tequilaOS/platform_device_qcom_sepolicy_vndr-legacy-um
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4279 commits 1 branch 0 tags 5.5 MiB
Commit graph

4279 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sebastiano Barezzi
191a6ce91b sepolicy_vndr: legacy: Allow using logdump partition as metadata 
* sdm845 and sdm710 didn't have a metadata partition, but we can repurpose logdump which is a 64MB partition used to store Android logcats

Change-Id: I826571d4e31f2a3f03c1d3e6a0daab262a4ccd6b
(cherry picked from commit 8a5eeb6a2bfb3f1a7232199d32c1e3c2bbc0ef55)
 2024-01-19 13:54:53 +00:00
Alexander Winkowski
fdf18a4bde holi: Label discard_max_bytes sysfs 
Change-Id: I5d76fa0a0dc680e5128d382bed794a8c724a0a8c
 2024-01-10 14:50:47 +00:00
Bruno Martins
4aa876fa77 Merge tag 'LA.UM.9.14.r1-23600-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/device/qcom/sepolicy_vndr into lineage-21.0-legacy-um 
"LA.UM.9.14.r1-23600-LAHAINA.QSSI14.0"

* tag 'LA.UM.9.14.r1-23600-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/device/qcom/sepolicy_vndr:
  Revert "sepolicy: update display boot service rules"
  sepolicy: update display boot service rules
  Sepolicy_vndr : Allow creating IPA FWs
  sepolicy_vndr : bengal: Fix avc denials for wakeup nodes
  Fix avc denials
  BT: Add bluetooth support to access mediametrics service
  sepolicy rules to allow Gnss Hal to access RIL Srv for kona target
  sepolicy rules to allow Gnss Hal to access RIL Srv for holi target
  sepolicy_vndr : lahaina: Fix avc denials for wakeup nodes
  sepolicy_vndr: Suppress QMCS related denial errors in ENG builds
  sepolicy_vndr : Allow vendor_qti_init_shell to set ctl_start_prop
  sepolicy_vndr:qcc: read vendor_qcc_prop
  Aidirector sepolicy changes to run in enforced mode
  sepolicy: Add uio device node
  QGuard: add permission for black screen detector
  sepolicy_vndr: Allow system_server read vendor_persist_camera_prop
  Sepolicy rules to allow Gnss Hal to access ssgtz
  QCM6490.LA.3.1: addressing Modem & ADSP  sysfs wakeup node.

Change-Id: Idc7a655385a67cead68d5802d990d8c4dd6bbc6d
 2024-01-09 12:45:10 +00:00
Michael Bestas
6f4cd84d08 bengal: Allow using legacy IMS rules 
Having both files in place causes a neverallow,
so guard it behind a flag.

Change-Id: Ic485e454b7f5d81b954ffffdd8743b3ca879cde1
 2024-01-08 19:17:27 +00:00
Michael Bestas
e1ee878190
Reapply "Add sepolicy rules to run imsdaemon on bengal" 
This reverts commit a028e92a97.

Change-Id: Id6d7bc25a683af0712436a6657b0cd48d2d53e2f
 2024-01-02 21:39:47 +02:00
Linux Build Service Account
c29c43a01a Merge e0fbf94bb4 on remote branch 
Change-Id: I7f6f3031772d8a93c4c4e1add7cb03e13501be1c
 2023-12-11 03:54:01 -08:00
Michael Bestas
e8f23940ba msmnile: Allow init write to discard_max_bytes 
system/core/rootdir/init.rc
1110:    write /dev/sys/block/by-name/userdata/queue/discard_max_bytes 134217728
1111:    write /dev/sys/block/by-name/rootdisk/queue/discard_max_bytes 134217728

Fixes: avc: denied { write } for comm="init" name="discard_max_bytes"
    dev="sysfs" ino=68814 scontext=u:r:init:s0
    tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
Change-Id: I9cab3cff6db9e660b2805c0da956d005164327d6
 2023-12-09 12:45:15 +01:00
Vinoth Jayaram
e0fbf94bb4 Revert "sepolicy: update display boot service rules" 
This reverts commit c81632f5ea.

Reason for revert: <VTS issue - vts_treble_sys_prop_test -t __main__.VtsTrebleSysPropTest>

Change-Id: Ic36e385f0edc8f43d5af8e6a4fcc3dea9cdf5211
 2023-11-30 15:45:59 +05:30
Linux Build Service Account
73f9fe55a3 Merge c81632f5ea on remote branch 
Change-Id: I3f87eed87bf3934cc0ade4436213395d4b334248
 2023-11-28 00:10:58 -08:00
Michael Bestas
029f955688
Revert "sepolicy: Label idle_state node" 
This reverts commit 73d630715a.

Change-Id: Ifbc3eb3be14b736480db4d446657d5cd7a4f95b7
 2023-11-28 02:30:08 +02:00
BeYkeRYkt
73d630715a sepolicy: Label idle_state node 
Change-Id: I4ab197511726e28f7005d0e808803493e406591e
 2023-11-25 23:44:46 +00:00
Vinoth Jayaram
c81632f5ea sepolicy: update display boot service rules 
Added rules related to debug.sf prop.

