tequilaOS/platform_device_qcom_sepolicy_vndr-legacy-um
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4327 commits 1 branch 0 tags 5.5 MiB
Commit graph

4327 commits

This branch
This branch
All branches
Author SHA1 Message Date
Qimeng Pan
656f465824
sepolicy_vndr: Add power off alarm AIDL policy 
Add power off alarm AIDL policy

Change-Id: I638ce2821396a620de3474d73f5ba65b42629b85
 2024-08-16 04:50:53 +03:00
Hridaya Prajapati
be385a7512
sepolicy_vndr: lito: Label missing venus SSR node 
Found in lagoon.

Change-Id: I2bda8f9e4e819dac97c14637481e8284dc9cc655
 2024-08-16 04:50:04 +03:00
Michael Bestas
23e11dee29 lito: Allow init write to discard_max_bytes 
system/core/rootdir/init.rc
1110:    write /dev/sys/block/by-name/userdata/queue/discard_max_bytes 134217728
1111:    write /dev/sys/block/by-name/rootdisk/queue/discard_max_bytes 134217728

Fixes: avc: denied { write } for comm="init" name="discard_max_bytes"
    dev="sysfs" ino=59119 scontext=u:r:init:s0
    tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
Change-Id: I16fcaa7bd52d6933d37edd1b04f3ba5b0a9e9b77
 2024-08-14 10:58:01 +00:00
Vivekachooz
6524bf5b4f sepolicy: holi: Fix avc denials for wakeup nodes 
Change-Id: I5ebded87ac88a19acbbf0f6864891cc5bdb74ce2
 2024-07-15 19:39:04 +00:00
Michael Bestas
24344853f2 generic: lito: Add some misc wakeup nodes for lito 
Change-Id: Idaede37c395f64c1b31989b210f4283bfcc2009f
 2024-07-15 19:39:04 +00:00
Michael Bestas
54b0d45e53 sepolicy: Commonize some wakeup nodes 
Change-Id: If62b9db9535355111689cb0c64b093f93d36bc35
 2024-07-15 19:39:04 +00:00
Edwin Moquete
65f59ff9fd sdm845: Label subsystem restart_level sysfs 
Change-Id: Icbe1b38b16ca81fd0c5b1e035b27c859fa7e6e80
 2024-07-04 18:11:10 +00:00
P.Adarsh Reddy
c9fd78ffc3 sdm845: Assign subsys nodes file contexts in a dynamic way. 
The subsystem name to subsys number mapping is not constant
and can change based on the order of probing OR incase a new
subsystem gets added.
To handle such cases, this change assigns the contexts in a
more dynamic way using regex within file-contexts file.

Change-Id: I1dce7e95e4d9a5a0895a1e7e676d4b029eed4b67
 2024-07-04 18:06:54 +00:00
Han Sol Jin
1b9ac2f8f5 Merge tag 'LA.UM.10.3.r1-01700-sdm845.0' of https://git.codelinaro.org/clo/la/device/qcom/sepolicy_vndr into lineage-21.0-legacy-um 
"LA.UM.10.3.r1-01700-sdm845.0"

 Conflicts:
	generic/vendor/common/file_contexts
	legacy/vendor/common/file_contexts
	legacy/vendor/common/hwservice.te
	legacy/vendor/common/hwservice_contexts
	legacy/vendor/common/property.te
	legacy/vendor/common/recovery.te

Change-Id: I6cb1e6598c49928584d8a22205e69afbe803014f
 2024-07-04 09:15:22 -07:00
Sebastiano Barezzi
326c4a9590
msmnile: Label multiimgqti_[ab] 
Found on nabu, labeled on later platforms

Change-Id: Ia70eff212e0eb67b786f724a41aefff83eac7bd6
 2024-05-26 23:07:11 +02:00
Michael Bestas
90ec96782e
sepolicy: Resolve read_ahead_kb denials 
Move bengal/msmsteppe rules to common so all SoCs are covered.

