tequilaOS/platform_device_qcom_sepolicy_vndr-legacy-um
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4195 commits 1 branch 0 tags 5.5 MiB
Commit graph

338 commits

Author SHA1 Message Date
Ramkumar Radhakrishnan
5ffc7662e8 legacy: Allow system graphics to access pmic secure_mode nodes 
Change-Id: I9fc932d76f9eceb157c0b48cf1d666cde6b55e59
CRs-Fixed: 2289554
 2023-10-24 22:24:31 +01:00
suchawla
15e89b71a3 legacy: Addition of sepolicy for cvphal 
Cvp is a new computer vision hardware
which interacts with DSP and video driver.
Adding new ion mem permission for cvp domains.

Change-Id: I6c2118b15cf5ccc6505c80969c4090e3396238e4
 2023-10-24 22:24:31 +01:00
Michael Bestas
eb09d56206 legacy: Label older Neural Network HALs 
Change-Id: Ief59f77386ff98cc8070ee9de5fb5a9e514b039e
 2023-10-24 22:24:31 +01:00
Sean Tranchetti
6116b0044a legacy: allow netmgrd to access qmipriod properties 
Allows netmgr to control starting/stopping the qmipriod daemon via
setting the relevant android properties.

Change-Id: I35d9af93ff565bddc4813eef8ad36db896d4a400
 2023-10-24 22:24:31 +01:00
Subash Abhinov Kasiviswanathan
9eec357bb6 legacy: add property to generic for loading shsusrd via netmgr 
Add property to generic sepolicy for loading shsusrd from netmgr.
Fixes the following-

[   66.051992] type=1107 audit(1549.328:591): uid=0 auid=4294967295
ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for
property=persist.vendor.data.shsusr_load pid=921 uid=1001 gid=1001
scontext=u:r:vendor_netmgrd:s0 tcontext=u:object_r:vendor_default_prop:s0
tclass=property_service permissive=0'

CRs-Fixed: 2575687
Change-Id: I32fb31a7f5e64c2095aee081fd855900be0d0701
 2023-10-24 22:24:31 +01:00
Michael Bestas
7e92e36759 legacy: Allow hal_perf_default access sysfs_kgsl_proc 
* As seen on non-legacy sepolicy

Change-Id: Ifec35f7ffb2452e930c40f9e59c95e64c7dfaff3
 2023-10-24 22:24:31 +01:00
richagar
58656bdc90 legacy: Added permission for Perf HAL to set prop 
Added permissions for Perf HAL to set property
values

CRs-Fixed: 2682965

Change-Id: I76c55c4cd46caee6896a302d2cea305c49283315
 2023-10-24 22:24:31 +01:00
JohnnLee
cb81e48a83 sdm845: label extcon files 
Bug: 199748390
Test: boot with those files labeled
09-13 17:01:44.542  1865  1865 I auditd  : type=1400 audit(0.0:5):
avc: denied { read } for comm="android.ui" name="extcon3" dev="sysfs"
ino=61612 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0
tclass=dir permissive=0
Change-Id: Iabab1243ce7259d46040901a2a734b5962d281a5

Change-Id: I96d7ab2bc6e153dea96d8366a16f7e8e5152f1c9
 2023-10-24 22:24:31 +01:00
Anmolpreet Kaur
3f946fc849 legacy: Add smcinvoke dev node as tee device 
Add smcinvoke dev node as tee device in file_contexts.
This node has been moved from qssi to vendor for GSI
check.

Change-Id: I9ff2e94f8024f6b091afaa8e04381a3d808d9a2a
 2023-10-24 22:24:31 +01:00
Michael Bestas
141d854265 legacy: Allow sensors read sensors_prop 
* As seen on non-legacy sepolicy

Change-Id: I8b18879af9e8f5c962091161d9691f3f2673bfd9
 2023-10-24 22:24:31 +01:00
Arian
06cef664dc legacy: Allow cnd to read wifi_hal_prop 
The `wifi.interface` property was labelled as `exported_default_prop` by
system/sepolicy in android 11. Since android 12 it is labelled as
`wifi_hal_prop` which causes the following denial.

