058): avc: denied { read } for
name="esx_config.txt" dev="dm-0" ino=295474
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:vendor_data_file:s0 tclass=file
permissive=0 app=com.qualcomm.adrenotest.

CRs-Fixed:2436094, 2441817

Change-Id: I15dc9873cd38bbca9f955917d57b3da2a5b056b7
Signed-off-by: Vijay Agrawal <vijaagra@codeaurora.org>
 2019-05-14 11:01:35 +05:30
shoudil
0ab001b27a sepolicy: allow property settable for vendor_init 
Allow property ro.vendor.qti.va_aosp settable for vendor_init.
Help ODM properties get loaded successfully.

Change-Id: Ie3005a625957673c150aba40373572278329bf0a
CRs-Fixed: 2451592
 2019-05-13 18:12:04 +08:00
qctecmdr
56ec9c4e76 Merge "sepolicy: Added hal_perf_hwservice permisions" 2019-05-09 11:52:26 -07:00
qctecmdr
f8546824b2 Merge "sepolicy: Define security context for "ro.build.software.version"" 2019-05-09 10:01:31 -07:00
qctecmdr
bd80cd6bfa Merge "sepolicy : addressed dumpstate related denials." 2019-05-09 08:15:09 -07:00
qctecmdr
65d2e95aab Merge "sepolicy: Add sepolicy for hal_memtrack to read sysfs_kgsl_proc" 2019-05-09 05:50:26 -07:00
Devi Sandeep Endluri V V
ec15b57f88 sepolicy: Define security context for "ro.build.software.version" 
All vendor init process would have access to vendor_default_prop.
Define security context for "ro.build.software.version" as
vendor_default_prop.

Change-Id: I5b1f1698dcbb3d914a66c540f31f7624c707a72e
 2019-05-09 04:12:47 -07:00
qctecmdr
a608767889 Merge "sepolicy: Declared FastCV libs as sp-hal" 2019-05-09 04:01:18 -07:00
qctecmdr
2906183b07 Merge "sepolicy: Declaring opencl.so as sp-hal for all the targets." 2019-05-09 02:10:34 -07:00
qctecmdr
58bd346722 Merge "sepolicy: Add rule for imsrcsd to communicate with radio" 2019-05-09 00:25:19 -07:00
qctecmdr
7e71c0fd5c Merge "sepolicy: Add policy for USB HAL" 2019-05-08 22:30:10 -07:00
kranthi
abea04783c sepolicy: Add sepolicy for hal_memtrack to read sysfs_kgsl_proc 
Add sepolicy for hal_memtrack_default to read kgsl memory.

avc: denied { read } for comm="memtrack@1.0-se"
name="gpumem_mapped"dev="sysfs" ino=82422
scontext=u:r:hal_memtrack_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0.

CRs-Fixed: 2421195

Change-Id: I254df836754b5ebc09f44f7053edf85867a963a5
 2019-05-08 15:22:59 +05:30
Richa Agarwal
7d6fb60768 sepolicy: Added hal_perf_hwservice permisions 
Added hal_perf_hwservice permisions for
qtidataservices_app.te file

Change-Id: Ib480a503c1652e0650bda4aff07085ff894178d6
 2019-05-08 14:02:21 +05:30
Pavan Kumar M
58d519cbcc Add permission to set/get persist.vendor.net.doxlat 
- Add permission for rild to set and get the property
  persist.vendor.net.doxlat

- Revoke set_prop permission to system_server.

- Define domain for DataConnection HAL

Change-Id: I143bfffa8af61d087d8210516c57a211e25f0a1d
CRs-Fixed: 2425156
 2019-05-07 21:06:28 -07:00
Suman Voora
50a3807ca7 sepolicy: Declared FastCV libs as sp-hal 
Updated the permissions for cvp,scve hals
          Needed CV libs to be accessed by the apks.
Change-Id: Ic65a1e4bd75d4d978200fe62e23ddc354a7e83f2
 2019-05-07 16:08:39 +05:30
Ravi Kumar Siddojigari
432d4af4c9 sepolicy : addressed dumpstate related denials. 
As part of CTS testing its expected no denails should be seen
from dumpstate domain during testing so addressing generic
permission issue.

test :testNoBugreportDenials

Change-Id: I27178e6b4180d53cd5f6574bf71fe54819b10454
 2019-05-07 00:37:11 -07:00
qctecmdr
518a386347 Merge "sepolicy: Add required sepolicy for vulkan.adreno.so" 2019-05-06 11:25:08 -07:00
qctecmdr
e46c882b62 Merge "sepolicy: remove violators which are not to be used" 2019-05-06 03:50:36 -07:00
qctecmdr
c6c1f9df62 Merge "sepolicy: Add wakelock capability for rcsservice" 2019-05-05 21:57:18 -07:00
qctecmdr
38ceae6f6b Merge "sepolicy: Add policy to allow access to rmnet_mhi0 RPS entry" 2019-05-05 21:55:16 -07:00
qctecmdr
e36a6e565c Merge "sepolicy: add permission for charger" 2019-05-05 21:48:28 -07:00
Rama Krishna Nunna
bc8a16ed8b Camera: Add permission to access camera library for passthrough hidl 
- Gralloc needs to access Camera library
- Adding necessary permissions

Change-Id: Id1d1740dd10fcc4ca393f909348297ac13beba39
 2019-05-03 16:25:45 -07:00
Devi Sandeep Endluri V V
e8c9a38c08 sepolicy: Add rule for imsrcsd to communicate with radio 
Change-Id: I6d1c45b5d92347957b4f2813e267dda5049c4d9d
 2019-05-03 03:01:08 -07:00
Jack Pham
f9bd0b096a sepolicy: Add policy for USB HAL 
Add rules for hal_usb_qti service, which is part of hal_usb
and hal_usb_gadget domains defined by system policy. Grant
access to needed properties and files.

