Chirayu Desai
27f32c3efa
Add .gitupstream file
...
Change-Id: Ie5d363f09930283038d2fbc2145f210ec5778c1d
2023-10-24 22:00:21 +03:00
Linux Build Service Account
83fc766475
Merge 7b0bb88e72
on remote branch
...
Change-Id: I75910a9f3f62dddbd922e793b4eba258d5a394a9
2023-10-09 02:31:29 -07:00
Linux Build Service Account
c4c9a1cb12
Merge c390055c51
on remote branch
...
Change-Id: I4544e72ece6079370098e226cf5a48678812ac64
2023-09-22 03:35:52 -07:00
Zhen Wang
7b0bb88e72
anorak: add camera prop permission
...
Change-Id: I46b340c2422834c55bbb40931f4716eb5241b6ba
2023-09-20 13:21:11 +08:00
qctecmdr
c390055c51
Merge "sepoliy_vndr: Added ipd seplolices"
2023-09-14 09:54:55 -07:00
Karthik Dillibabu
7776d82acc
sepolicy_vendor: Add sysfs permission for camera
...
Added sepolicy read permission to camera for sysfs.
CRs-Fixed: 3612533
Change-Id: I2919f37a3e2a262a1dfd8769272446a01fb5f635
2023-09-14 11:11:40 +05:30
Linux Build Service Account
2de7fafb19
Merge 04b58dc3c3
on remote branch
...
Change-Id: Ie8740d4387881193728261bab6412d0266319243
2023-09-09 00:51:02 -07:00
Sampath Kumar Sudi
aee246e040
sepoliy_vndr: Added ipd seplolices
...
Added policies to read ipd driver from /mnt/vendor/ipd/calib/ files
Change-Id: I49519dc734bb6fa174724488fdec627ab839f3c1
2023-09-08 11:17:51 -07:00
Nilesh Gharde
aa9a627039
sepolicy rules to allow Gnss Hal to access ssgtz
...
Change-Id: I1332f2cf15e2567597c48a1cdc1c3380773221f5
CRs-fixed: 3593483
2023-09-06 01:34:45 -07:00
qctecmdr
04b58dc3c3
Merge "sepolicy: Configure software gatekeeper service"
2023-08-29 03:45:06 -07:00
Linux Build Service Account
942cf03dd0
Merge 03739d6270
on remote branch
...
Change-Id: I2db883edd97d93df5b9756ee10c747b11442f5dd
2023-08-16 12:51:21 -07:00
Vikas Kumar Sharma
2fce41ef35
sepolicy_vndr: Add SELinux policy for accessing DMABUFHEAPS
...
Add SELinux permission for accessing vendor_dmabuf_qseecom_ta_heap_device.
Change-Id: I0cef27ce9386b9e8be321a529fd01d9fd52589fb
2023-08-16 18:56:40 +05:30
Author Name
5cbacc1ac0
sepolicy: Configure software gatekeeper service
...
Add software gatekeeper to default gatekeeper's domain.
Change-Id: Icd049d22f45e217461d734117ab30e5a58e0f931
2023-08-01 13:22:33 +05:30
Revanth Rajashekar
85b9417769
sepolicy_vndr: Add rules to allow hal audio to access devpts
...
Allow read/write access to devpts for hal_audio only for
userdebug_or_eng
Change-Id: Ifa10a8541b9e2ced782d5a36413f16bd4da07e89
2023-07-27 22:25:41 -07:00
qctecmdr
03739d6270
Merge "sepolicy_vndr: Add sepolicy for libOpenCL_adreno"
2023-07-26 01:09:51 -07:00
Manoj Basapathi
48e92c1ded
sepolicy : Add sysfs_net related path entries
...
VTS test fails when secontext entry for the driver path
is not present in genfs_context.
Update the secontexts for sysfs_net for GVM target
missing entry is-
/devices/platform/soc/1c00000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/net/
Change-Id: I326d16b8afb2faa75e2680d415d94d037ac02d66
2023-07-21 12:25:17 +05:30
Padmanabham Bodda
c47211431f
sepolicy_vndr: Add sepolicy for libOpenCL_adreno
...
Add sepolicy to fix avc denial
CRs-Fixed: 3565678
Change-Id: If96a27728c09bcbd4d4d81a5dca60ce8ed864826
2023-07-20 18:06:58 +05:30
Linux Build Service Account
1a80d508b0
Merge 2e5cd5d8a9
on remote branch
...
Change-Id: I355a71fe02ac0cbe59085741cbb93af41d5c5cf4
2023-07-13 01:42:23 -07:00
Karthik Dillibabu
61bc43239f
sepolicy_vendor: Add sysfs permission for camera
...
Added sepolicy read permission to camera for sysfs.