Change-Id: Ied263bf4d397115524c9933d9685153f7c0c608f
 2024-05-10 00:07:09 +03:00
Nolen Johnson
d7e709c67d
legacy: vendor: Allow location to read wifi_hal_prop 
Change-Id: If40681d4c172676b4895d14f65600eb41de8978b
 2024-04-22 03:44:42 +03:00
Gaurav Singhal
2f2d9b8b18
legacy: Allow NFC HAL to access vendor data folder 
Allow NFC HAL service to access vendor data folder for
transit config use cases and fix below denial.

avc: denied { search } for name="nfc" dev="dm-6" ino=41938
scontext=u:r:hal_nfc_default:s0
tcontext=u:object_r:vendor_nfc_vendor_data_file:s0
tclass=dir permissive=1

Original-Change-Id: I609a851bb25e6459082438450f8bdc096f661738
Change-Id: I38f5062d05b360bea079dfdbdc33b0a2783eb0cf
 2024-04-22 03:44:38 +03:00
Michael Bestas
8b4e9c66b9
legacy: Resolve vendor.qti.hardware.mwqemadapter denials 
As seen on qva

Change-Id: Idbb583aa65b00927460b883c206f5f8bf8093733
 2024-04-22 03:31:57 +03:00
Michael Bestas
a1365fb8db
lahaina: dos2unix umdservice.te 
Come on qcom, how is this shipped in a public tag?

Change-Id: Ica58668b202e95a4deb1fdd92c2c90316285767a
 2024-04-01 20:57:37 +03:00
Michael Bestas
0aead9436c
Merge tag 'LA.UM.9.14.r1-24200-LAHAINA.QSSI13.0' into staging/lineage-21.0_merge-LA.UM.9.14.r1-24200-LAHAINA.QSSI13.0 
"LA.UM.9.14.r1-24200-LAHAINA.QSSI13.0"

# By Neelu Maheshwari (3) and others
# Via Gerrit - the friendly Code Review server (3) and others
* tag 'LA.UM.9.14.r1-24200-LAHAINA.QSSI13.0':
  Sepolicy_vndr : Allow vendor_init to access properties.
  Sepolicy_vndr : Allow access to LED devices sysfs
  Allow dumpstate to make binder calls with rild
  sepolicy : add permissions for extcon file
  sepolicy_vndr: lahaina: Label device wakeup nodes - Label the nodes listed by SuspendSepolicyTests.sh
  Sepolicy: Add the rules to run the UAC/UVC enforced
  sepolicy_vndr: Add rule to allow graphics_composer to find qspm hal
  Allow wcnss service to access hal perf service

Change-Id: Ie2224e17c0aa4b5a04b343f408d849de9e2e8638
 2024-03-29 12:09:51 +02:00
Michael Bestas
b718e9cd2c
sepolicy_vndr: Allow USB HAL get vendor_usb_prop 
Similar to hal_usb_qti.

Change-Id: If0f608f8f2c59a21f89ffebc118e56c559a90755
 2024-03-22 13:39:19 +01:00
Michael Bestas
a75bf82445
qva: Label qcom,battery_charger extcon 
Change-Id: I3927a94417f897c0a5b2625a28f064f39b8181a6
 2024-02-27 00:39:12 +02:00
Siddeswar Aluganti
19758ebff3
sepolicy_vndr: Update sepolicy for OTA AVC denials. 
Update sepolicy to fix AVC denials seen during OTA update.

Change-Id: Ib2980598f58f6d2b66a257c2a8dab3cf3a12e037
CRs-Fixed:: 2876895
 2024-02-26 23:57:21 +02:00
Linux Build Service Account
98cb2a4ed5 Merge 66d2ad445a on remote branch 
Change-Id: I4f4b0d0cd29a2a82425a2283e49f590b0e86590e
 2024-02-13 02:27:51 -08:00
Ivan Vecera
a54e399994 legacy: Commonize discard_max_bytes 
The discard_max_bytes rule is also valid for sdm710 so commonize it.

Change-Id: Iceb2571ed9726131a74dd60555e1b474b6412c60
 2024-02-02 12:06:39 +01:00
qctecmdr
66d2ad445a Merge "Allow wcnss service to access hal perf service" 2024-02-01 21:38:33 -08:00
Neelu Maheshwari
3d49a83e04 Sepolicy_vndr : Allow vendor_init to access properties. 
Change-Id: Ibda91a147db7bcba12bdbd9baa4f138cd562728d
 2024-01-29 18:05:17 +05:30
qctecmdr
084c2bc636 Merge "Sepolicy_vndr : Allow access to LED devices sysfs" 2024-01-25 03:17:48 -08:00
Neelu Maheshwari
f045a96931 Sepolicy_vndr : Allow access to LED devices sysfs 
Change-Id: I2c8d829de50a3a28395df068be10ad9358426f59
 2024-01-25 12:43:05 +05:30
Muhammed Siju
58cd51935f Allow dumpstate to make binder calls with rild 
This is needed for a CTS testcase:
SELinuxHostTest#testNoBugreportDenials
Denial: denied { call } for scontext=u:r:dumpstate:s0
        tcontext=u:r:rild:s0 tclass=binder permissive=0

