tequilaOS/platform_device_qcom_sepolicy_vndr-legacy-um
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4279 commits 1 branch 0 tags 5.5 MiB
Commit graph

4279 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mobashshirur Rahman
4003bdee0e sepolicy rules to allow Gnss Hal to access RIL Srv 
Change-Id: Ieeaf93f1113c8fbec2a97d27d1098f89b0150ae6
CRs-fixed: 3287913
 2023-05-08 12:02:48 +05:30
Bharat Pawar
ab6da963de Revert "sepolicy_vndr: Update lineptr_value drm sysfs node" 
This reverts commit 45b3f09931.

Change-Id: Idc26ed98b0598c4512b43b8cfd22a4a5c61d0f62
 2023-05-05 16:23:36 +05:30
Prakash Pabba
a5b0b680a3 sepolicy: Add sepolicy for Idataconnectionfactory AIDL 
Change-Id: I111910ab338afd36d9b45664bb4e61db4044fa9c
 2023-05-02 03:34:24 -07:00
Linux Build Service Account
7dcd70720a Merge 890d0f52e3 on remote branch 
Change-Id: I5fa9478a26e86d0ea117b822c10487d9ac62fbbd
 2023-05-01 12:38:42 -07:00
Prashant Beniwal
45b3f09931 sepolicy_vndr: Update lineptr_value drm sysfs node 
Update lineptr_value sysfs_graphics label for DRM driver nodes with
correct sysfs path in place of symlink.

Change-Id: I16ee8c71de5c738cf4de4a51c23b20d2f0ea6b21
 2023-04-24 02:25:32 -07:00
qctecmdr
890d0f52e3 Merge "Allow vendor_location_xtwifi_client to access ssgtzd socket" 2023-04-21 11:34:42 -07:00
qctecmdr
6f2bf764b3 Merge "sepolicy rules to allow Gnss Hal to access RIL Srv" 2023-04-20 10:02:14 -07:00
Mobashshirur Rahman
b80c35ae2a Allow vendor_location_xtwifi_client to access ssgtzd socket 
Change-Id: I473ae330cfa265a324c136b068fe94e62d38c845
CRs-Fixed: 3362880
 2023-04-20 16:38:29 +05:30
qctecmdr
b7b1bde993 Merge "sepolicy_vndr: Add sepolicy rules to stop HAL service" 2023-04-06 21:09:43 -07:00
qctecmdr
63c8599c69 Merge "sepolicy_vndr: Add sepolicy rules for strongbox shell file execution" 2023-04-06 10:16:30 -07:00
qctecmdr
fbfe554c70 Merge "sepolicy_vndr: eSE: Allow strongbox HAL to use secure_element HAL" 2023-04-06 08:00:29 -07:00
Ravishankar Gourishetti
11277e8512 sepolicy_vndr: Add sepolicy rules to stop HAL service 
Add sepolicy rule to stop keymaster-javacard HAL service.

Change-Id: I080d6172f230fdcace2df5b50f2efd376126a170
 2023-04-04 20:03:11 +05:30
Ravishankar Gourishetti
bcd63122b6 sepolicy_vndr: Add sepolicy rules for strongbox shell file execution 
Add sepolicy rules to start eSE-StrongBox specific
shell file excution on device during device boot up.

Add sepolicy rules to enable eSE-StrongBox HAL service
startup based on init shell file execution.

Change-Id: Idf032e69da7157537cc44a86195ff0eb33934c09
 2023-04-04 20:02:59 +05:30
Ravishankar Gourishetti
e554ab3560 sepolicy: eSE: Enable javacard-keymaster service 
eSE based strongbox-keymaster HAL 4.1 service is
required to be invoked from the boot to serve
operations requiring eSE HW for keymater operations.

Added entry for javacard-keymaster HAL 4.1 service.

