tequilaOS/platform_device_qcom_sepolicy_vndr-sm8450
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4549 commits 1 branch 0 tags 5.8 MiB
Commit graph

4549 commits

This branch
This branch
All branches
Author SHA1 Message Date
qctecmdr
271ee08d0a Merge "sepolicy: fix copyright issue" 2022-05-09 05:43:16 -07:00
Zhen Wang
4f67fdda9a sepolicy: fix copyright issue 
Change-Id: Ia80f4509e576d3acdf59bffab246c651a54f37d4
 2022-05-09 03:06:06 -07:00
qctecmdr
38bdb8f5eb Merge "sepolicy: Add dac_read_search dontaudit exceptions" 2022-05-09 01:04:29 -07:00
Linux Build Service Account
131cb68a6b Merge d5cbbda6b0 on remote branch 
Change-Id: I76540c5d799860837f5ca6083e4441a423db1825
 2022-05-06 13:08:59 -07:00
Naman Jain
0ae2e49467 sepolicy_vndr: Allow getprop for persist.debug.trace property 
Allow vendor init scripts to getprop persist.debug.trace property
to fix avc denial issues.

Change-Id: I739d8eb63d305b810af16dd2e31e5fead42037a7
 2022-05-06 00:43:45 -07:00
Naveen Kumar Goud Arepalli
b2f45a1087 sepolicy: Add dac_read_search dontaudit exceptions 
Add dac_read_search self capability for vendor_rfs
to avoid avc denial messages as below during bootup

AVC avc: denied { dac_read_search } for pid=2695 comm="tftp_server"
capability=2 scontext=u:r:vendor_rfs_access:s0
tcontext=u:r:vendor_rfs_access:s0 tclass=capability permissive=0

AVC avc: denied { dac_override } for pid=2695 comm="tftp_server"
capability=1 scontext=u:r:vendor_rfs_access:s0
tcontext=u:r:vendor_rfs_access:s0 tclass=capability permissive=0

Change-Id: I238c1cf4a89aaa7e07c4c6aa61df36ea8d881c56
 2022-05-05 22:18:23 -07:00
PavanKumar S.R
7429a9fe29 sepolicy: Fix avc denials for wakeup nodes 
Label wakeup sysfs nodes listed by SuspendSepolicyTests.sh

Change-Id: I06e43361959c6a1f99beece85dc7c51c0458e189
 2022-05-04 10:44:29 +05:30
Kranthi Kumar Kommalapati
03000f5344 sepolicy_vndr:Adding new graphics libraries 
Adding new graphics libraries libkernelmanager.so and libkcl.so.

Change-Id: I6b02ed933d7e0c33453965c084928daac943333b
 2022-05-02 10:29:54 -07:00
Saikumar Vutukuri
8ef88a1510 ims: Add sepolicy rules for ims service 
Change-Id: I0db29f948a5ba7d2ba04eb21cca7d038372f03a6
 2022-05-02 17:28:32 +05:30
Naman Jain
d5cbbda6b0 vendor_modprobe: add new debugfs dir search permissions 
Add dir search permissions in vendor_modprobe for new
debugfs labels debugfs_bootreceiver_tracing and debugfs_wifi_tracing.

Change-Id: I9f95cb0d623a5ebc80eb69cd135099f7b3b31085
 2022-04-27 11:27:36 +05:30
qctecmdr
1559e91d7e Merge "Sepolicy: Allow changing priority of process from PerfHal" 2022-04-26 02:38:15 -07:00
Sai Manobhiram
fe4248d565 Sepolicy: Allow changing priority of process from PerfHal 
As part of changing scheduling policy of a process given its pid,
required the permissions mentioend.

Change-Id: I00d2c49a6bbb9168cd192ce398bf26104f5ff09e
 2022-04-26 10:11:42 +05:30
qctecmdr
6c882d65bb Merge "sepolicy_vndr: Update context for /sys/class/kgsl/kgsl-3d0/perfcounter" 2022-04-20 13:26:57 -07:00
qctecmdr
e9d5e496c6 Merge "sepolicy: msmsteppe: Add vendor specific sepolicies for msmsteppe" 2022-04-19 05:14:41 -07:00
Zhenlin Lian
4508176307 sepolicy: msmsteppe: Add vendor specific sepolicies for msmsteppe 
Change-Id: I75459b4c29ccb4ce34f5f888fbaf9039fc867048
 2022-04-18 17:13:37 +05:30
qctecmdr
a683ea8594 Merge "sepolicy: add selinux label for LED devices" 2022-04-18 03:00:38 -07:00
qctecmdr
a2f4fa90c4 Merge "Enable sepolicies for anorak Change-Id: Ic2b4812ba4d8c7c8a83907fe6e12547348da9d85" 2022-04-15 03:58:27 -07:00
qctecmdr
c0f840d935 Merge "sepolicy_vndr: Correct paths for RGB nodes for parrot" 2022-04-14 15:35:05 -07:00
qctecmdr
d8ee5f04f1 Merge "sepolicy_vndr: Move qti-media file contexts to genfs" 2022-04-14 11:08:49 -07:00
Mohammed Mirza Mandayappurath Manzoor
8759fd85ec sepolicy_vndr: Update context for /sys/class/kgsl/kgsl-3d0/perfcounter 
Shell permissions set in genfs_contexts for SELinux context applicable
for /sys/class/kgsl/kgsl-3d0/perfcounter is overridden if not set in
file_contexts.