CRs-Fixed: 3482752
Change-Id: Ia54aadc1bf1284423eaf7bd72de609e25cc9e5d2
2023-07-10 12:13:01 +05:30
Zhen Wang
2c7cf83eb6
Sepolicy_vndr: label /mnt/vendor/calib dir
...
The /mnt/vendor/calib is a new added partition
of qvr and sensors calibration file and sensor
file, here gives access permission.
Change-Id: I3d534a875bc383d878613ea46dbc45e1ab3d6d2a
2023-07-06 15:40:47 +08:00
qctecmdr
2e5cd5d8a9
Merge "sepolicy : Allow kernel to create perf_events after hotplug"
2023-06-28 05:38:06 -07:00
Guifu Li
8cd413ed18
Add sepolciy for QFPS feature to read the system tats from procfs
...
1. read file node: /proc/sys/walt/input_boost/input_boost_freq
[ 8282.383405] type=1400 audit(1684701607.559:346): avc: denied { read } for
comm="pmCoreThread" name="input_boost_freq" dev="proc" ino=59521
scontext=u:r:vendor_hal_poweroptservice_qti:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0
2. read file node: /proc/stat
[ 8418.275848] type=1400 audit(1684701743.455:407): avc: denied { read } for
comm=504F5349582074696D65722031 name="stat" dev="proc" ino=4026532014
scontext=u:r:vendor_hal_poweroptservice_qti:s0 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
Change-Id: I2b05573d7e177ce1119caec28bab77b08c120f1c
Signed-off-by: Li Guifu <quic_guifli@quicinc.com>
2023-06-28 00:33:17 -07:00
Shivnandan Kumar
19ad419639
sepolicy : Allow kernel to create perf_events after hotplug
...
Callback in memlat(pmu_lib) in the context of hotplug thread
is unable to create perf event after cpu powers back up due
to selinux denials in user build. Add sepolicy to fix it.
perf_event need to be accessed from both DCVS and kernel domains.
Change-Id: I10decd83172029df5bed8671d51124878b98eede
2023-06-27 10:57:53 +05:30
qctecmdr
2c5b1f975d
Merge "sepolicy : Add sysfs_net related path entries"
2023-06-23 05:37:36 -07:00
qctecmdr
30371011d2
Merge "sepolicy_vndr: Allow system_server read vendor_persist_camera_prop"
2023-06-23 01:25:39 -07:00
Manoj Basapathi
4af58dbe73
sepolicy : Add sysfs_net related path entries
...
VTS test fails when secontext entry for the driver path
is not present in genfs_context.
Update the secontexts for sysfs_net for GVM target
Change-Id: I0bd377ebcfcdbc13b8b5b6d0385b5a9ea719b269
2023-06-23 12:01:17 +05:30
qctecmdr
7cb47f6008
Merge "Sepolicy_vndr: add widevine to access qseecom_ta heap"
2023-06-21 10:54:46 -07:00
Sheik Anwar Shabic Y
3305634abb
Sepolicy_vndr: add widevine to access qseecom_ta heap
...
Add widevine client to access qseecom_ta heap.
Change-Id: If99d73432c55f9feda823d97818ea422eae864b9
2023-06-17 08:06:05 -07:00
Uttkarsh Aggarwal
ad1ddc4a5d
sepoliy_vndr: Handle write permission on configfs
...
In current implementation for NCM enablement we do
cd /config/usb_gadget/g1/functions/ncm.0
echo WINNCM > os_desc/interface.ncm/compatible_id
Here we simply trying to write inside configfs which cause
AVC denial.
AVC denial:
type=1400 audit(0.0:12): avc: denied { write } for comm="init.qcom.usb.s"
name="interface.ncm" dev="configfs" ino=34930 scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=dir permissive=0.
type=1400 audit(0.0:12): avc: denied { create } for comm="init.qcom.usb.s"
name="compatible_id" scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=file permissive=0.
type=1400 audit(0.0:12): avc: denied { create } for comm="init.qcom.usb.s"
name="compatible_id" scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=file permissive=0.
In this patch we are giving permission to write in configfs in target
specific files.
Change-Id: I7d3843c46cfae8ac34d6d59e510274cbb5509697
Signed-off-by: Uttkarsh Aggarwal <quic_uaggarwa@quicinc.com>
2023-06-16 14:38:42 +05:30
Sanjay Singh
73b6f228c9
sepolicy_vndr: Allow system_server read vendor_persist_camera_prop
...
Allowing system_server read vendor_persist_camera_prop
Change-Id: I746d649dd437bb21e65472b97b2cb4141499cb24
2023-06-15 20:09:26 +05:30
Linux Build Service Account
9c6c6085e4
Merge c184af7d5b
on remote branch
...
Change-Id: I73d4502339ac9f3f485b2d461487b5111ab96928
2023-06-14 04:10:32 -07:00
Sheik Anwar Shabic Y
174238fe51
Sepolicy_vndr: add widevine to access qseecom_ta heap
...