Change-Id: I1211cb1d9e66b39c07355960b4065687ecd440dd
 2023-04-04 19:55:30 +05:30
Ravishankar Gourishetti
e45018c402 sepolicy_vndr: eSE: Allow strongbox HAL to use secure_element HAL 
Add sepolicy rules to allow Keymaster-strongbox HAL
communicate with secure_element HAL.
Fix has been raised to fix below error:
SELinux : avc:  denied  { find } for
interface=android.hardware.secure_element::ISecureElement
sid=u:r:hal_keymaster_default:s0 pid=658
scontext=u:r:hal_keymaster_default:s0
tcontext=u:object_r:hal_secure_element_hwservice:s0
tclass=hwservice_manager permissive=0

Change-Id: I4fbd3db616c7c801d2da31242cc7886525795d70
 2023-04-04 19:52:48 +05:30
Ravishankar Gourishetti
5ccf28c4ed sepolicy_vndr: eSE: Allow esepowermanager HAL to access NFC HAL 
Add sepolicy rules to allow esepowermanager HAL
to communicate with NFC HAL.

Change-Id: Id91a827d349dc6d14930c80d005cdd8a23dc2e45
 2023-04-04 19:49:56 +05:30
Mobashshirur Rahman
db3d805596 sepolicy rules to allow Gnss Hal to access RIL Srv 
Change-Id: I58f8f71978ddca6e97811e7523a1966cc6f475f8
CRs-fixed: 3287913
 2023-04-04 01:51:43 -07:00
vidyalak
2ab0b90523 Lahaina3.0: Sepolicy change added for init_boot. 
Change-Id: I8f8243c933db603333e550b233c72640267c5150
 2023-03-30 04:43:17 -07:00
vidyalak
8778aa313d atoll: FOTA changes with vendor_boot and init_boot 
Added Sepolicies required for FOTA.

Change-Id: Ia16a8c17928bfbc9f04b9c2a8b7f9d37a1ca1d99
 2023-03-29 00:28:45 -07:00
AKASH KUMAR
a879366d01 sepolicy: lahaina: Fix avc denials for vendor_qti_init_shell 
Getting below avc denials for vendor_qti_init_shell while doing
operations on configfs.

audit(10969.639:24)[0m: avc: denied { write } for comm="mkdir"
name="mjpeg" dev="configfs" ino=25399
scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=dir permissive=0

audit(2115.771:24)[0m: avc: denied { add_name } for comm="mkdir"
name="m1" scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=dir permissive=0

auditd  : type=1400 audit(0.0:102): avc: denied { create }
for comm="ln" name="h" scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=lnk_file permissive=0

audit(0.0:102): avc: denied { create } for name="h"
scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=lnk_file permissive=0

Added permission to create link file
and directory on configfs from qti init shell.

Change-Id: I621cd7f699153cd1ead051b7eaaa44b09b81190f
 2023-03-28 07:22:44 -07:00
Meng Wang
2293061bdb kona: update sepolicy for KineticsXR controller debug property 
Update sepolicy for KineticsXR controller debug property.

Change-Id: I4189e44a09baa607031bed3f04128d6c7f6e8ac1
 2023-03-14 08:19:30 -07:00
Linux Build Service Account
c2da318980 Merge 80c289ba0e on remote branch 
Change-Id: I292d62a4b8a62693a85f2565c743aa67b8d0e6ce
 2023-03-10 14:19:10 -08:00
Linux Build Service Account
b674984f02 Merge 42ff8589e6 on remote branch 
Change-Id: Ic0d9d493e6637533a4a6a0e82e60c04f2d7ea8c1
 2023-03-01 21:45:26 -08:00
Meng Wang
80c289ba0e kona: update sepolicy for KineticsXR controllers 
Update sepolicy for KineticsXR controllers.