Change-Id: I4a4f2319115575962f3259f1927f4e4009c01e7d
CRs-Fixed: 3688919
 2024-01-24 11:40:39 +05:30
Michael Bestas
ae5e5f8fd6 sdm710: Label sysfs_ssr_toggle 
Needed for ssr_setup

Change-Id: If24855f5e72d904043e69893fa5590ac26b46ff5
 2024-01-22 23:42:52 +00:00
Ivan Vecera
ec23bda8aa sdm710: Label persist block device 
Resolves:
W e2fsck  : type=1400 audit(0.0:16): avc: denied { read write } for name="sdf7" dev="tmpfs" ino=11779 scontext=u:r:fsck:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0

Change-Id: I653a088d84479a2e096e0d2bece770c1430b694f
 2024-01-22 23:15:57 +00:00
Sebastiano Barezzi
191a6ce91b sepolicy_vndr: legacy: Allow using logdump partition as metadata 
* sdm845 and sdm710 didn't have a metadata partition, but we can repurpose logdump which is a 64MB partition used to store Android logcats

Change-Id: I826571d4e31f2a3f03c1d3e6a0daab262a4ccd6b
(cherry picked from commit 8a5eeb6a2bfb3f1a7232199d32c1e3c2bbc0ef55)
 2024-01-19 13:54:53 +00:00
Kumar Anurag Singh
d5212bd34e sepolicy : add permissions for extcon file 
- Add permissions for extcon files needed for HDMI in platform
specific file..

Change-Id: I855b359dfe6115f5a40363f1f73179f055805269
 2024-01-17 23:08:12 -08:00
Alexander Winkowski
fdf18a4bde holi: Label discard_max_bytes sysfs 
Change-Id: I5d76fa0a0dc680e5128d382bed794a8c724a0a8c
 2024-01-10 14:50:47 +00:00
Linux Build Service Account
1a067a71a0 Merge 6ab871f5d0 on remote branch 
Change-Id: I4c35e3c4f26a93020c4227283cb96c03df004928
 2024-01-10 04:08:05 -08:00
Bruno Martins
4aa876fa77 Merge tag 'LA.UM.9.14.r1-23600-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/device/qcom/sepolicy_vndr into lineage-21.0-legacy-um 
"LA.UM.9.14.r1-23600-LAHAINA.QSSI14.0"

* tag 'LA.UM.9.14.r1-23600-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/device/qcom/sepolicy_vndr:
  Revert "sepolicy: update display boot service rules"
  sepolicy: update display boot service rules
  Sepolicy_vndr : Allow creating IPA FWs
  sepolicy_vndr : bengal: Fix avc denials for wakeup nodes
  Fix avc denials
  BT: Add bluetooth support to access mediametrics service
  sepolicy rules to allow Gnss Hal to access RIL Srv for kona target
  sepolicy rules to allow Gnss Hal to access RIL Srv for holi target
  sepolicy_vndr : lahaina: Fix avc denials for wakeup nodes
  sepolicy_vndr: Suppress QMCS related denial errors in ENG builds
  sepolicy_vndr : Allow vendor_qti_init_shell to set ctl_start_prop
  sepolicy_vndr:qcc: read vendor_qcc_prop
  Aidirector sepolicy changes to run in enforced mode
  sepolicy: Add uio device node
  QGuard: add permission for black screen detector
  sepolicy_vndr: Allow system_server read vendor_persist_camera_prop
  Sepolicy rules to allow Gnss Hal to access ssgtz
  QCM6490.LA.3.1: addressing Modem & ADSP  sysfs wakeup node.

Change-Id: Idc7a655385a67cead68d5802d990d8c4dd6bbc6d
 2024-01-09 12:45:10 +00:00
Michael Bestas
6f4cd84d08 bengal: Allow using legacy IMS rules 
Having both files in place causes a neverallow,
so guard it behind a flag.