W libc    : Access denied finding property "wifi.interface"
W cnd     : type=1400 audit(0.0:22): avc: denied { read } for name="u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=26257 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=0

Change-Id: I15c7ea0b0975e7be2f348b1215b4417d5ab08bf8
 2023-10-24 22:24:31 +01:00
Manoj Basapathi
f39f78b1d4 legacy: slm: initial sepolicy rules. 
SLM enable dual link wifi data transfer by
efficient utilization of available channel capacity.
SLM enables UID specifc data transfer over two links.
"persist.vendor.slm.enable" property used to enable
and disable SLM feature.

CRs-Fixed: 2607286
Change-Id: Ia562f698a3fa309eb45e98dea2a9fdc6a7623799
 2023-10-24 22:24:31 +01:00
Tharun Kumar Merugu
5c9b136190 legacy: Allow processes to access new restricted DSP device node 
Allow the known processes to offload to ADSP / SLPI using the new
device node.

Change-Id: Icaf8c4e1195b10711208bb5a331572ce78143560
 2023-10-24 22:24:31 +01:00
Georg Veichtlbauer
06449fa28f poweroffalarm_app: Remove levelFrom attribute 
levelFrom is used to determine the level (sensitivity + categories)
for MLS/MCS. If set to all, level is determined from both UID and
user ID. This is bad for poweroffalarm, as it needs to be able to
write to /persist/alarm/data which has a context without mls_level:
  u:object_r:persist_alarm_file:s0
instead of
  u:object_r:persist_alarm_file:s0:c0,c256,c512,c768

Change-Id: I9a8b706cdedc090281e4b5542eb34816b7ff338e
 2023-10-24 22:24:31 +01:00
Guixiong Wei
a1eeaa44b2 Sepolicy: Remove poweroffalarm system uid 
remove poweroffalarm system uid

Change-Id: I2e93c12b5e9b0169b77d1beecbdbbb7757b8ee1e
 2023-10-24 22:24:31 +01:00
Georg Veichtlbauer
442515ffe7 Revert "sepolicy: Remove poweroffalarm system uid and redundant rules" 
This reverts commit 2978c00a08.

Removing these rules was completely wrong because even the latest
PowerOffAlarm APK's from Android 13 images still need to write
to /persist/alarm/data file. Whatever CLO is doing hasn't been
propagated to WAIPIO.QSSI13.0 tags... so far.

Change-Id: I60e1b970025b0019b77721559d29c1e7fa1b7093
 2023-10-24 22:24:31 +01:00
Michael Bestas
3d2bff9984 Allow hal_sensors read sensors_dbg_prop 
* As seen on non-legacy sepolicy

Change-Id: I1647ff9e5eaff018545bce0d4999faffaa2d83c3
 2023-10-24 22:24:31 +01:00
LuK1337
cc34a549c3 sepolicy_vndr: legacy: Label QTI USB HAL 
Change-Id: I0fce6172ce47f4f61d9ee2cb829749b4e5643403
 2023-10-24 22:24:31 +01:00
Bruno Martins
e83ca0c1c8 sepolicy_vndr: legacy: Update vendor property types 
Change-Id: I53d3c0d1028cc5a27e04bba9209f50724d22afc0
 2023-10-24 22:24:31 +01:00
Vinoth Jayaram
3b715b5d2c sepolicy: Allow access for hal_graphics_composer_default. 
Allow bootanim prop access for hal_graphics_composer_default.

Change-Id: Ic6d5c2b12a2cc03dfc9b2348b76a7ce9e7dfc2b9
 2023-10-24 22:24:31 +01:00
Eruvaram Kumar Raja Reddy
a947ac285e sepolicy_vndr: Add drm clearkey policies 
Add selinux rules for drm clearkey services. Refine and extend drm
widevine service rules for future updates.

