tequilaOS/platform_device_qcom_sepolicy_vndr-sm8450
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4303 commits 1 branch 0 tags 5.8 MiB
Commit graph

1140 commits

Author SHA1 Message Date
qctecmdr
0ac811e7ab Merge "sepolicy_vndr:Adding new graphics libraries" 2022-05-18 11:28:55 -07:00
Kaustubh Pandey
29b35e7784 sepolicy_vndr: update policies for Spearhead 
Fixed avc denial for Sprhdd that is observed
in bootup.

Change-Id: I2acbef740a29afdba1c339fc94f3ab708f82bed1
 2022-05-17 16:22:04 +05:30
qctecmdr
10b71cfdd2 Merge "Revert for sepolicy for QC signing for ssg services" 2022-05-11 11:29:26 -07:00
qctecmdr
e9d0b300ed Merge "ims: Add sepolicy rules for ims service" 2022-05-10 03:55:10 -07:00
Charles McGrath
bdeff5d3b3 Revert for sepolicy for QC signing for ssg services 
Revert "Remove custom signing cert and rules"

   This reverts commit f2ea07094a.

Revert "sepolicy_vndr: Add sepolicy for ssg system service"

   This reverts commit bcb76b2ebc.

Change-Id: I91ad0e09954becddc164c1a969b32dddd8ac8d09
 2022-05-09 17:59:46 -07:00
qctecmdr
38bdb8f5eb Merge "sepolicy: Add dac_read_search dontaudit exceptions" 2022-05-09 01:04:29 -07:00
Naman Jain
0ae2e49467 sepolicy_vndr: Allow getprop for persist.debug.trace property 
Allow vendor init scripts to getprop persist.debug.trace property
to fix avc denial issues.

Change-Id: I739d8eb63d305b810af16dd2e31e5fead42037a7
 2022-05-06 00:43:45 -07:00
Naveen Kumar Goud Arepalli
b2f45a1087 sepolicy: Add dac_read_search dontaudit exceptions 
Add dac_read_search self capability for vendor_rfs
to avoid avc denial messages as below during bootup

AVC avc: denied { dac_read_search } for pid=2695 comm="tftp_server"
capability=2 scontext=u:r:vendor_rfs_access:s0
tcontext=u:r:vendor_rfs_access:s0 tclass=capability permissive=0

AVC avc: denied { dac_override } for pid=2695 comm="tftp_server"
capability=1 scontext=u:r:vendor_rfs_access:s0
tcontext=u:r:vendor_rfs_access:s0 tclass=capability permissive=0

Change-Id: I238c1cf4a89aaa7e07c4c6aa61df36ea8d881c56
 2022-05-05 22:18:23 -07:00
PavanKumar S.R
7429a9fe29 sepolicy: Fix avc denials for wakeup nodes 
Label wakeup sysfs nodes listed by SuspendSepolicyTests.sh

Change-Id: I06e43361959c6a1f99beece85dc7c51c0458e189
 2022-05-04 10:44:29 +05:30
Kranthi Kumar Kommalapati
03000f5344 sepolicy_vndr:Adding new graphics libraries 
Adding new graphics libraries libkernelmanager.so and libkcl.so.

Change-Id: I6b02ed933d7e0c33453965c084928daac943333b
 2022-05-02 10:29:54 -07:00
Saikumar Vutukuri
8ef88a1510 ims: Add sepolicy rules for ims service 
Change-Id: I0db29f948a5ba7d2ba04eb21cca7d038372f03a6
 2022-05-02 17:28:32 +05:30
Naman Jain
d5cbbda6b0 vendor_modprobe: add new debugfs dir search permissions 
Add dir search permissions in vendor_modprobe for new
debugfs labels debugfs_bootreceiver_tracing and debugfs_wifi_tracing.

Change-Id: I9f95cb0d623a5ebc80eb69cd135099f7b3b31085
 2022-04-27 11:27:36 +05:30
qctecmdr
6c882d65bb Merge "sepolicy_vndr: Update context for /sys/class/kgsl/kgsl-3d0/perfcounter" 2022-04-20 13:26:57 -07:00
qctecmdr
e9d5e496c6 Merge "sepolicy: msmsteppe: Add vendor specific sepolicies for msmsteppe" 2022-04-19 05:14:41 -07:00
Zhenlin Lian
4508176307 sepolicy: msmsteppe: Add vendor specific sepolicies for msmsteppe 
Change-Id: I75459b4c29ccb4ce34f5f888fbaf9039fc867048
 2022-04-18 17:13:37 +05:30
qctecmdr
a683ea8594 Merge "sepolicy: add selinux label for LED devices" 2022-04-18 03:00:38 -07:00
qctecmdr
a2f4fa90c4 Merge "Enable sepolicies for anorak Change-Id: Ic2b4812ba4d8c7c8a83907fe6e12547348da9d85" 2022-04-15 03:58:27 -07:00
qctecmdr
c0f840d935 Merge "sepolicy_vndr: Correct paths for RGB nodes for parrot" 2022-04-14 15:35:05 -07:00
qctecmdr
d8ee5f04f1 Merge "sepolicy_vndr: Move qti-media file contexts to genfs" 2022-04-14 11:08:49 -07:00
Mohammed Mirza Mandayappurath Manzoor
8759fd85ec sepolicy_vndr: Update context for /sys/class/kgsl/kgsl-3d0/perfcounter 
Shell permissions set in genfs_contexts for SELinux context applicable
for /sys/class/kgsl/kgsl-3d0/perfcounter is overridden if not set in
file_contexts.

