Commit graph

4545 commits

Author SHA1 Message Date
Chirayu Desai
27f32c3efa
Add .gitupstream file
Change-Id: Ie5d363f09930283038d2fbc2145f210ec5778c1d
2023-10-24 22:00:21 +03:00
Linux Build Service Account
83fc766475 Merge 7b0bb88e72 on remote branch
Change-Id: I75910a9f3f62dddbd922e793b4eba258d5a394a9
2023-10-09 02:31:29 -07:00
Linux Build Service Account
c4c9a1cb12 Merge c390055c51 on remote branch
Change-Id: I4544e72ece6079370098e226cf5a48678812ac64
2023-09-22 03:35:52 -07:00
Zhen Wang
7b0bb88e72 anorak: add camera prop permission
Change-Id: I46b340c2422834c55bbb40931f4716eb5241b6ba
2023-09-20 13:21:11 +08:00
qctecmdr
c390055c51 Merge "sepoliy_vndr: Added ipd seplolices" 2023-09-14 09:54:55 -07:00
Karthik Dillibabu
7776d82acc sepolicy_vendor: Add sysfs permission for camera
Added sepolicy read permission to camera for sysfs.

CRs-Fixed: 3612533
Change-Id: I2919f37a3e2a262a1dfd8769272446a01fb5f635
2023-09-14 11:11:40 +05:30
Linux Build Service Account
2de7fafb19 Merge 04b58dc3c3 on remote branch
Change-Id: Ie8740d4387881193728261bab6412d0266319243
2023-09-09 00:51:02 -07:00
Sampath Kumar Sudi
aee246e040 sepoliy_vndr: Added ipd seplolices
Added policies to read ipd driver from /mnt/vendor/ipd/calib/ files


Change-Id: I49519dc734bb6fa174724488fdec627ab839f3c1
2023-09-08 11:17:51 -07:00
Nilesh Gharde
aa9a627039 sepolicy rules to allow Gnss Hal to access ssgtz
Change-Id: I1332f2cf15e2567597c48a1cdc1c3380773221f5
CRs-fixed: 3593483
2023-09-06 01:34:45 -07:00
qctecmdr
04b58dc3c3 Merge "sepolicy: Configure software gatekeeper service" 2023-08-29 03:45:06 -07:00
Linux Build Service Account
942cf03dd0 Merge 03739d6270 on remote branch
Change-Id: I2db883edd97d93df5b9756ee10c747b11442f5dd
2023-08-16 12:51:21 -07:00
Vikas Kumar Sharma
2fce41ef35 sepolicy_vndr: Add SELinux policy for accessing DMABUFHEAPS
Add SELinux permission for accessing vendor_dmabuf_qseecom_ta_heap_device.

Change-Id: I0cef27ce9386b9e8be321a529fd01d9fd52589fb
2023-08-16 18:56:40 +05:30
Author Name
5cbacc1ac0 sepolicy: Configure software gatekeeper service
Add software gatekeeper to default gatekeeper's domain.

Change-Id: Icd049d22f45e217461d734117ab30e5a58e0f931
2023-08-01 13:22:33 +05:30
Revanth Rajashekar
85b9417769 sepolicy_vndr: Add rules to allow hal audio to access devpts
Allow read/write access to devpts for hal_audio only for
userdebug_or_eng

Change-Id: Ifa10a8541b9e2ced782d5a36413f16bd4da07e89
2023-07-27 22:25:41 -07:00
qctecmdr
03739d6270 Merge "sepolicy_vndr: Add sepolicy for libOpenCL_adreno" 2023-07-26 01:09:51 -07:00
Manoj Basapathi
48e92c1ded sepolicy : Add sysfs_net related path entries
VTS test fails when secontext entry for the driver path
is not present in genfs_context.
Update the secontexts for sysfs_net for GVM target
missing entry is-
/devices/platform/soc/1c00000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/net/

Change-Id: I326d16b8afb2faa75e2680d415d94d037ac02d66
2023-07-21 12:25:17 +05:30
Padmanabham Bodda
c47211431f sepolicy_vndr: Add sepolicy for libOpenCL_adreno
Add sepolicy to fix avc denial

CRs-Fixed: 3565678
Change-Id: If96a27728c09bcbd4d4d81a5dca60ce8ed864826
2023-07-20 18:06:58 +05:30
Linux Build Service Account
1a80d508b0 Merge 2e5cd5d8a9 on remote branch
Change-Id: I355a71fe02ac0cbe59085741cbb93af41d5c5cf4
2023-07-13 01:42:23 -07:00
Karthik Dillibabu
61bc43239f sepolicy_vendor: Add sysfs permission for camera
Added sepolicy read permission to camera for sysfs.