Change-Id: I4cada93265a8e469352a6ecba3c7b676b665c2d3
 2023-10-24 22:24:31 +01:00
Himanshu Agrawal
df92c02255 sepolicy_vndr: Fix compilation issues for newer upgrade 
Change-Id: I60686d0066a1aa099a7dffbca091c9a7e2bac7f8
 2023-10-24 22:24:31 +01:00
Michael Bestas
31691fe2c7
sepolicy: Update paths for new repository location 
Change-Id: Ibdaed7b3ff6463c682c65091ffbc82c36bfff348
 2023-10-24 20:06:54 +03:00
Jaihind Yadav
687622bcf4 sepoliy_vndr :labeling socid and granting the permission to the domains 
for legacy target.

Soc_id and family are set to be global read.

Change-Id: I2a30d75f6678f78c746b7b02d8a5abcda6248cea
 2022-02-03 01:37:18 -08:00
Qi Jin
10f3237397 sepolicy: Add permission for QtiMapperExtension version 1.3 
Change-Id: I7591ad02c90aa4ff6aeb5aeaf2ea2b1c156cc3d0
 2022-01-12 00:53:23 -08:00
Zube Molokwu
a5a552df6b sepolicy: Add permission for QtiMapperExtension version 1.2 
Change-Id: Iffbbccc05e7a33bd1dfa4783500571964e3a0b23
 2022-01-12 00:52:41 -08:00
Satish Kumar Kodishala
b695e943f4 Add permissions to access btfmslim node 
Add permissions to access btfmslim node

Change-Id: I0d796623745616ef3c559aeec1564cee31cae0e8
 2022-01-04 06:10:55 -08:00
qctecmdr
f6efb39ffb Merge "sepolicy_vndr: Remove ffs_prop form recovery.te" 2021-11-24 21:12:56 -08:00
qctecmdr
c2dbc25d4e Merge "sepolicy: Add SE-Linux rules to access NFC properties" 2021-11-16 22:00:29 -08:00
Udipto Goswami
e7c14cfe10 sepolicy_vndr: Remove ffs_prop form recovery.te 
The AOSP code already defines and gives permission
to this label. Further this is renames in latest code
to ffs_config_prop so referring the label here gives
compilation error.
Removing it since already the permissions are there.

Change-Id: I14154df9cf269e3524c80a539c97bcb77dd97fc0
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
 2021-11-16 15:45:05 +05:30
Bhuvan Varshney
aa1eb500fd sepolicy: Add SE-Linux rules to access NFC properties 
Add sepolicy rules to allow secure element HAL to
read NFC properties.

Change-Id: Icf2436b523d9854ad31ac56cb75b75b200b0bb2b
 2021-11-12 10:13:09 +05:30
Himanshu Agrawal
c61c806e02 sepolicy_vndr: Compilation fix for S upgrade 
Change-Id: Ie41b7cc0bb91d5d92480fafa9d44bcbe8b855343
 2021-11-11 06:34:38 -08:00
Benergy Meenan Ravuri
ed835a51d9 sepolicy: Fix the AVC denials for system daemon 
Fix the AVC denials for system daemon.

Change-Id: Ic9266b9f9c1ecbad348deb34612d2282c7f6de55
CRs-Fixed: 3014682
 2021-08-19 23:45:12 +05:30
qctecmdr
3411ac6de1 Merge "sepolicy_vndr: remove unused cnd rules." 2021-07-22 11:28:16 -07:00
dexili
6c5fce9df2 sepolicy: QTEECONNECTOR: Add SELinux policy for accessing /dev/vndbinder 
1, Add SELinux policy for accessing /dev/vndbinder.