Change-Id: I1e03ad1e63f5c70788f04e52833f6d09cc76eca8
 2019-05-02 11:17:41 -07:00
Ravi Kumar Siddojigari
a26eb5586a sepolicy: remove violators which are not to be used 
As part of security hardening  following  violators are
been removed
1. untrusted_app_visible_hwservice_violators
2. data_between_core_and_vendor_violators

Security testing check for violators sharing data between core and
vendor so removed the violator exception  in vendor_init.

hwservice are not to be exposed to untrusted app so remove hal_perf
for this list untrusted_app_visible_hwservice_violators list

Test:
testNoExemptionsForDataBetweenCoreAndVendor
testNoUntrustedAppVisiblehwservice

Change-Id: I76f26848a0f148b1b332f68fd05f7632f9399af6
 2019-05-02 16:46:14 +05:30
Subbaraman Narayanamurthy
060ac51eda sepolicy: add permission for charger 
Add the necessary permission for charger binary to support offmode
charging.

Change-Id: I6b173c07e221b50b51f3381f8d0b490535ae73ae
 2019-05-01 15:37:18 -07:00
Subash Abhinov Kasiviswanathan
78217eca78 sepolicy: Add policy to allow access to rmnet_mhi0 RPS entry 
This is needed to set the receive packet steering entry.
Fixes the following denial -

avc: denied { read write } for comm="netmgrd" name="rps_cpus"
dev="sysfs" ino=79460 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

CRs-fixed: 2425568
Change-Id: Idc94fbef7ed922a6d2376fd82bdb6cb45ff0d536
 2019-04-30 16:23:20 -06:00
Mathew Joseph Karimpanal
b32d150dc9 sepolicy : Permit system_server to read vendor display properties 
Permit system_server to read vendor.display.xxx properties.

Change-Id: I4fb74c2edabd6203304b256bb87cb84517dcad58
CRs-fixed: 2444569
 2019-04-30 17:29:19 +05:30
Eric Chang
8cb4145a73 sepolicy: Add wakelock capability for rcsservice 
Change-Id: If842405cbbb8fba6d2b6d4d471f00d1b02320cfe
 2019-04-26 14:48:07 -07:00
Harshdeep Dhatt
7c60ce7a95 sepolicy: Add required sepolicy for vulkan.adreno.so 
CRs-Fixed: 2442489

Change-Id: I9ab11f0ae7df7f03cdb6cc2a8709d7a090299237
 2019-04-26 14:39:51 -06:00
qctecmdr
3233102de8 Merge "Sepolicy: Update sepolicy ops listener" 2019-04-26 10:40:04 -07:00
Ravi Kumar Siddojigari
81835b7c6c sepolicy : remove sysfs_net related entries which are duplicate 
Following paths on sysfs are now labeled in system side
file_contexts  so removing the duplicate entries from
vendor side genfs_contexts .

/module/tcp_cubic/parameters
/devices/virtual/net

Change-Id: I92336f6c991d6a9e9a51246082c5940b8d6ebaae
 2019-04-26 02:20:20 -07:00
qctecmdr
8f5a2321d7 Merge "Remove permission to read hosts file" 2019-04-25 21:21:11 -07:00
Aman Gupta
04bdbfe277 Sepolicy: Added rule to support ODL for ADPL 
Added a file context for odl_ipa_ctl/ipa_adpl char device

Change-Id: Ia135f4fed4bf438084bf4101d5dc24560c741028
 2019-04-22 10:51:27 -07:00
Tirupathi Reddy
46320b773d sepolicy : correct AndroidNN binary details 
Change-Id: I4b565ce9b28fe7e83cd6b678616490e7ec351272
 2019-04-21 23:10:43 -07:00
qctecmdr
6ad0a132ae Merge "[sepolicy] Add WIGIG device entry to genfs_contexts" 2019-04-20 05:40:52 -07:00
qctecmdr
0df6b406a8 Merge "Sepolicy: Added rules for QTI HANA55 MHI node access" 2019-04-20 02:29:58 -07:00
qctecmdr
0a40db544d Merge "sepolicy: update access policy for charger script" 2019-04-19 23:29:04 -07:00
qctecmdr
69a4638778 Merge "msmnile: Port recovery domain rules." 2019-04-19 11:46:08 -07:00
Phalguni
43411c2675 Sepolicy: Update sepolicy ops listener 
Add read and write permissions for graphics device
CRs-Fixed: 2438059

Change-Id: Ide4f6c936512956f68a2de1e672c28a9d3f4435b
 2019-04-19 10:44:48 -07:00
Tapas Dey
f655e8ebfb sepolicy: Fix NFC avc denial issue 
Add rule to allow NFC to access runtime data file and fix below
denial:

com.android.nfc: type=1400 audit(0.0:1125): avc: denied { write }
for comm=4173796E635461736B202331 name="nfc" dev="sda8" ino=475137
scontext=u:r:nfc:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
permissive=0

Change-Id: I977931c1918035ad46ccc5240a03463e4d9edb56
 2019-04-19 11:44:09 +05:30
qctecmdr
38f1871b9d Merge "sepolicy: kona: Fix parallel charger path" 2019-04-18 04:46:29 -07:00
padarshr
a227a6a469 msmnile: Port recovery domain rules. 
Add recovery process's needed sepolicies that were
missing in generic folder, to grant accesses (for
various things like sdcard mount/read etc).