CRs-Fixed: 3482752
Change-Id: Ia54aadc1bf1284423eaf7bd72de609e25cc9e5d2
2023-07-10 12:13:01 +05:30
Zhen Wang
2c7cf83eb6 Sepolicy_vndr: label /mnt/vendor/calib dir
The /mnt/vendor/calib is a new added partition
of qvr and sensors calibration file and sensor
file, here gives access permission.

Change-Id: I3d534a875bc383d878613ea46dbc45e1ab3d6d2a
2023-07-06 15:40:47 +08:00
qctecmdr
2e5cd5d8a9 Merge "sepolicy : Allow kernel to create perf_events after hotplug" 2023-06-28 05:38:06 -07:00
Guifu Li
8cd413ed18 Add sepolciy for QFPS feature to read the system tats from procfs
1. read file node: /proc/sys/walt/input_boost/input_boost_freq
[ 8282.383405] type=1400 audit(1684701607.559:346): avc: denied { read } for
comm="pmCoreThread" name="input_boost_freq" dev="proc" ino=59521
scontext=u:r:vendor_hal_poweroptservice_qti:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

2. read file node: /proc/stat
[ 8418.275848] type=1400 audit(1684701743.455:407): avc: denied { read } for
comm=504F5349582074696D65722031 name="stat" dev="proc" ino=4026532014
scontext=u:r:vendor_hal_poweroptservice_qti:s0 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0

Change-Id: I2b05573d7e177ce1119caec28bab77b08c120f1c
Signed-off-by: Li Guifu <quic_guifli@quicinc.com>
2023-06-28 00:33:17 -07:00
Shivnandan Kumar
19ad419639 sepolicy : Allow kernel to create perf_events after hotplug
Callback in memlat(pmu_lib) in the context of hotplug thread
is unable to create perf event after cpu powers back up due
to selinux denials in user build. Add sepolicy to fix it.
perf_event need to be accessed from both DCVS and kernel domains.

Change-Id: I10decd83172029df5bed8671d51124878b98eede
2023-06-27 10:57:53 +05:30
qctecmdr
2c5b1f975d Merge "sepolicy : Add sysfs_net related path entries" 2023-06-23 05:37:36 -07:00
qctecmdr
30371011d2 Merge "sepolicy_vndr: Allow system_server read vendor_persist_camera_prop" 2023-06-23 01:25:39 -07:00
Manoj Basapathi
4af58dbe73 sepolicy : Add sysfs_net related path entries
VTS test fails when secontext entry for the driver path
is not present in genfs_context.
Update the secontexts for sysfs_net for GVM target

Change-Id: I0bd377ebcfcdbc13b8b5b6d0385b5a9ea719b269
2023-06-23 12:01:17 +05:30
qctecmdr
7cb47f6008 Merge "Sepolicy_vndr: add widevine to access qseecom_ta heap" 2023-06-21 10:54:46 -07:00
Sheik Anwar Shabic Y
3305634abb Sepolicy_vndr: add widevine to access qseecom_ta heap
Add widevine client to access qseecom_ta heap.

Change-Id: If99d73432c55f9feda823d97818ea422eae864b9
2023-06-17 08:06:05 -07:00
Uttkarsh Aggarwal
ad1ddc4a5d sepoliy_vndr: Handle write permission on configfs
In current implementation for NCM enablement we do
cd /config/usb_gadget/g1/functions/ncm.0
echo WINNCM > os_desc/interface.ncm/compatible_id
Here we simply trying to write inside configfs which cause
AVC denial.
AVC denial:
type=1400 audit(0.0:12): avc: denied { write } for comm="init.qcom.usb.s"
name="interface.ncm" dev="configfs" ino=34930 scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=dir permissive=0.
type=1400 audit(0.0:12): avc: denied { create } for comm="init.qcom.usb.s"
name="compatible_id" scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=file permissive=0.
type=1400 audit(0.0:12): avc: denied { create } for comm="init.qcom.usb.s"
name="compatible_id" scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=file permissive=0.

In this patch we are giving permission to write in configfs in target
specific files.

Change-Id: I7d3843c46cfae8ac34d6d59e510274cbb5509697
Signed-off-by: Uttkarsh Aggarwal <quic_uaggarwa@quicinc.com>
2023-06-16 14:38:42 +05:30
Sanjay Singh
73b6f228c9 sepolicy_vndr: Allow system_server read vendor_persist_camera_prop
Allowing system_server read vendor_persist_camera_prop

Change-Id: I746d649dd437bb21e65472b97b2cb4141499cb24
2023-06-15 20:09:26 +05:30
Linux Build Service Account
9c6c6085e4 Merge c184af7d5b on remote branch
Change-Id: I73d4502339ac9f3f485b2d461487b5111ab96928
2023-06-14 04:10:32 -07:00
Sheik Anwar Shabic Y
174238fe51 Sepolicy_vndr: add widevine to access qseecom_ta heap
Add widevine client to access qseecom_ta heap.