Change-Id: I32864696ebc5f04b400165c64bb8cb7d0d18aa4d
 2021-07-21 07:31:08 -07:00
Pavan Kumar M
95378b99d4 sepolicy_vndr: remove unused cnd rules. 
Change-Id: I7377fc4b2997e4c57f7b9a2685c25ecde6844957
 2021-07-16 04:20:47 -07:00
Manaf Meethalavalappu Pallikunhi
7c2cb7d04a sepolicy_vndr: Add sepolicy support for vendor limits hal for legacy targets 
Add sepolicy support for vendor limits hal and limits
hal service for legacy targets.

Change-Id: Ie4ac97e2c393e29b58f9a24cf4ae6104b735c710
 2021-07-05 15:18:46 +05:30
qctecmdr
ca158e1cd3 Merge "sepolicy_sensors: allow HAL to get sensors_prop property" 2021-05-24 02:41:03 -07:00
Himanshu Agrawal
5ce5510a0e sepolicy: Add the new thermal hal sepolicy for sdm845 
Add new thermal HAL policy to support the thermal HAL 2.0
functionality.

Change-Id: I63aab8bfb071c8080a4004fae626c50901703d94
 2021-05-17 22:38:04 -07:00
Sandeep Neerudu
777a9e6407 sepolicy_sensors: allow HAL to get sensors_prop property 
Change-Id: Ia4ec3d1f4e5936f331674427eef249f39047fceb
 2021-05-12 14:19:10 +05:30
dexili
55ce92fcbc sepolicy: QTEECONNECTOR: Add SELinux policy for property 
1, Define a type vendor_qteeconnector_opti_prop for qteeconnector.
2, Allow vendor_init and init_shell to set the property.

Change-Id: I6323a7a04cb5f1d32a051bf02089be42787d1967
 2021-05-10 09:27:51 -07:00
Himanshu Agrawal
29245f45fd sepolicy: allow vendor_init to set wait for tee device 
tee device node is used to communicate with trusted environment.
Sometime wait is used in init rc files. Adding policy to provide
vendor_init required permission for legacy

Change-Id: I97101bc653a73ae4c9e1d96bc326fcddcf390ae6
 2021-05-06 13:15:13 +05:30
Vivek Arugula
2fe3fc413b sepolicy: allow sensors hal to read adsrpc properties 
Change-Id: Ib35e89e31c279b8dd3cfd4ed60978f35b9ff889c
 2021-03-31 10:09:27 +05:30
qctecmdr
2cc502a2fb Merge "sepolicy: eSE: Fix label to acess qteeconnector interface" 2021-02-01 09:03:51 -08:00
Bhuvan Varshney
f9c721dbc1 sepolicy: eSE: Fix label to acess qteeconnector interface 
Add vendor_ prefix to qteeconnector label in order to
allow secure_elemnt HAl to access qteeconnector services.

Change-Id: Icebff13e2119bfdd7a50c582dd08927bfdc39c1a
 2021-02-01 01:03:06 -08:00
Akhil Manikoth Kallankandy
a805a80f18 sensors:USTA crash while launch 
Change-Id: I60559ab4bb06edf584f743174e77bf2a2a07a6da
 2021-01-15 01:30:42 -08:00
Guixiong Wei
2978c00a08 sepolicy: Remove poweroffalarm system uid and redundant rules 
remove poweroffalarm system uid and redundant rules

Change-Id: I7a94928107cb17a5845ef1edcc6cfcc881de0e70
 2020-12-21 03:08:56 -08:00
xiaohuin
0c5dfc296b sepolicy: Add permission for hang_guard 
Allow sepolicy rules for hang_guard to
send signal to process, write into kmsg,
look through proc and write into sysrq.

Change-Id: Ia707097a5e4867377138df7948f50441f560bdd6
 2020-11-30 18:48:30 -08:00
qctecmdr
9d3755a164 Merge "sepolicy: Add sepolicy rules for sdm710" 2020-11-25 11:00:04 -08:00
qctecmdr
a4dbb8b818 Merge "sepolicy: tloc: add rule for vendor location data" 2020-11-25 11:00:04 -08:00