Change-Id: Ic485e454b7f5d81b954ffffdd8743b3ca879cde1
 2024-01-08 19:17:27 +00:00
qctecmdr
6ab871f5d0 Merge "sepolicy_vndr: lahaina: Label device wakeup nodes - Label the nodes listed by SuspendSepolicyTests.sh" 2024-01-03 02:57:17 -08:00
Michael Bestas
e1ee878190
Reapply "Add sepolicy rules to run imsdaemon on bengal" 
This reverts commit a028e92a97.

Change-Id: Id6d7bc25a683af0712436a6657b0cd48d2d53e2f
 2024-01-02 21:39:47 +02:00
Hanumantha Reddy Naradla
f4eafccadb sepolicy_vndr: lahaina: Label device wakeup nodes 
- Label the nodes listed by SuspendSepolicyTests.sh

Change-Id: I1c438f8942a33af4c9cb2296839e31b7a687ba26
 2024-01-02 18:42:28 +05:30
yguvvala
64f5375d60 Sepolicy: Add the rules to run the UAC/UVC enforced 
- For the FRs FR65663,FR85720

Change-Id: I9ae77a24cf9019eb3cbecdfbe04caf3e59fadc97
 2023-12-28 03:36:06 -08:00
Linux Build Service Account
c29c43a01a Merge e0fbf94bb4 on remote branch 
Change-Id: I7f6f3031772d8a93c4c4e1add7cb03e13501be1c
 2023-12-11 03:54:01 -08:00
Michael Bestas
e8f23940ba msmnile: Allow init write to discard_max_bytes 
system/core/rootdir/init.rc
1110:    write /dev/sys/block/by-name/userdata/queue/discard_max_bytes 134217728
1111:    write /dev/sys/block/by-name/rootdisk/queue/discard_max_bytes 134217728

Fixes: avc: denied { write } for comm="init" name="discard_max_bytes"
    dev="sysfs" ino=68814 scontext=u:r:init:s0
    tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
Change-Id: I9cab3cff6db9e660b2805c0da956d005164327d6
 2023-12-09 12:45:15 +01:00
Neelu Maheshwari
7650c747a6 sepolicy_vndr: Add rule to allow graphics_composer to find qspm hal 
Change-Id: I7cb46f73c72170b46390321fa4144cd23f17471a
 2023-12-01 06:06:18 -08:00
Vinoth Jayaram
e0fbf94bb4 Revert "sepolicy: update display boot service rules" 
This reverts commit c81632f5ea.

Reason for revert: <VTS issue - vts_treble_sys_prop_test -t __main__.VtsTrebleSysPropTest>

Change-Id: Ic36e385f0edc8f43d5af8e6a4fcc3dea9cdf5211
 2023-11-30 15:45:59 +05:30
Linux Build Service Account
73f9fe55a3 Merge c81632f5ea on remote branch 
Change-Id: I3f87eed87bf3934cc0ade4436213395d4b334248
 2023-11-28 00:10:58 -08:00
Michael Bestas
029f955688
Revert "sepolicy: Label idle_state node" 
This reverts commit 73d630715a.

Change-Id: Ifbc3eb3be14b736480db4d446657d5cd7a4f95b7
 2023-11-28 02:30:08 +02:00
BeYkeRYkt
73d630715a sepolicy: Label idle_state node 
Change-Id: I4ab197511726e28f7005d0e808803493e406591e
 2023-11-25 23:44:46 +00:00
Vinoth Jayaram
c81632f5ea sepolicy: update display boot service rules 
Added rules related to debug.sf prop.

Change-Id: Iaa590efa3a44014baf4b734530ae9ab746adfd36
 2023-11-22 11:47:23 +05:30
Linux Build Service Account
f61dd9d5a5 Merge f89478b3cb on remote branch 
Change-Id: I71165bc28d5404477d218385794712d303a8d7dd
 2023-11-14 11:54:00 -08:00
Bruno Martins
bbe0320404 sepolicy_vndr: Label QTI health AIDL service 
Change-Id: Ic49f0d4fa46ac4749e9bad3a9d4a780c54c3880e
 2023-11-13 16:56:28 +00:00
qctecmdr
90b398af3b Merge "sepolicy_vndr : bengal: Fix avc denials for wakeup nodes" 2023-11-10 03:55:43 -08:00
qctecmdr
e37b10687e Merge "Sepolicy_vndr : Allow creating IPA FWs" 2023-11-10 03:55:43 -08:00