Add widevine client to access qseecom_ta heap.
Change-Id: If99d73432c55f9feda823d97818ea422eae864b9
2023-06-12 10:47:47 +05:30
qctecmdr
539bcd22ca
Merge "sepolicy: parrot: Fix avc denials for wakeup nodes"
2023-05-30 02:32:03 -07:00
Linux Build Service Account
19f02203c4
Merge 8afaf747e6
on remote branch
...
Change-Id: I45fa13d73e319fbdb559c4f67b597f696a52bd07
2023-05-29 23:40:12 -07:00
qctecmdr
e3068827c0
Merge "sepolicy_vndr: Allow mediaswcodec to access gpu_device"
2023-05-29 23:16:19 -07:00
Ajit Vaishya
8f3bf939fe
sepolicy: parrot: Fix avc denials for wakeup nodes
...
Label wakeup Wlan sysfs nodes listed by
SuspendSepolicyTests.sh
Change-Id: I3a62350079365902d2cf345d5c3ff4676c42a45b
CRs-Fixed: 3451976
2023-05-29 07:39:16 -07:00
qctecmdr
c184af7d5b
Merge "Allow wcnss service to access hal perf service"
2023-05-29 00:35:54 -07:00
Sachu George
cfa7ccb9a4
sepolicy_vndr: Allow mediaswcodec to access gpu_device
...
Allow mediaswcodec to access gpu_device.
SELinux : avc: denied { read write } for name="kgsl-3d0"
dev="tmpfs" ino=1030 scontext=u:r:mediaswcodec:s0
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0
Change-Id: I53db6aab6f06be10ae7c34ff0b2a1b8090c1ae23
2023-05-26 14:42:48 +05:30
Linux Build Service Account
0a9f423a9a
Merge 5d822535a9
on remote branch
...
Change-Id: I10164bd2d7b8766bf705536b09c2896af989a9a7
2023-05-14 07:14:09 -07:00
Ajit Vaishya
8f55af7809
Allow wcnss service to access hal perf service
...
Add sepolicy rule for vendor wcnss service to access
vendor hal perf service.
Change-Id: Ib6250b3ef7e77918bf348c344e628fd60ce274c3
CRs-Fixed: 3294921
2023-05-08 07:06:17 -07:00
Vamsi Krishna Gattupalli
8afaf747e6
sepolicy: Fix avc denials for wakeup nodes
...
Label wakeup sysfs nodes listed by SuspendSepolicyTests.sh
Change-Id: I4b543c1c628613990bad565330899a0147510924
Signed-off-by: Ansa Ahmed <ansaahme@qti.qualcomm.com>
2023-05-03 04:40:44 -07:00
qctecmdr
5d822535a9
Merge "anorak: update sepolicy for KineticsXR controllers"
2023-04-25 23:44:36 -07:00
Linux Build Service Account
9ae335d4ad
Merge b30000e27c
on remote branch
...
Change-Id: I46a9521aad85eb1be3742fa267b5f8ff08cd20b5
2023-04-20 04:42:45 -07:00
Zhen Wang
b2cf6bd4f9
Sepolicy_vndr: add qvr to access camera
...
Allow qvrservice to access camera data(/data/vendor/camera).
Change-Id: Iaa961113e45c2504bf1669196feb495e032d97db
2023-04-11 11:05:41 +08:00
Linux Build Service Account
8cfe135a68
Merge 7767f4672d
on remote branch
...
Change-Id: I52ff5600d1742fbd89573a99cabb62d8d51d51f8
2023-04-06 05:08:24 -07:00
Meng Wang
d3a6f45a28
anorak: update sepolicy for KineticsXR controllers
...
Update sepolicy for KineticsXR controllers.
Change-Id: I72091dec47eacce451a8002b5dbbaa4a5c4ca015
2023-04-06 09:23:16 +08:00
Vamana Murthi
b30000e27c
Allow vendor_location_xtwifi_client to access ssgtzd socket
...
Change-Id: I473ae330cfa265a324c136b068fe94e62d38c845
CRs-Fixed: 3362880
2023-04-03 20:52:19 +05:30
Linux Build Service Account
e4fe8a69e1
Merge 31cb5eaa26
on remote branch
...
Change-Id: Ib4fa56d97ac969a3211a7ff2d94fcc1eec5338ea
2023-03-23 07:42:40 -07:00
qctecmdr
7767f4672d
Merge "Add rules for qms daemon"
2023-03-23 03:28:42 -07:00
Tengfei Fan
37d04f59a7
sepolicy: add root path for remoteproc-wpss wakeup node
...
Add root path for remoteproc-wpss wakeup node.
Change-Id: Ie6931140e7690d32c52e3e17bad7e3f11ac0c1a9
2023-03-22 17:24:47 +08:00