Change-Id: I3eb818226abf497e1106af68ece9356bee0a3702
 2022-04-11 11:10:07 -07:00
Priyanka Gujjula
01181e4751 sepolicy_vndr: Move qti-media file contexts to genfs 
[1] sku version file contexts are loaded by early-
init phase and sku version node is created after
file contexts are loaded. The transistion time
from early init to post-fs is around ~2.5 seconds.
avc denied messages are observed when sku_version
is accessed as vendor file contexts are slow in
reporting.
[2] Hence, move file contexts to genfs as genfs
helps to track and label the node even if the
node is created afterwards.

Change-Id: Idcdebf0dbc5a4e9e97bddc9a5f4e3151f6a97d8b
 2022-04-11 10:14:20 -07:00
sasikumar maddineni
ebd9b412c3 Enable sepolicies for anorak 
Change-Id: Ic2b4812ba4d8c7c8a83907fe6e12547348da9d85
 2022-04-06 22:36:42 -07:00
Linux Build Service Account
d5822ef488 Merge 5d954060a4 on remote branch 
Change-Id: I40da4e52e119f88463602c46135b896528f5a056
 2022-04-05 12:13:05 -07:00
Priyanka Gujjula
24bc99f79d sepolicy_vndr: Move qti-media file contexts to genfs 
[1] sku version file contexts are loaded by early-
init phase and sku version node is created after
file contexts are loaded. The transistion time
from early init to post-fs is around ~2.5 seconds.
avc denied messages are observed when sku_version
is accessed as vendor file contexts are slow in
reporting.
[2] Hence, move file contexts to genfs as genfs
helps to track and label the node even if the
node is created afterwards.

Change-Id: Idcdebf0dbc5a4e9e97bddc9a5f4e3151f6a97d8b
 2022-04-03 18:15:55 -07:00
Sridhar Kasukurthi
c2fd5acf47 sepolicy_vndr: Add policy for atfwd client 
Add policy for atfwd daemon client

Change-Id: I0251b892ffdfbd02ba16b3dc08998581b1c45015
CRs-Fixed: 3164800
 2022-03-31 21:49:28 -07:00
Jishnu Prakash
183bcd90c7 sepolicy_vndr: Correct paths for RGB nodes for parrot 
Correct paths used in sepolicy rules for RGB LED nodes on PM6150L
for parrot.

Change-Id: Ibd3965ffc854a34e099c195cb4b687a2b262c9c5
 2022-03-30 01:59:24 -07:00
Linux Build Service Account
7001bfa1d0 Merge "sepolicy: Adding mmc1 type device." into sepolicy.vndr.lnx.12.0.r2-rel 2022-03-29 12:53:13 -07:00
jiaoyuan
4ddd70c3c4 sp-hal: add new policy for libbitml_nsp_v2_skel.so 
issue:snapcam app call libbitml_nsp_v2_skel.so has permission denied
fix:libbitml_nsp_v2_skel.so need to change to sp-hal, then system domain can
call vendor domain

Change-Id: Ia890bb74420d3c397ed7024d8ca83fe7b2cbdd56
 2022-03-28 22:36:45 -07:00
shrkum
6a81a18b74 sepolicy: Adding mmc1 type device. 
Change-Id: Ia188c6cf4314acb80de790d597354d4348083f90
 2022-03-28 22:36:17 -07:00
Akshay Ashtunkar
5d954060a4 sepolicy: add sepolicy to stop display demura service 
Demura service is not required when feature is not supported
or not enabled. Stop demura service when demura not enabled.

Change-Id: I13b94daf10097a119e85a075fb511609df64d2ed
CRs-Fixed: 3160357
 2022-03-28 14:57:35 +05:30
Fenglin Wu
f47f650959 sepolicy: add selinux label for LED devices 
Add LED devices path in genfs_contexts for it to get correct selinux
label.