Change-Id: Iaa590efa3a44014baf4b734530ae9ab746adfd36
 2023-11-22 11:47:23 +05:30
Linux Build Service Account
f61dd9d5a5 Merge f89478b3cb on remote branch 
Change-Id: I71165bc28d5404477d218385794712d303a8d7dd
 2023-11-14 11:54:00 -08:00
Bruno Martins
bbe0320404 sepolicy_vndr: Label QTI health AIDL service 
Change-Id: Ic49f0d4fa46ac4749e9bad3a9d4a780c54c3880e
 2023-11-13 16:56:28 +00:00
qctecmdr
90b398af3b Merge "sepolicy_vndr : bengal: Fix avc denials for wakeup nodes" 2023-11-10 03:55:43 -08:00
qctecmdr
e37b10687e Merge "Sepolicy_vndr : Allow creating IPA FWs" 2023-11-10 03:55:43 -08:00
Neelu Maheshwari
cf3ac8a369 Sepolicy_vndr : Allow creating IPA FWs 
Change-Id: I762ad746a65d44ac777ed5c401e5f25ee52cf58d
 2023-11-09 16:13:41 +05:30
Neelu Maheshwari
9a6e0aec76 sepolicy_vndr : bengal: Fix avc denials for wakeup nodes 
Change-Id: I9aa05bfc90582365437edfb690d693b411f479ce
 2023-11-09 01:00:34 -08:00
Haseena Shaik
1fc1a28228 Fix avc denials 
-Adding rule to fix avc denials because of sepolicy issue

CRs-Fixed: 3643432

Change-Id: I0fb76e38b8fdac343b2573a415b346f2096e9246
 2023-11-07 21:42:48 -08:00
qctecmdr
f89478b3cb Merge "sepolicy: Add uio device node" 2023-11-02 05:39:34 -07:00
qctecmdr
1d5f77c1a9 Merge "BT: Add bluetooth support to access mediametrics service" 2023-10-30 02:39:01 -07:00
qctecmdr
0e8feb3472 Merge "sepolicy rules to allow Gnss Hal to access RIL Srv for kona target" 2023-10-27 04:15:56 -07:00
gaoxiang
1406906334 BT: Add bluetooth support to access mediametrics service 
When bluetooth try to delete the created audiotrack
during sink disconnect, audiotrack will access mediametrics
service, SElinux deny the permission which request by bluetooth

CRs-Fixed: 3625388

Change-Id: If1bfe1a908153601568997c403876eda85c56731
 2023-10-25 19:47:39 -07:00
LuK1337
ab5cda5389 sepolicy_vndr: legacy: Allow rild to binder call qtidataservices_app 
Change-Id: Ifa358020513c1a01554d4e715612b59ca1342f67
 2023-10-26 01:22:55 +01:00
LuK1337
2ed88fdf4d sepolicy_vndr: Remove duplicate bt_device type definition 
Change-Id: I6b79865a3b21b887723ef603fbd3a10ddf0eda7b
 2023-10-26 01:22:55 +01:00
LuK1337
a5de4b257b sepolicy_vndr: isolated_app -> isolated_app_all 
Change-Id: I10b09afe41b927875d1f7c37d6fc18b75ae1250a
 2023-10-26 01:22:55 +01:00
Steven Moreland
ab38a99d23 Remove vendor_service. 
We want to avoid associating types with where they can be used.

Bug: 237115222
Test: build
Change-Id: Iddc557b9eeef7acee16efa37ba832d2eb033cdc6
 2023-10-26 01:22:48 +01:00
Alexander Winkowski
04873c109e atoll: Label discard_max_bytes sysfs 
Change-Id: I64aa4f24eab108f20d2b3a0a3317875a7e8abf31
 2023-10-24 23:47:18 +01:00
Pulkit077
b254b38664 sepolicy_vndr: Fix wakeup labels for (msmnile|msmsteppe|atoll) 
Change-Id: I9be4435303fb4295e48befbacfd84ee86e538662
Signed-off-by: Pulkit077 <pulkitagarwal2k1@gmail.com>
 2023-10-24 23:47:18 +01:00
Gaurav Singhal
66224c361b sepolicy_vndr: Allow NFC HAL to access vendor data folder 
Allow NFC HAL service to access vendor data folder for
transit config use cases and fix below denial.

avc: denied { search } for name="nfc" dev="dm-6" ino=41938
scontext=u:r:hal_nfc_default:s0
tcontext=u:object_r:vendor_nfc_vendor_data_file:s0
tclass=dir permissive=1

Change-Id: I609a851bb25e6459082438450f8bdc096f661738
 2023-10-24 23:47:18 +01:00
Alexander Winkowski
ec11c80bf4 sepolicy_vndr: Allow qti_init_shell to set watermark boost factor 
Change-Id: Iffaf1f7846fdcf758adc1b173c52ac8a34754ee9
 2023-10-24 23:47:18 +01:00
Alexander Winkowski
da9488255f sepolicy_vndr: Allow to run e2fsck over dsp partition 
Change-Id: I08293267816226e2f1a97df787b6f61399c224bd
 2023-10-24 23:47:18 +01:00
Alexander Martinz
72feb80f53 legacy: vppservice: grant access to config store 
Also bring inline with qva rules.