Change-Id: Id2fe77d41a0b0395c66a218e275b1a0b45aec593
 2019-04-18 03:33:32 -07:00
Tyler Wear
da8f3bb6a4 sepolicy: Policy fix for CND SSR 
Add sepolicy rule to alow cnd process to perform
directory read on the SYSFS for SSR.

Change-Id: I5d8093b6d01584bcdbd0526f7335d7fcc601a4e5
 2019-04-17 14:31:55 -07:00
Aman Gupta
c2e74e6de7 Sepolicy: Added rules for QTI HANA55 MHI node access 
MHI node name retrival access policy rules

Change-Id: I513732f0c85db0c9a56920fad9f4331bd41e6f52
 2019-04-17 13:40:50 -07:00
Anuj Jalota
cedf94bb8c sepolicy: Declaring opencl.so as sp-hal for all the targets. 
Change-Id: I57b831db4da8e62971e2b3961bbb181c70b57353
 2019-04-17 17:52:16 +05:30
Subbaraman Narayanamurthy
b4e06efc2b sepolicy: update access policy for charger script 
Currently qti_init_shell label is applied for init.qti.charger.sh
however the script filename is changed to init.qti.chg_policy.sh
under charger_monitor project. Hence update access policy for
init.qti.chg_policy.sh and move them to qva/vendor/common along
with "hvdcp_opti" which seems to be the proper place.

Change-Id: I86ec11c12593a76069fbdcf5ed41cc05359938ad
 2019-04-15 12:22:01 -07:00
Subbaraman Narayanamurthy
a91ce136d1 sepolicy: kona: Fix parallel charger path 
Fix the device path for smb1355 parallel charger that can be used
on kona platforms.

Change-Id: I0d05cbe1239eeba5d0bd38f5cb204b68536ead3f
 2019-04-15 12:12:36 -07:00
qctecmdr
9d8decb80a Merge "Add rules for PPTP/L2TP VPN connection success" 2019-04-12 07:00:20 -07:00
qctecmdr
61d16198a6 Merge "Sepolicy: Add power off alarm rules" 2019-04-12 03:55:16 -07:00
Chalapathi Bathala
5e1f14729e [sepolicy] Add WIGIG device entry to genfs_contexts 
[sepolicy] Add WIGIG device entry to genfs_contexts

Change-Id: I56e2eeeb9739e607bfbc33fcc06c96c3efd6084a
 2019-04-11 18:40:43 -07:00
qctecmdr
18d948e94e Merge "SEPOLICY: Add vendor_adsprpc_prop property" 2019-04-11 04:50:55 -07:00
Vinay Gannevaram
606163f5ea sepolicy : Removed netadmin capability for location 
Removed net admin capabilites for lowi. From now nl msgs of lowi
would route to wifihal via control socket.
Wifi hal allows its authenticated clients to send nl msgs to it.
Lowi module is one of its clients and hence added socket permissions
to access wifihal control interface

CRs-Fixed: 2424268
Change-Id: I18aba9169b23e8b0c9260cbf1e7a52bf59e0030d
 2019-04-10 03:01:51 -07:00
Vinay Gannevaram
1eaea11a3c sepolicy : Added wifihal sock perms and allow clients to connect 
Added wifihal directory in /dev/sockets path.
Wifi hal allows its authenticated clients to send nl msgs to it.
Lowi module is one of its clients and hence added socket permissions
to access wifihal control interface.

CRs-Fixed: 2424252
Change-Id: I9aa7b54f2f944d59148508eace3c658a23e5d2d8
 2019-04-10 03:01:01 -07:00
Tharun Kumar Merugu
e0c312a1ff SEPOLICY: Add vendor_adsprpc_prop property 
Add vendor_adsprpc_prop property to support the OS-upgrade.

Change-Id: Ie68d96a5e871b1fcc9920c24a393b60d6eb602f3
 2019-04-09 18:19:55 +05:30
Vinay Gannevaram
9b3711ccdc sepolicy: Added socket perms to location to connect to wpa ctrl socket 
Lowi interacts with wpa supplicant for scan and anqp query via ctrl
communication. As the wpa control socket is in /data/vendor/ path
the required sepolicy changes are needed for location module

CRs-Fixed: 2431133
Change-Id: Icaef72229bc028c446c8d60c0b471de9583c63ae
 2019-04-09 04:25:59 -07:00
Qimeng Pan
322dbb03e5 Sepolicy: Add power off alarm rules 
Add power off alarm rules to access share preference in add data.