Change-Id: Ieda247900e453e7ee692e47a4b2aa56eaa999fdd
 2022-03-28 16:43:26 +08:00
qctecmdr
46fef10a30 Merge "sp-hal: add new policy for libbitml_nsp_v2_skel.so" 2022-03-25 18:52:55 -07:00
jiaoyuan
3f754bc42e sp-hal: add new policy for libbitml_nsp_v2_skel.so 
issue:snapcam app call libbitml_nsp_v2_skel.so has permission denied
fix:libbitml_nsp_v2_skel.so need to change to sp-hal, then system domain can
call vendor domain

Change-Id: Ia890bb74420d3c397ed7024d8ca83fe7b2cbdd56
 2022-03-25 15:48:51 -07:00
qctecmdr
238e7f92d1 Merge "Add rule to allow access qvr to use tcp/udp socket" 2022-03-25 15:17:26 -07:00
Gnaneshwar Gatla
a9577edc5a Add net_admin permission for netlink msgs in mutualex 
Change-Id: I1efe958323cf0091de83ffc6642e2e9287f9c8e3
 2022-03-24 15:10:13 -07:00
qctecmdr
6b040fd37d Merge "dontaudit for default_prop policy" 2022-03-22 05:16:29 -07:00
jiaoyuan
d4b107e46b dontaudit for default_prop policy 
Change-Id: I18d0ce1fb720220cfed590167c217fa483e49917
 2022-03-22 14:50:55 +08:00
Linux Build Service Account
874d3a0675 Merge 2fe1537c20 on remote branch 
Change-Id: I934d3f94ad0f8dc10b469780f1ec87216ecd28e0
 2022-03-21 23:40:24 -07:00
qctecmdr
431c8fc913 Merge "sepolicy_vndr : setting the secontext for spcom wakup nodes" 2022-03-21 22:56:41 -07:00
shrkum
4da82c2a38 sepolicy: Adding mmc1 type device. 
Change-Id: Ia188c6cf4314acb80de790d597354d4348083f90
 2022-03-21 15:58:48 +05:30
sasikumar maddineni
7f652a720a sepolicy_vndr : setting the secontext for spcom wakup nodes 
Change-Id: I92c47c145f587c6de7f36ca232da14e074f2a54e
 2022-03-17 00:00:04 -07:00
jiaoyuan
dc7e6e89cb Snapcam: add new policy for snapcam 
Change-Id: Iceed05e542813503a262e3c79dc12b5c9ba4f062
 2022-03-10 05:16:43 -08:00
jiaoyuan
2fe1537c20 Snapcam: add new policy for snapcam 
Change-Id: Iceed05e542813503a262e3c79dc12b5c9ba4f062
 2022-03-10 15:18:43 +08:00
Samyak Jain
f56136939e Add rule to allow access qvr to use tcp/udp socket 
Change-Id: Ib3ac662addc1f651aa210403d154be3ed1dc5b79
(cherry picked from commit b54fcb5bd0a21d20223dd4eda792b93c0826c15b)
 2022-03-09 18:04:02 +05:30
qctecmdr
c01b7afc4b Merge "sepolicy: add sys_module capability for hal_wifi_default" 2022-03-07 21:47:49 -08:00
Linux Build Service Account
2434e9e7bb Merge 9df2d4be70 on remote branch 
Change-Id: Iff3d03036e57b6d19ddb13f6a8933136b0a3cc19
 2022-03-07 00:05:43 -08:00
Hu Wang
75d1426dfe sepolicy: add sys_module capability for hal_wifi_default 
When enable AP with wlan2, wifi@1.0-service needs to create wlan2
iface if it is not exists. An avc denied message arises that warns
wifi@1.0-service lacks sys_module capability, but finally wlan2
iface is still created.

Fix the avc denied message by adding sys_module capability for
hal_wifi_default.

CRs-Fixed: 3138698
Change-Id: I24fe42a77c135b9a11710c530904eec34e2b5daf
 2022-03-04 15:04:53 +08:00
Rohit Soneta
24ced1be5a sepolicy: Add rule for TUI HAL to access allocator HAL 
Change-Id: I5b8e24bb63f3b0d458772991928111b8abf289ad
 2022-03-03 22:52:42 -08:00
Jishnu Prakash
e35c14c91f sepolicy_vndr: Add sepolicy rules to access RGB nodes 
Add sepolicy rules for RGB LED nodes on PM6150L to ensure correct
permissions for sysfs_leds.

Change-Id: I8d28a4466380c9b55defc0cabbdb9d26d9838e1d
 2022-03-03 03:22:14 -08:00
qctecmdr
9df2d4be70 Merge "sepolicy: Update rule for dplh nodes" 2022-03-01 04:34:00 -08:00