* sdm845 and sdm710 didn't have a metadata partition, but we can repurpose logdump which is a 64MB partition used to store Android logcats
Change-Id: I826571d4e31f2a3f03c1d3e6a0daab262a4ccd6b
(cherry picked from commit 8a5eeb6a2bfb3f1a7232199d32c1e3c2bbc0ef55)
"LA.UM.9.14.r1-23600-LAHAINA.QSSI14.0"
* tag 'LA.UM.9.14.r1-23600-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/device/qcom/sepolicy_vndr:
Revert "sepolicy: update display boot service rules"
sepolicy: update display boot service rules
Sepolicy_vndr : Allow creating IPA FWs
sepolicy_vndr : bengal: Fix avc denials for wakeup nodes
Fix avc denials
BT: Add bluetooth support to access mediametrics service
sepolicy rules to allow Gnss Hal to access RIL Srv for kona target
sepolicy rules to allow Gnss Hal to access RIL Srv for holi target
sepolicy_vndr : lahaina: Fix avc denials for wakeup nodes
sepolicy_vndr: Suppress QMCS related denial errors in ENG builds
sepolicy_vndr : Allow vendor_qti_init_shell to set ctl_start_prop
sepolicy_vndr:qcc: read vendor_qcc_prop
Aidirector sepolicy changes to run in enforced mode
sepolicy: Add uio device node
QGuard: add permission for black screen detector
sepolicy_vndr: Allow system_server read vendor_persist_camera_prop
Sepolicy rules to allow Gnss Hal to access ssgtz
QCM6490.LA.3.1: addressing Modem & ADSP sysfs wakeup node.
Change-Id: Idc7a655385a67cead68d5802d990d8c4dd6bbc6d
When bluetooth try to delete the created audiotrack
during sink disconnect, audiotrack will access mediametrics
service, SElinux deny the permission which request by bluetooth
CRs-Fixed: 3625388
Change-Id: If1bfe1a908153601568997c403876eda85c56731
If a sdm845 device launched with dynamic partitions, it has a
metadata partition as well.
[ 110.888321] audit: type=1400 audit(3941230.073:20): avc: denied { read } for pid=597 comm="fastbootd" name="sda8" dev="tmpfs" ino=14643 scontext=u:r:fastbootd:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0
[ 110.908854] fastbootd: [libfs_mgr]Failed to open '/dev/block/by-name/metadata': Permission denied
Change-Id: I7897c0fec9b490c23111ff7cd08111757628fdf5
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
wlan driver/fw version are set at property at enforcing mode.
Add rules to allow to set wlan driver/fw version info
CRs-Fixed: 2460816
Change-Id: Ic0bb570cd53fe450512496c5864f432ce3219bbe
As qualcomm relabels read_ahead_kb and friends as sysfs_mmc_host
we explicitly need to grant apexd access to it or it will break.
This results in eg GSIs to be unbootable.
type=1400 audit(3799551.036:40): avc: denied { read write }
for comm="apexd" name="read_ahead_kb" dev="sysfs" ino=81305
scontext=u:r:apexd:s0 tcontext=u:object_r:sysfs_mmc_host:s0
tclass=file permissive=0
Change-Id: Iea24b94318893e8526e06e24bc3308acba37b0cc
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
Cvp is a new computer vision hardware
which interacts with DSP and video driver.
Adding new ion mem permission for cvp domains.
Change-Id: I6c2118b15cf5ccc6505c80969c4090e3396238e4
Allows netmgr to control starting/stopping the qmipriod daemon via
setting the relevant android properties.
Change-Id: I35d9af93ff565bddc4813eef8ad36db896d4a400
Add smcinvoke dev node as tee device in file_contexts.
This node has been moved from qssi to vendor for GSI
check.
Change-Id: I9ff2e94f8024f6b091afaa8e04381a3d808d9a2a
The `wifi.interface` property was labelled as `exported_default_prop` by
system/sepolicy in android 11. Since android 12 it is labelled as
`wifi_hal_prop` which causes the following denial.
W libc : Access denied finding property "wifi.interface"
W cnd : type=1400 audit(0.0:22): avc: denied { read } for name="u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=26257 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=0
Change-Id: I15c7ea0b0975e7be2f348b1215b4417d5ab08bf8
SLM enable dual link wifi data transfer by
efficient utilization of available channel capacity.
SLM enables UID specifc data transfer over two links.
"persist.vendor.slm.enable" property used to enable
and disable SLM feature.
CRs-Fixed: 2607286
Change-Id: Ia562f698a3fa309eb45e98dea2a9fdc6a7623799
levelFrom is used to determine the level (sensitivity + categories)
for MLS/MCS. If set to all, level is determined from both UID and
user ID. This is bad for poweroffalarm, as it needs to be able to
write to /persist/alarm/data which has a context without mls_level:
u:object_r:persist_alarm_file:s0
instead of
u:object_r:persist_alarm_file:s0:c0,c256,c512,c768
Change-Id: I9a8b706cdedc090281e4b5542eb34816b7ff338e
This reverts commit 2978c00a08.
Removing these rules was completely wrong because even the latest
PowerOffAlarm APK's from Android 13 images still need to write
to /persist/alarm/data file. Whatever CLO is doing hasn't been
propagated to WAIPIO.QSSI13.0 tags... so far.
Change-Id: I60e1b970025b0019b77721559d29c1e7fa1b7093
Add selinux rules for drm clearkey services. Refine and extend drm
widevine service rules for future updates.
Change-Id: I4cada93265a8e469352a6ecba3c7b676b665c2d3