Change-Id: I972bc5a83f0e68c289c7defbcf7e2b7318eaa8e4
CRs-Fixed: 2430367
 2019-04-09 13:57:45 +08:00
Devi Sandeep Endluri V V
6da7a4e87c Add rules for PPTP/L2TP VPN connection success 
In newer kernels (4.14 and above), new context pppox_socket
is defined for PPPOX sockets. For successful VPN connection,
need the corresponding pppox_socket specific rules for ppp
and mtp daemons

CRs-Fixed: 2412475
Change-Id: I3488dabcc464b81a1e1109489b5aeb7530102997
 2019-04-05 23:04:11 +05:30
padarshr
1efa2458e3 Label the scsi_generic sysfs node and give it's read access to bootctl. 
Bootctl needs read access to scsi_generic node to lookup what
/dev/sgN device corresponds to the XBL partitions.
Label it and give read access to bootctl.

Change-Id: I91d54ba05dd3d5fe34296e3911537ed57e51a067
 2019-04-04 05:22:29 -07:00
qctecmdr
0ea5678b0f Merge "sepolicy: /sys/kernel/debug/ access for hal_graphics_composer" 2019-04-03 04:49:16 -07:00
qctecmdr
5338a3c972 Merge "sepolicy: add rules to connect to ims_socket" 2019-04-02 15:35:16 -07:00
Gurpreet Singh Dhami
1fea5898dd sepolicy: /sys/kernel/debug/ access for hal_graphics_composer 
Add rules to allow hwcomposer process to open /sys/kernel/debug/ nodes
for debugfs node content dumping during HWRecovery

Change-Id: I2e3c4dec714a6b3391401bf9dd7cf9f0217270ff
 2019-04-02 14:56:57 -04:00
qctecmdr
905920ade9 Merge "mirrorlink: Add mirrorlink specific permissions" 2019-04-02 05:11:24 -07:00
Pavan Kumar M
77613ff04b sepolicy: add rules to connect to ims_socket 
Add rules for imshelper_App to write and connect
to ims_socket.

Change-Id: I0ec8c0708abfcc22bf7fce8ea70c4ef4a98c16e4
 2019-04-02 16:50:00 +05:30
qctecmdr
e5ff527a76 Merge "sepolicy: Add policy for Qti mapper version 1.1" 2019-04-02 02:01:08 -07:00
Ashish Kumar
6331acd1ed sepolicy: Add policy for Qti mapper version 1.1 
CRs-Fixed: 2411582
Change-Id: If75eeb142b0484def250d813337e2d3307193c1b
 2019-04-01 10:28:24 -07:00
qctecmdr
3fea7ba91a Merge "sepolicy: add persist file access for hvdcp" 2019-04-01 07:56:10 -07:00
Indranil
e6dbe4d954 mirrorlink: Add mirrorlink specific permissions 
1. Add usb genfs entry for kona
2. Allow access to /proc/asound/pcm file

Change-Id: Ic765e318c13d8c74423ad51e9b8399667775a582
 2019-03-31 22:35:42 -07:00
qctecmdr
322a3ff193 Merge "Sepolicy changes to allow create socket" 2019-03-30 03:51:00 -07:00
qctecmdr
65c6b01815 Merge "sepolicy: Add permissions for NPU DSP device" 2019-03-29 10:02:09 -07:00
qctecmdr
46c2f001a6 Merge "sepolicy: allow hal_usb_default to read sysfs_usb_supply" 2019-03-29 10:02:09 -07:00
Subbaraman Narayanamurthy
6fcf2c22d5 sepolicy: add persist file access for hvdcp 
hvdcp_opti daemon needs to store some parameters under vendor
persist (/mnt/vendor/persist/hvdcp_opti/*). Add the necessary
rule for it.

Also, move hvdcp.te from generic/vendor/common to qva/vendor/common.

Change-Id: I337b9c862d15c1080f7f7de7ba2fe26111d9f02b
 2019-03-28 13:21:15 -07:00
Rama Aparna Mallavarapu
20a506cf29 sepolicy: Add permissions for NPU DSP device 
Add permissions to NPU DSP device so that post_boot
script can update the sysfs nodes for this device.

Change-Id: I531cc4d9feedc22c0cfe515dcf86dbd917bc280b
 2019-03-27 15:15:46 -07:00
Devi Sandeep Endluri V V
89d738f84e Sepolicy changes to allow create socket 
Allow hal_rcsservice to create qipcrtr_socket

Denial:

avc: denied { create } for comm="imsrcsd"
scontext=u:r:hal_rcsservice:s0 tcontext=u:r:hal_rcsservice:s0
tclass=qipcrtr_socket permissive=0

Change-Id: I2efa91e771ae5a51aa23becef72000daf6c54dc5
 2019-03-27 03:29:53 -07:00
Devi Sandeep Endluri V V
8b59adcf27 sepolicy/radio: Add sepolicy rule for RCS client 
Rule for client applications to communicate with RCS vendor
service

Denial:

avc: denied { find } for
interface=com.qualcomm.qti.imscmservice::IImsCmService
sid=u:r:radio:s0 pid=5649 scontext=u:r:radio:s0
tcontext=u:object_r:hal_imsrcsd_hwservice:s0
tclass=hwservice_manager permissive=0

Change-Id: I3ea3d95e77509c89fdb3515f5eaa0a0d4d376e1f
 2019-03-27 03:25:13 -07:00
Chandana Kishori Chiluveru
4cfec0d1a9 sepolicy: allow hal_usb_default to read sysfs_usb_supply 
Grant file read access to hal_usb_default context to read
from the syfs_usb_supply file context. This allows the USB
HAL to be able to read from /sys/class/power_supply/usb/*.