Change-Id: If99d73432c55f9feda823d97818ea422eae864b9
2023-06-12 10:47:47 +05:30
qctecmdr
539bcd22ca Merge "sepolicy: parrot: Fix avc denials for wakeup nodes" 2023-05-30 02:32:03 -07:00
Linux Build Service Account
19f02203c4 Merge 8afaf747e6 on remote branch
Change-Id: I45fa13d73e319fbdb559c4f67b597f696a52bd07
2023-05-29 23:40:12 -07:00
qctecmdr
e3068827c0 Merge "sepolicy_vndr: Allow mediaswcodec to access gpu_device" 2023-05-29 23:16:19 -07:00
Ajit Vaishya
8f3bf939fe sepolicy: parrot: Fix avc denials for wakeup nodes
Label wakeup Wlan sysfs nodes listed by
SuspendSepolicyTests.sh

Change-Id: I3a62350079365902d2cf345d5c3ff4676c42a45b
CRs-Fixed: 3451976
2023-05-29 07:39:16 -07:00
qctecmdr
c184af7d5b Merge "Allow wcnss service to access hal perf service" 2023-05-29 00:35:54 -07:00
Sachu George
cfa7ccb9a4 sepolicy_vndr: Allow mediaswcodec to access gpu_device
Allow mediaswcodec to access gpu_device.

SELinux : avc: denied { read write } for name="kgsl-3d0"
dev="tmpfs" ino=1030 scontext=u:r:mediaswcodec:s0
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0

Change-Id: I53db6aab6f06be10ae7c34ff0b2a1b8090c1ae23
2023-05-26 14:42:48 +05:30
Linux Build Service Account
0a9f423a9a Merge 5d822535a9 on remote branch
Change-Id: I10164bd2d7b8766bf705536b09c2896af989a9a7
2023-05-14 07:14:09 -07:00
Ajit Vaishya
8f55af7809 Allow wcnss service to access hal perf service
Add sepolicy rule for vendor wcnss service to access
vendor hal perf service.

Change-Id: Ib6250b3ef7e77918bf348c344e628fd60ce274c3
CRs-Fixed: 3294921
2023-05-08 07:06:17 -07:00
Vamsi Krishna Gattupalli
8afaf747e6 sepolicy: Fix avc denials for wakeup nodes
Label wakeup sysfs nodes listed by SuspendSepolicyTests.sh

Change-Id: I4b543c1c628613990bad565330899a0147510924
Signed-off-by: Ansa Ahmed <ansaahme@qti.qualcomm.com>
2023-05-03 04:40:44 -07:00
qctecmdr
5d822535a9 Merge "anorak: update sepolicy for KineticsXR controllers" 2023-04-25 23:44:36 -07:00
Linux Build Service Account
9ae335d4ad Merge b30000e27c on remote branch
Change-Id: I46a9521aad85eb1be3742fa267b5f8ff08cd20b5
2023-04-20 04:42:45 -07:00
Zhen Wang
b2cf6bd4f9 Sepolicy_vndr: add qvr to access camera
Allow qvrservice to access camera data(/data/vendor/camera).

Change-Id: Iaa961113e45c2504bf1669196feb495e032d97db
2023-04-11 11:05:41 +08:00
Linux Build Service Account
8cfe135a68 Merge 7767f4672d on remote branch
Change-Id: I52ff5600d1742fbd89573a99cabb62d8d51d51f8
2023-04-06 05:08:24 -07:00
Meng Wang
d3a6f45a28 anorak: update sepolicy for KineticsXR controllers
Update sepolicy for KineticsXR controllers.

Change-Id: I72091dec47eacce451a8002b5dbbaa4a5c4ca015
2023-04-06 09:23:16 +08:00
Vamana Murthi
b30000e27c Allow vendor_location_xtwifi_client to access ssgtzd socket
Change-Id: I473ae330cfa265a324c136b068fe94e62d38c845
CRs-Fixed: 3362880
2023-04-03 20:52:19 +05:30
Linux Build Service Account
e4fe8a69e1 Merge 31cb5eaa26 on remote branch
Change-Id: Ib4fa56d97ac969a3211a7ff2d94fcc1eec5338ea
2023-03-23 07:42:40 -07:00
qctecmdr
7767f4672d Merge "Add rules for qms daemon" 2023-03-23 03:28:42 -07:00
Tengfei Fan
37d04f59a7 sepolicy: add root path for remoteproc-wpss wakeup node
Add root path for remoteproc-wpss wakeup node.

Change-Id: Ie6931140e7690d32c52e3e17bad7e3f11ac0c1a9
2023-03-22 17:24:47 +08:00