Change-Id: I3eb818226abf497e1106af68ece9356bee0a3702
 2022-04-11 11:10:07 -07:00
sasikumar maddineni
ebd9b412c3 Enable sepolicies for anorak 
Change-Id: Ic2b4812ba4d8c7c8a83907fe6e12547348da9d85
 2022-04-06 22:36:42 -07:00
Priyanka Gujjula
24bc99f79d sepolicy_vndr: Move qti-media file contexts to genfs 
[1] sku version file contexts are loaded by early-
init phase and sku version node is created after
file contexts are loaded. The transistion time
from early init to post-fs is around ~2.5 seconds.
avc denied messages are observed when sku_version
is accessed as vendor file contexts are slow in
reporting.
[2] Hence, move file contexts to genfs as genfs
helps to track and label the node even if the
node is created afterwards.

Change-Id: Idcdebf0dbc5a4e9e97bddc9a5f4e3151f6a97d8b
 2022-04-03 18:15:55 -07:00
Sridhar Kasukurthi
c2fd5acf47 sepolicy_vndr: Add policy for atfwd client 
Add policy for atfwd daemon client

Change-Id: I0251b892ffdfbd02ba16b3dc08998581b1c45015
CRs-Fixed: 3164800
 2022-03-31 21:49:28 -07:00
Jishnu Prakash
183bcd90c7 sepolicy_vndr: Correct paths for RGB nodes for parrot 
Correct paths used in sepolicy rules for RGB LED nodes on PM6150L
for parrot.

Change-Id: Ibd3965ffc854a34e099c195cb4b687a2b262c9c5
 2022-03-30 01:59:24 -07:00
Fenglin Wu
f47f650959 sepolicy: add selinux label for LED devices 
Add LED devices path in genfs_contexts for it to get correct selinux
label.

Change-Id: Ieda247900e453e7ee692e47a4b2aa56eaa999fdd
 2022-03-28 16:43:26 +08:00
jiaoyuan
3f754bc42e sp-hal: add new policy for libbitml_nsp_v2_skel.so 
issue:snapcam app call libbitml_nsp_v2_skel.so has permission denied
fix:libbitml_nsp_v2_skel.so need to change to sp-hal, then system domain can
call vendor domain

Change-Id: Ia890bb74420d3c397ed7024d8ca83fe7b2cbdd56
 2022-03-25 15:48:51 -07:00
qctecmdr
6b040fd37d Merge "dontaudit for default_prop policy" 2022-03-22 05:16:29 -07:00
jiaoyuan
d4b107e46b dontaudit for default_prop policy 
Change-Id: I18d0ce1fb720220cfed590167c217fa483e49917
 2022-03-22 14:50:55 +08:00
qctecmdr
431c8fc913 Merge "sepolicy_vndr : setting the secontext for spcom wakup nodes" 2022-03-21 22:56:41 -07:00
shrkum
4da82c2a38 sepolicy: Adding mmc1 type device. 
Change-Id: Ia188c6cf4314acb80de790d597354d4348083f90
 2022-03-21 15:58:48 +05:30
sasikumar maddineni
7f652a720a sepolicy_vndr : setting the secontext for spcom wakup nodes 
Change-Id: I92c47c145f587c6de7f36ca232da14e074f2a54e
 2022-03-17 00:00:04 -07:00
jiaoyuan
2fe1537c20 Snapcam: add new policy for snapcam 
Change-Id: Iceed05e542813503a262e3c79dc12b5c9ba4f062
 2022-03-10 15:18:43 +08:00
qctecmdr
c01b7afc4b Merge "sepolicy: add sys_module capability for hal_wifi_default" 2022-03-07 21:47:49 -08:00
Hu Wang
75d1426dfe sepolicy: add sys_module capability for hal_wifi_default 
When enable AP with wlan2, wifi@1.0-service needs to create wlan2
iface if it is not exists. An avc denied message arises that warns
wifi@1.0-service lacks sys_module capability, but finally wlan2
iface is still created.

Fix the avc denied message by adding sys_module capability for
hal_wifi_default.