Change-Id: I6ac5672a87114af09c2b9314191116dd21c9e77a
 2019-03-27 03:24:10 -07:00
qctecmdr Service
42473ec6e3 Merge "sepolicy: add sysfs path for CDSP to L3 device" 2019-03-25 14:29:10 -07:00
qctecmdr Service
4a5e015318 Merge "Sepolicy-QTI/ADPL: Created a file context for sockets" 2019-03-23 10:32:08 -07:00
qctecmdr Service
6e8e91f71f Merge "sepolicy: Add permissions for cpu7 L3 memlat node" 2019-03-23 10:32:08 -07:00
qctecmdr Service
0319850a3d Merge "sepolicy: Add sepolicies for foss" 2019-03-23 10:32:07 -07:00
qctecmdr Service
a23099a64b Merge "sepolicy: qva: necessary sepolicy changes for vpp services" 2019-03-23 06:00:02 -07:00
qctecmdr Service
f511cb0989 Merge "sepolicy: add rules for jank killer feature" 2019-03-23 06:00:02 -07:00
qctecmdr Service
b8229bc625 Merge "sepolicy: Fix generic rules for time-services" 2019-03-23 06:00:02 -07:00
qctecmdr Service
69d14bc580 Merge "kona: Update WLAN node in genfs_contexts" 2019-03-23 02:57:05 -07:00
qctecmdr Service
52d99b04aa Merge "sepolicy: Add access policy for charger files" 2019-03-23 02:57:05 -07:00
qctecmdr Service
b2970fc5c0 Merge "sepolicy: allow camera process to access synx device node" 2019-03-23 02:57:04 -07:00
Gurpreet Singh Dhami
5a0a08ed0a sepolicy: Add sepolicies for foss 
FOSS is part of hardware.graphics.composer process now. Earlier
it was part of  mm-pp-daemon process. So adding corresponding sepolicies
and removing obsolete sepolicies related to mm-pp-daemon.

Change-Id: I6b6f5995813ac268b90d3d7d4cee0ec7cb67f6f5
 2019-03-23 02:54:52 -07:00
Aman Gupta
03e1a2c4b4 Sepolicy-QTI/ADPL: Created a file context for sockets 
Created a file context for sockets files

Change-Id: I6eed60942b74f12a71ade6d2f410e02064dc50c7
 2019-03-22 03:07:47 -07:00
Mohit Aggarwal
03e4ae3501 sepolicy: Fix generic rules for time-services 
The patch fixes generic sepolicy rules for
time-services.
Also adds rules required to read mhi sysfs
nodes for remote & local qtimer values.

Change-Id: I40c0e94e5e999f591d6780f62cefffae940f6345
 2019-03-22 13:58:03 +05:30
Karthik Gopalan
6739038499 sepolicy: add rules for jank killer feature 
Allow sf to access kgsl sysnode.

CRs-Fixed: 2418823

Change-Id: I4c6c8f5906f85e33f5f1e2de6ed8ca28ec3e2588
 2019-03-21 22:43:14 -07:00
qctecmdr Service
f441b83563 Merge "Fix the sysfs definition to avoid compilation error." 2019-03-21 03:29:58 -07:00
Biswajit Paul
97779c24bc Fix the sysfs definition to avoid compilation error. 
Move sysfs_mhi to common as the label is applicable to all target.

Change-Id: Id4e50fcbd2e2ec697fdb7ae58ef1427bf3c22d54
 2019-03-21 15:26:06 +05:30
qctecmdr Service
729ade1807 Merge "perf: Sepolicies to fix perflock functionalities" 2019-03-21 02:37:21 -07:00
Amir Vajid
5e237febcd sepolicy: add sysfs path for CDSP to L3 device 
Update permissions for CDSP to L3 device path
on kona.

Change-Id: I8a7c5e26516f4244b99ab23f2ae182f80675e152
 2019-03-19 16:48:01 -07:00
Gurpreet Singh Dhami
dc0ac36ee5 sepolicy: Add support for qdcm socket service 
Change-Id: I6ca534fa015091381f87b9b12056fec82b52581c
 2019-03-19 02:09:59 -07:00
Fenglin Wu
770c40ec5a sepolicy: Add access policy for charger files 
Add labels for charger related sysfs devices and script, and add policy
for charger script to access charger devices.

Change-Id: I64a70d11c051017d1eca70b09f735623312e4d69
 2019-03-19 14:49:31 +08:00
Karthik Gopalan
c0eb4d4fb3 perf: Sepolicies to fix perflock functionalities 
1. Allow perf-hal to create and read/write values
into default_values file which is created in
/data/vendor/perfd.

2. Allow perf-hal to read /sys/class/devfreq
directory and fetch values from the files.

CRs-Fixed: 2417754

Change-Id: I7a4494e95ff9cd57a295c76c53f4afb90570cc4d
 2019-03-18 18:50:39 +05:30
Shashi Shekar Shankar
eeee4c4244 sepolicy: Add permissions for cpu7 L3 memlat node 
Add permissions to the CPU7 Memlat node for sysfs
to access it.