Change-Id: I75a28dc44dfad25e0be8a470a30baa673f95a4b5
 2023-02-27 06:10:43 -08:00
Pratham Pratap
880bb4c478 sepolicy_vndr: Add permission to usb wakeup node of host mode 
Currently if the target is in host mode bus suspend and is woke up
by connecting USB peripheral, system_suspend server tries to
read or open or getattr /sys/devices/platform/soc/c440000.qcom,spmi/
spmi-0/spmi0-00/ c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/
usbpd/usbpd0/ nodes, it gets a denial as the wakeup nodes are created
dynamically,so when system_suspend tries to access the node it throws a
denial since it never got the permissions for accessing
the wakup nodes.

Following is the denial:
avc: denied { read } for comm="Binder:650_2" name="wakeup18"
dev="sysfs" ino=66695 scontext=u:r:system_suspend:s0
tcontext=u:object_r:vendor_sysfs_usbpd_device:s0 tclass=dir permissive=0

Fix this by creating a new sepolicy file and providing
system_suspend_server the permission of read to
vendor_sysfs_usb_node. This would give permissions to
sysfs_wakeup.

Change-Id: Ib624a90dadabd27044090cc7df0c7eb90a92ec40
 2023-02-17 16:28:13 +05:30
Pavan Kumar M
42ff8589e6 Add sepolicy rules to run imsdaemon on bengal 
Change-Id: I29a810f7daf1aa147261b08b4005ee6edb06267a
 2023-01-27 10:52:37 +05:30
Ashok Gandla
3bf264e5b4 QCS6125: support for vendor_boot and init_boot partion 
Included vendor_boot and init_boot partion for AB OTA

Change-Id: Iaaf1c6660a6691ed6a474ed6debdc4d239f7e52b
 2023-01-16 03:14:03 -08:00
Neelu Maheshwari
7711842470 sepolicy: lahaina: Fix avc denials for wakeup nodes 
Label wakeup sysfs nodes listed by SuspendSepolicyTests.sh.

Change-Id: I53aad29624e904b092c3cf73d498c735cf2f1b3e
 2022-12-22 16:37:18 +05:30
Ashish Thomas
b6bd648822 Added qcc to dropbox path 
Change-Id: Iab98e601bc5c5315d6f87d866ac4751990e37bc0
 2022-12-13 14:39:02 +05:30
Linux Build Service Account
012d2ef47c Merge 82a20ed16e on remote branch 
Change-Id: I562b36c288112dffa5c27c10edb5d7705a5b8581
 2022-12-05 22:30:14 -08:00
Manoj Basapathi
82a20ed16e Add fs_bpf rules for network stack. 
CRs-Fixed: 3292390
Change-Id: Idca5cc815ca09da1c1181221c84102434c730a54
 2022-11-11 14:57:49 +05:30
Linux Build Service Account
fff4e2ab6a Merge 26ae8da91e on remote branch 
Change-Id: I774ff4719e1073bfa55ab56eed581117370e0f8e
 2022-11-08 01:20:53 -08:00
Pavan Kumar M
26ae8da91e ims: Add sepolicy rules for vendor_ims_service. 
Add new sepolicy rules for single RCS registration.

Change-Id: I17fa68982814992056de846af9b5a7bf97fd5e2a
 2022-10-10 04:50:52 -07:00
Linux Build Service Account
e14f3df775 Merge 8021045140 on remote branch 
Change-Id: I2de1d9a612b11817973c3628bbd8ecc48f759ae2
 2022-10-07 03:47:31 -07:00
Neelu Maheshwari
55cdf6b9cd sepolicy: lahaina: Fix avc denials for wakeup nodes 
Label wakeup sysfs nodes listed by SuspendSepolicyTests.sh

Change-Id: Icb9f1d78b1c205669f519da4b0625e8f049ee581
 2022-09-27 12:25:09 +05:30
Meng Wang
8021045140 [FR76275]add sepolicy change for nordic hal service 
To support FR76275(VR Controller integration),this change
adds sepolicy change for nordic hal service.