CRs-Fixed: 3138698
Change-Id: I24fe42a77c135b9a11710c530904eec34e2b5daf
 2022-03-04 15:04:53 +08:00
Rohit Soneta
24ced1be5a sepolicy: Add rule for TUI HAL to access allocator HAL 
Change-Id: I5b8e24bb63f3b0d458772991928111b8abf289ad
 2022-03-03 22:52:42 -08:00
Jishnu Prakash
e35c14c91f sepolicy_vndr: Add sepolicy rules to access RGB nodes 
Add sepolicy rules for RGB LED nodes on PM6150L to ensure correct
permissions for sysfs_leds.

Change-Id: I8d28a4466380c9b55defc0cabbdb9d26d9838e1d
 2022-03-03 03:22:14 -08:00
qctecmdr
920922a571 Merge "Enable sepolicies for Neo Change-Id: I7fd754fb9b3554ef2fbc4fc0b6d7a6aaf45dc637" 2022-02-28 23:51:58 -08:00
sasikumar maddineni
69c2a84997 Enable sepolicies for Neo 
Change-Id: I7fd754fb9b3554ef2fbc4fc0b6d7a6aaf45dc637
 2022-02-22 12:41:12 +05:30
Arvind Kumar
35e9d83d49 Add rule to fix avc denial for qtidiagservices 
Fix below denial for qtidiagservice
avc: denied { search } for comm="ti.diagservices" name="data"
dev="sda12" ino=380 scontext=u:r:qtidiagservices_app:s0
tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir
permissive=0

Change-Id: I25576aa296744a4e2173e132b7e381f3a9623230
 2022-02-21 20:10:08 -08:00
Naman Jain
5ac9aa6834 sepolicy_vndr: Add sepolicy for ctl.vendor.console 
Add property for ctl.vendor.console to fix avc denial issues, and
add permission for setprop.

Change-Id: I4e71c72f605ec8908eec2493d3c0ba1187aae1a4
 2022-02-20 20:36:53 -08:00
Subash Abhinov Kasiviswanathan
87290b49ce rmnet: Update module related policies 
Move all the netmgrd policies from qva to common.
Provide rmnet module sysfs read access to shsusrd.
Add the parameters belonging to all rmnet extended modules to rmnet context.

CRs-Fixed: 3134255
Change-Id: Icfa7965d8f3f2793ec0680db58c94146707652dd
 2022-02-18 15:11:55 -07:00
qctecmdr
4efa21ca30 Merge "sepolicy_vndr: Add shell permission to /sys/class/kgsl/kgsl-3d0/perfcounter" 2022-02-16 17:10:46 -08:00
Mohammed Mirza Mandayappurath Manzoor
985bbf7e34 sepolicy_vndr: Add shell permission to /sys/class/kgsl/kgsl-3d0/perfcounter 
Allow shell users to have permission to update sysfs node
/sys/class/kgsl/kgsl-3d0/perfcounter

Change-Id: I648b7f4b25e4c8c1644be5046677f41e7b5d2f8c
 2022-02-11 16:46:25 -08:00
Subash Abhinov Kasiviswanathan
104ec4065b sepolicy_vndr: fix copyright markings 
Change-Id: I95093537c84f89e9a79acc6286d93cc18e9a0772
 2022-02-10 15:07:52 -07:00
qctecmdr
a503824f01 Merge "sepolicy: add labels to /sys/block/dev/sd*" 2022-02-09 04:25:42 -08:00
Divyanand Rangu
40f5a66461 sepolicy: add labels to /sys/block/dev/sd* 
Adding a new label to /sys/block/dev/sd*
Allow vendor_qti_init_shell to have permissions to
update read_ahead_kb nodes of
 - /sys/block/ram*
 - /sys/block/loop*
 - /sys/block/sd*
 - /sys/block/zram0

Change-Id: I123fb7608b95c33ec15b6c5ad3f1e7dd471c6853
 2022-02-08 16:13:33 +05:30
Sasi Kumar Maddineni
dd926ac309 parrot: Enable sepolicies needed for Parrot 
Change-Id: I3fe6f3990b4314ee174abed475cf739737ee14f4
 2022-02-07 22:21:16 -08:00
Abhinav Kannan
cd12194456 sepolicy_vndr: update policies for Spearhead 
* Allow Spearhead to create and manage child processes. The child
  processes of Spearhead will manage a subset of Spearhead
  functionality
* Allow creation and management of FIFO file. The FIFO file is used
  to control the operation of Spearhead (ON / OFF) via filesystem

Change-Id: Ie2c715b2a777b4754ccb5c5be1eebf858b80ef27
 2022-02-01 22:07:19 -08:00
Mukesh Ojha
ed154ce683 Add ufs rawdump device to avoid AVC denial 
Change-Id: I053530b736531d6ace08063ce23f15ce0d0ecdcc
 2022-01-31 23:32:17 -08:00
Jun-Hyung Kwon
c7bbef3acc sepolicy_vndr: add debug property for sensors 
add debug property for sensors and restrict the use of it
only with userdebug/eng build

Change-Id: I72ec219cead1b122467f6bcde69f05294503f3cb
 2022-01-31 00:32:12 -08:00