Change-Id: Iafe49457112a20d40c1706f02ebf197323c864b2
 2019-03-18 00:47:14 -07:00
Li Sun
d0a2404b49 sepolicy: qva: necessary sepolicy changes for vpp services 
Add/update sepolicy files for vpp services

Change-Id: Ic97f87e13132417cbaacce17a99deed390a7bd87
 2019-03-17 19:25:03 -07:00
Yuanyuan Liu
915ffc781e kona: Update WLAN node in genfs_contexts 
Update WLAN node from "a0000000.qcom,cnss-qca6390" to
"b0000000.qcom,cnss-qca6390" in genfs_contexts.

Change-Id: I54334e9bd7ffc17653b2d30d689200b557eba2f8
 2019-03-15 20:17:11 -07:00
Dante Russo
66ef595ebf Remove permission to read hosts file 
Remove permission for reading hosts
file due to new Android socket API

Change-Id: I63b80cd4a487c0d41220045b876d53fdb6388a52
CRs-Fixed: 2417347
 2019-03-15 15:02:16 -07:00
qctecmdr Service
a43bfe4a1a Merge "msmnile: Add spmi and i2c-pmic devices to genfs_contexts" 2019-03-15 02:40:02 -07:00
Amir Vajid
5490bded32 sepolicy: correct sysfs paths for L3 devices 
Update the sysfs paths for L3 devices based on
latest naming convention.

Change-Id: Ia4dbc8eee0e8640e343997898929f2a93be6403c
 2019-03-14 12:32:22 -07:00
Sumukh Hallymysore Ravindra
556d712ff8 sepolicy: allow camera process to access synx device node 
Allow the hal camera process to access the new global synx
device node.

Change-Id: I70b41cb620b85f418bd8353132c25d922b2f9559
 2019-03-13 13:56:21 -07:00
Umang Agrawal
76cf294090 msmnile: Add spmi and i2c-pmic devices to genfs_contexts 
Define selinux context label for FG spmi device. While at it, add
the selinux context definition for smb1390 device also along with
SMB1355 alternate i2c address context definition.

Change-Id: I9d7c89a6fbbb2648d9c5a3e522b32c5e675c6534
 2019-03-13 11:33:47 +05:30
Nitin Shivpure
c062eb63f9 Sepolicy: Add legacy sepolicy rule for BT 
- Remove vendor_bluetooth_prop rule for unused wcnss_filter
  & hal_audio
- Add persist.vendor.qcom.bluetooth. &
  vendor.qcom.bluetooth. into vendor_bluetooth_prop context.
- Add SE policy for BT configstore.
- set vendor BT properties from vendor_init.

Change-Id: I9bb5277554363f981c7a639dc00c93b609423acb
 2019-03-12 18:55:23 -07:00
qctecmdr Service
73edc0e71e Merge "Sepolicy: Update subsys nodes for the tip" 2019-03-12 16:30:49 -07:00
Chalapathi Bathala
06ba5da903 Sepolicy: Update subsys nodes for the tip 
Change-Id: I57efaf410d82a319beb2ae9d7aad821f9b772b85
 2019-03-12 15:20:35 -07:00
Ramkumar Radhakrishnan
2c0afeca16 sepolicy: Define sepolicy for feature_enabler_client 
Change-Id: Id66258f5d0f9a0189b5f42682d051962a9a751f2
 2019-03-12 14:05:05 -07:00
Sauvik Saha
c29ae4e712 sepolicy: Add rule for CneApp to communicate to CND 
- Add rule to read cne prop.
- Add binder call rule.

Change-Id: I7c03fe016ede17fb747ad6cba85ff33725ff9f48
CRs-fixed: 2413355
 2019-03-11 03:08:34 -07:00
Ravi Kumar Siddojigari
880a69cd42 sepolicy : cleanup rule accessing to "sysfs" 
As part of security hardening access to sysfs label related
sepolicy rules should be removed.
So cleaning all the  directory  reads  and   sysfs:file access
which were seen in the following .
  hal_bootctl
  hal_gnss_qti
  hal_pasrmanager
  pd_services
  ssr_diag
  ssr_setup
  thermal-engine
  qmuxd
  sensors
  hal_perf_default

Change-Id: I51e98a3f68211357e2bb1455f28a96fc3aad4d88
 2019-03-07 18:24:30 +05:30
qctecmdr Service
c729b75ba8 Merge "sepolicy: IWlan QTIDATASERVICES" 2019-03-06 11:08:08 -08:00
Tyler Wear
64e1f060aa sepolicy: IWlan QTIDATASERVICES 
Add IWlan hal to qtidataservices app.
CRs-fixed: 2382338

Change-Id: Ia551f83b6894f2a6206c42f25b5ab2f1c9e67b0f
 2019-03-06 09:38:30 -08:00
qctecmdr Service
2a94ea4c97 Merge "sepolicy: Add rules to allow SDM to open ion_device" 2019-03-06 08:34:08 -08:00
qctecmdr Service
58cc5f3fbc Merge "sepolicy: Add create permissions for rild/atfwd" 2019-03-06 06:00:58 -08:00
Wileen Chiu
1c570a452d sepolicy: Add create permissions for rild/atfwd 
- modify permissions to include create for selinux

Change-Id: Ia9b40461354bba57448abd32727d11d1dfa8850e
CRs-Fixed: 2376128
 2019-03-05 15:33:58 -08:00
Karthik Gopalan
c724d73a9c perf-hal: sepolicy for perf-hal@2.0 
sepolicy rules for perf-hal@2.0

