Add sepolicy rules for I2C wakeup nodes to fix avc denials
and errors from suspend sepolicy scripts.
Change-Id: Ia8e1972b5699dd5a56b4079840da8866c5ff6bf5
Add sepolicy rules for UART wakeup nodes to fix avc denials
and errors from suspend sepolicy scripts.
Change-Id: Ic0e4a09b29f6adf55e3b9b825dbca4b7472a1736
Adding permissions for for usb hal to access the
vendor_sysfs_usb_node. This is required to hal to perform error
recovery in host mode.
Change-Id: Ie7fff2ba54fd50864ab6be90e97d002be7ca10cc
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
Add sepolicy rules to access new trusted_touch_enable,
trusted_touch_type and trusted_touch_event nodes in TUI HAL
Change-Id: I0f516196e953514cf99926181528eecccc99022c
Keymaster daemon is given permissions to access spcom related files
and devices
Change-Id: Ic753bf9b93594d8e51a48e709dd938e249dcc963
Signed-off-by: sganda <quic_sganda@quicinc.com>
Add rules to qseecomd to access powerstate hal.
The changes also includes adding new property
vendor.keymaster.quickboot and add access permission
to qseecomd. Using this property keymaster service
can be restarted on Hibernate-Exit.
Test:
Confirmed from Boot-Up logs for Hibernate Entry registered.
Change-Id: I45a122b09b20dbfbd8654a4c7cc159ce06929053
Remove thermal-engine access to audio device node as it doesn't
require any audio device resources access.
Change-Id: I65826695c48ef139fe6678b78bd6a98c7757bef4
Suppose an external SSD or pendrive with a corrupted file system
is connected to the DUT on bootup, in this case file systems
checker will run for checking these corruptions, however since
the usb nodes are created dynamically on runtime the fsck_untrusted
will not have permissions for this.
Also, the fsck is necessary for the internal storage and directories,
mounts created any external SSD can be ignored,
therefore adding dontaudit rules.
Following are the avc denials:
type=1400 audit(1661408631.839:117): avc: denied { search }
for comm="fsck.exfat" name="usb2" dev="sysfs" ino=146315
scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vendor_sysfs_usb_node:s0 tclass=dir permissive=1
type=1400 audit(1661408631.839:118): avc: denied { read }
for comm="fsck.exfat" name="start" dev="sysfs" ino=146885
scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vendor_sysfs_usb_node:s0 tclass=file permissive=1
type=1400 audit(1661408631.839:119): avc: denied { open }
for comm="fsck.exfat" path="/sys/devices/platform/soc/a600000.ssusb/
a600000.dwc3/xhci-hcd.2.auto/usb2/2-1/2-1:1.0/host1/target1:0:0/
1:0:0:0/block/sdi/sdi1/start" dev="sysfs" ino=146885
scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vendor_sysfs_usb_node:s0 tclass=file permissive=1
type=1400 audit(1661408631.839:120): avc: denied { getattr } for
comm="fsck.exfat" path="/sys/devices/platform/soc/a600000.ssusb/
a600000.dwc3/xhci-hcd.2.auto/usb2/2-1/2-1:1.0/host1/target1:0:0/
1:0:0:0/block/sdi/sdi1/start" dev="sysfs" ino=146885
scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vendor_sysfs_usb_node:s0 tclass=file permissive=1
Change-Id: If67b70c7fffc197bbd107f13fa3bb21b87d73a24
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
As neo_LA is emmc type device, the node /dev/mmcblk0rpmb is required
to be labelled in file contexts for neo.
Change-Id: I162a99e0b6863be208f000531ab576b2a21601da
VTS test fails when secontext entry for the driver path
is not present in genfs_context.
Update the secontexts for sysfs_net for anorak target
Change-Id: I528411d518bf7332f41e896411fec47389665e0d
CRs-Fixed: 3322587
- Add IQtiRadioConfig to vendor_hal_telephony_service
domain in vendor partition which is needed for RIL
to connect to the service.
Change-Id: I00dfc42d78db1fb54e9186def0394ce1e7afa8b4
CRs-Fixed: 3162170