Change-Id: I1ece56c05c6580492c8dde90198cdb73a41d3209
 2022-09-13 19:37:41 -07:00
Linux Build Service Account
e9af1ff214 Merge 959f7c754f on remote branch 
Change-Id: I2571199d04cda092d72d6adb8c625c5d5a6a1e31
 2022-09-06 15:04:47 -07:00
Linux Build Service Account
210083c5af Merge 4c1ccf729f on remote branch 
Change-Id: I1ef0b46fcf284de4b6f1d0fd58021cf8f63e9716
 2022-08-13 02:51:19 -07:00
Mathew Joseph Karimpanal
959f7c754f sepolicy_vndr: Add lineptr_value drm sysfs node 
Add lineptr_value sysfs_graphics label for DRM driver nodes (similar
to legacy FB driver).

CRs-Fixed: 3169787
Change-Id: I03c2ff2be66ddfc7a8f7a91fb83f8bcc498966a0
 2022-08-03 05:05:07 -07:00
Namit Solanki
4c1ccf729f sepolicy : add rules for uio in composer HAL. 
Change-Id: Ie75c58a325fcf28ad68e866704e640fba0c6eb62
 2022-07-21 16:38:40 +05:30
Linux Build Service Account
e661b3ad53 Merge d3a7c0f4c4 on remote branch 
Change-Id: I9f26fd5fbd4e845318421f3f4baa87c20d4ef854
 2022-07-15 01:51:20 -07:00
Manaf Meethalavalappu Pallikunhi
eb05fd5e26 sepolicy: Remove thermal-engine access to audio device node 
Remove thermal-engine access to audio device node as it doesn't
require any audio device resources access.

Change-Id: I65826695c48ef139fe6678b78bd6a98c7757bef4
 2022-07-09 01:46:27 -07:00
Ashutosh Kaushik
d3a7c0f4c4 Adding SEpolicies for qwesd for sync to access net. 
SEpolicies for qwesd are added
 Changes are made to QCM6490.LA.2.0.0.1 specific.

Change-Id: I10e9143c4b8708dd90175e58b9cb5da0bd2a0448
 2022-06-15 22:45:47 +05:30
Linux Build Service Account
dfe04a39e1 Merge 7a903a6966 on remote branch 
Change-Id: I6850b2f884dfcdc4013b3d662dcb424f8cc800bb
 2022-06-10 08:32:50 -07:00
Divya Sharma
94e6c5662a Fix compilation error 
Change-Id: If55d926e37aba58040fd53315963081e8a31ce7d
 2022-05-30 23:42:49 -07:00
Linux Build Service Account
35049b802c Merge 9194920bde on remote branch 
Change-Id: I7bad7f0fae85c11fe113de6be832bb9ae2e3f384
 2022-05-09 06:52:30 -07:00
Vala Zadeh
7a903a6966 Add SELinux policy for CNE data factory hal 
Change-Id: Ifac00b095e83779bc912674b0af36f2104705c11
CRs-Fixed: 3161513
 2022-04-28 13:25:23 -07:00
Mohammed Mirza Mandayappurath Manzoor
36b25d0b71 sepolicy_vndr: Update context for /sys/class/kgsl/kgsl-3d0/perfcounter 
Shell permissions set in genfs_contexts for SELinux context applicable
for /sys/class/kgsl/kgsl-3d0/perfcounter is overridden if not set in
file_contexts.

Change-Id: I3eb818226abf497e1106af68ece9356bee0a3702
 2022-04-22 11:25:49 +05:30
Phani Deepak Parasuramuni
9194920bde Changes to allow read battery stats and use qtr_sdk 
Change-Id: I974837039d542e42a7b81cc1c664e482ef8c22d6
 2022-04-21 15:28:57 +05:30
qctecmdr
b6d10756e5 Merge "sepolicy_vndr: port qcc-tr.lnx.13.0 policies" 2022-04-13 00:08:44 -07:00