CRs-Fixed: 2403587

Change-Id: Iabc8e8f1ef35690daaff429395432a1570603269
 2019-03-05 16:04:39 +05:30
qctecmdr Service
558b8a3f71 Merge "QTI: Enable QTI on kona" 2019-03-04 04:17:06 -08:00
qctecmdr Service
66e79cd90d Merge "sepolicy: update BT Se linux policy rule" 2019-03-04 03:59:18 -08:00
qctecmdr Service
bb6a692563 Merge "Sepolicy: Set genfs context for subsystems restart_level" 2019-03-04 03:06:14 -08:00
Nitin Shivpure
a20df4daee sepolicy: update BT Se linux policy rule 
- Remove vendor_bluetooth_prop rule for unused wcnss_filter
  & hal_audio
- Add persist.vendor.qcom.bluetooth. &
  vendor.qcom.bluetooth. into vendor_bluetooth_prop context.
- Allow qipcrtr_socket perms for user builds as well.
- Allow BT process accessing persist.vendor.bt_logger.log_mask

Change-Id: I44065536f313e900fa08848c3309391f3817e05c
 2019-03-01 00:07:53 -08:00
Deepthi Gunturi
cb5d1e1c21 Sepolicy: Set genfs context for subsystems restart_level 
If genfs for subsystems is not set, ssr triggers will fail. 

Change-Id: I5d66bad086d2c73a457ea912d0e7e1478e4b41c4
 2019-02-28 10:58:12 +05:30
Ping Li
0c045a2732 sepolicy: Add rules to allow SDM to open ion_device 
LTM feature requires ION buffers, hence this change adds policy to
allow SDM to open ion_device to allocate ION buffers.

Change-Id: I4cf2b6bec5083b8970a614e43fb43348abbc1fc4
 2019-02-27 18:49:13 -08:00
Abhishek Srivastava
f64ab09bc5 Enhance sepolicy rules as per generic and qva sepolicy changes. 
This commit introduces the WLAN sepolicy rules in accordance with the
QVA VS Generic rules.

CRs-Fixed: 2402079
Change-Id: I4bfc4f3ef1ef2c5ffe986cc3d3f44dc9f5b92a1a
 2019-02-26 19:27:34 +05:30
Wileen Chiu
72b1eb3af1 sepolicy: added permissions needed for rild 
Adding sepolicy rules for denials seen for
ril daemon

Change-Id: I6b3c3e0dd1d145590bb825f4370ed28a77f49577
CRs-Fixed: 2376128
 2019-02-25 14:30:46 -08:00
Aman Gupta
67c75280fa QTI: Enable QTI on kona 
add mhi rules needed

Change-Id: I0da8d165d801762d50e60f4aa770b9fdd60bcb38
 2019-02-25 06:26:40 -08:00
qctecmdr Service
150553f9ff Merge "Sepolicy: Add power off alarm rules" 2019-02-25 05:40:53 -08:00
qctecmdr Service
69a2b0fbae Merge "sepolicy: add rules to access sensors power scripts from app" 2019-02-25 05:05:24 -08:00
Qimeng Pan
edf74ef256 Sepolicy: Add power off alarm rules 
Add power off alarm rules

Change-Id: I02b59aa2c34efc4b57810e592ca2750a511155f0
CRs-Fixed: 2399628
 2019-02-22 00:10:40 -08:00
qctecmdr Service
959bd02417 Merge "sepolicy: comply with app_zygote neverallow rules" 2019-02-21 03:31:46 -08:00
qctecmdr Service
0c9dc10a75 Merge "FR53463: Location generic and qva sepolicy changes." 2019-02-21 03:13:23 -08:00
qctecmdr Service
7ecdf9605e Merge "sepolicy: allowed v1.2 HALs for DRM and clearkey" 2019-02-21 02:42:11 -08:00
Harikrishnan Hariharan
a1dad7f9a8 FR53463: Location generic and qva sepolicy changes. 
Location sepolicy changes for SElinux support for common
vendor image as part of FR53463.

Change-Id: I3eed6eed7a44c1aed50b667671f875597da64db1
CRs-Fixed: 2341061
 2019-02-21 16:11:54 +05:30
qctecmdr Service
0c4a032f4d Merge "sepolicy: Change policy for wfd" 2019-02-21 02:25:15 -08:00
Indranil
bc08ccc617 sepolicy: Change policy for wfd 
WFD requires revision in it's SEAndroid policies due
to an OS upgrade and design re-architecure to conform
to system-wide mandates.

Change-Id: I3cd532c638b4bf6ee7ea8589fc64448cc08403f5
 2019-02-21 12:07:34 +05:30
Ravi Kumar Siddojigari
69a079b4b9 sepolicy: comply with app_zygote neverallow rules 
due security hardening we are seeing compile time issue with
testscript domains so updating te files to to comply to
app_zygote restrtiction.