Change-Id: Ie3477682e77678814abc56f5e9121ff8091aaf1e
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
 2023-10-24 23:47:18 +01:00
Michael Bestas
d3786c4b10 legacy: Label vppService 
Change-Id: Ia26f304f76bf29a75f9ea01104f6847411b3b5b7
 2023-10-24 23:47:18 +01:00
Michael Bestas
ed1e4ac758 Revert "kona: update sepolicy for KineticsXR controller debug property" 
This is completely broken.

This reverts commit 2293061bdb.

Change-Id: I7e0de7f35bac50de60dd70619856eb4e1b9376ff
 2023-10-24 23:47:18 +01:00
Michael Bestas
a57e68f515 legacy: Guard debugfs rules 
Allow building with PRODUCT_SET_DEBUGFS_RESTRICTIONS set.

Change-Id: I0d0703ea21f1f812c06247a3db2bc755e8904149
 2023-10-24 22:24:31 +01:00
Quallenauge
9032d5ed66 legacy: Allow qti_init_shell to set proc_watermark_scale_factor. 
Change-Id: I5e59fd91e723df95224e5738295c2b8007f6f053
 2023-10-24 22:24:31 +01:00
Michael Bestas
ce42f51c04 qva: Label vppService 
Change-Id: I29b6b536ffa7b1e0f04daf27259643694097081d
 2023-10-24 22:24:31 +01:00
Michael Bestas
dff2ce9c6c lito: Label sdcard read_ahead_kb 
Change-Id: I2680a441d7aacba87aab786ed00bc09f0889df1e
 2023-10-24 22:24:31 +01:00
Michael Bestas
4b57e91e3d bengal: Label emmc discard_max_bytes sysfs 
Change-Id: I358bf7ccf29dadcac53e646d51c7c9a476f5d023
 2023-10-24 22:24:31 +01:00
Michael Bestas
87f517c2ea qva: label bengal extcon 
Change-Id: Ie9f50b544665a8b66b172f35c0f45c5404628595
 2023-10-24 22:24:31 +01:00
LuK1337
882f153a12 Allow init to unmount bt_firmware_file/firmware_file 
Change-Id: Iab72245735d39aabbdf4f3f40238b36cf1701452
 2023-10-24 22:24:31 +01:00
Michael Bestas
a028e92a97 Revert "Add sepolicy rules to run imsdaemon on bengal" 
Bring back the old rules used by old blobs.

This reverts commit 42ff8589e6.

Change-Id: I5986a6c59b7a72091e526586e2cba736c7fa36c4
 2023-10-24 22:24:31 +01:00
Michael Bestas
78623eb479 bengal: Label discard_max_bytes sysfs 
Change-Id: I1cc993d353cf2966685a3276b4c97d86c7030326
 2023-10-24 22:24:31 +01:00
Michael Bestas
b20d8e7b2b bengal: Correct sysfs_wakeup paths 
Include all possible wakeup paths

Change-Id: I3d7a23abd7fb2668b51d1a51dc0a6bd316c0f379
 2023-10-24 22:24:31 +01:00
Quallenauge
aed1d02316 sepolicy: Allow qti_init_shell to set proc_watermark_scale_factor. 
Change-Id: I4a4812393c50ffec9d64dc1ad13514551c47985e
 2023-10-24 22:24:31 +01:00
Saikumar Vutukuri
3c24dd117b Sepolicy:Add rules for init-qti-dcvs-sh 
Change-Id: Idd7c3635afd8fa6539d6d4a447cbb0962aefd684
 2023-10-24 22:24:31 +01:00
Naman Jain
7c2f6567de sepolicy_vndr: Allow getprop for persist.debug.trace property 
Allow vendor init scripts to getprop persist.debug.trace property
to fix avc denial issues.

Change-Id: I739d8eb63d305b810af16dd2e31e5fead42037a7
 2023-10-24 22:24:31 +01:00
JohnnLee
f17560a5cb legacy/qva: label extcon files 
Bug: 199748390
Test: boot with those files labeled
09-13 17:01:44.542  1865  1865 I auditd  : type=1400 audit(0.0:5):
avc: denied { read } for comm="android.ui" name="extcon3" dev="sysfs"
ino=61612 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0
tclass=dir permissive=0
Change-Id: Iabab1243ce7259d46040901a2a734b5962d281a5

Change-Id: Id46c9620b0607e66f6ae61b2c30ede1b6996320f
 2023-10-24 22:24:31 +01:00
Michael Bestas
b4648e5213 generic: Label more discard_max_bytes sysfs 
Change-Id: I43e2c93d5915157c7a87a8f0799c45a54e251040
 2023-10-24 22:24:31 +01:00