Change-Id: I9d368fd756653f835aa38d9fcc0ef08fcf8368c7
 2019-02-20 22:22:54 -08:00
Pavan Kumar M
8324dc3a97 Sepolicy changes to allow create socket 
Allow cnd to create qipcrtr_socket

Denial :

avc: denied { create } for comm="cnd" scontext=u:r:cnd:s0
tcontext=u:r:cnd:s0 tclass=qipcrtr_socket permissive=1

Change-Id: I10885b9af1d362c2d04e5406ce618c0e6f84507f
CRs-Fixed: TBD
 2019-02-20 21:17:42 -08:00
qctecmdr Service
6ed8c6b341 Merge "Camera: Update permissions for Camera process" 2019-02-20 09:38:20 -08:00
qctecmdr Service
aa875c05a3 Merge "Sepolicy: Addressed the denial to create qipcrtr_socket" 2019-02-20 09:38:20 -08:00
qctecmdr Service
d441f2b38c Merge "SEPolicy : Add permissions for read MBN configs directory" 2019-02-20 08:21:00 -08:00
qctecmdr Service
3f7d06d919 Merge "sepolicy: Update the sysfs paths for the L3 devices." 2019-02-20 08:21:00 -08:00
qctecmdr Service
5580a13e33 Merge "sepolicy: Update device nodes for Kona" 2019-02-20 08:21:00 -08:00
Murthy Nidadavolu
8a721d67b2 sepolicy: allowed v1.2 HALs for DRM and clearkey 
v1.2 HALs to run for widevine and clearkey

Change-Id: I6df2a73aa943059172643c20691e8be21d6775ce
 2019-02-20 16:47:29 +05:30
qctecmdr Service
d2533e796a Merge "sepolicy: adding sepolicy changes" 2019-02-20 01:05:11 -08:00
Aman Gupta
fcff6f52ac Sepolicy: Addressed the denial to create qipcrtr_socket 
Taken care of denial to create a qipcrtr_socket by QTI

Change-Id: Icf4c0b60d30f1c496cc4b5afed94efa639143109
 2019-02-19 23:17:40 -08:00
Bruce Levy
dba0a6c89c sepolicy: Update device nodes for Kona 
Change-Id: I8068d580792645816a68699041a967d267f85132
 2019-02-19 17:31:02 -08:00
Jaihind Yadav
78f021fe6a sepolicy: moving qssi supported legacy target here. 
Change-Id: Ife7e851823afc1dcbf2f561c8079795e909544bc
 2019-02-18 21:49:10 -08:00
Rama Aparna Mallavarapu
a6d05fa912 sepolicy: Update the sysfs paths for the L3 devices. 
Fix the incorrect sysfs path for the L3 devices so that
postboot scripts can access them.

Change-Id: I16c68615bbb0f66fedc44475cb4774661d60d272
 2019-02-18 14:00:45 -08:00
Jaihind Yadav
b4e71b14e7 sepolicy: adding permission for hal_perf_default. 
Due to newrestriction priv_app can't access cgroup.
priv_app is client of hal_perf, so had to remove for hal_perf and adding for hal_perf_default.
Change-Id: I16b7ae208275ca8109fd05eb9cf19950ddf96fe6
 2019-02-18 18:47:21 +05:30
Sai Kousik Swarna
5223a96650 SEPolicy : Add permissions for read MBN configs directory 
Add permissions to access /data/vendor/modem_config from
RILD and ModemTestMode

Change-Id: Ie4c7123f5703aed125a4025a474738dfbd071808
CRs-Fixed: 2396249
 2019-02-17 21:25:01 -08:00
qctecmdr Service
b3b88696a6 Merge "sepolicy: Add ipa_uc" 2019-02-16 00:16:30 -08:00
Sunid Wilson
6602793f4f Camera: Update permissions for Camera process 
- Deleted unnecessary rules

Change-Id: If9fd992c6aa6ff4da1e5527b0de124816aeb3255
 2019-02-14 16:39:12 -08:00
Tharaga Balachandran
5b4a8b5ddb sepolicy: Add permission for /mnt/vendor/persist/display 
Allow hal_graphics_composer to access /mnt/vendor/persist/display

Change-Id: I7af786708b2fce5dfdf2930cacc2e47452f6dba3
CRs-Fixed: 2260713
 2019-02-12 20:22:58 -05:00
Shaikh Shadul
2b72835fe1 sepolicy: add rules to access sensors power scripts from app 
Change-Id: I15fc2d53291458079de1a369316d45b1bc638e10
 2019-02-12 17:03:56 -08:00
Amir Levy
fcf4269a60 sepolicy: Add ipa_uc 
Add ipa_uc to subsys1, move venus to subsys2.

Change-Id: I53aeaa7dc73832f2ac7b9c09e594ee70b9af4d86
 2019-02-12 10:29:45 -08:00
Smita Ghosh
26ff9f0b2b Sepolicy: add support for capabilityconfigstore 
1. Define domain for capabilityconfigstore
3. Add type for /data/vendor/configstore folder
4. Allow capabilityconfigstore HIDL Server access/r/w it.

Change-Id: Ic5fdf44f55d2647d34c9bdf574d60bc445256a48
 2019-02-08 14:55:41 -08:00
David Ng
e6c6ac2997 kona: Add storage block device and display-related labels 
Add partition and display-related SELinux labels.

Change-Id: I054dc40dd2f1f150497e1321e1d91d309288ca0f
 2019-02-07 11:56:49 -08:00
Chalapathi Bathala
ee029bfa0b sepolicy: Add file_contexts for kona 
sepolicy: Add file_contexts for kona

Change-Id: I399bac8b3c558cd638942f4a7705a5e6d8d7bbcc
 2019-02-07 10:52:36 -08:00
qctecmdr Service
e3397a0fe4 Merge "sepolicy: Remove diag support from surfaceflinger" 2019-02-07 07:50:58 -08:00