tequilaOS/platform_device_qcom_sepolicy_vndr-sm8450
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4447 commits 1 branch 0 tags 5.8 MiB
Commit graph

4447 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vikas Kumar Sharma
2fce41ef35 sepolicy_vndr: Add SELinux policy for accessing DMABUFHEAPS 
Add SELinux permission for accessing vendor_dmabuf_qseecom_ta_heap_device.

Change-Id: I0cef27ce9386b9e8be321a529fd01d9fd52589fb
 2023-08-16 18:56:40 +05:30
Revanth Rajashekar
85b9417769 sepolicy_vndr: Add rules to allow hal audio to access devpts 
Allow read/write access to devpts for hal_audio only for
userdebug_or_eng

Change-Id: Ifa10a8541b9e2ced782d5a36413f16bd4da07e89
 2023-07-27 22:25:41 -07:00
qctecmdr
03739d6270 Merge "sepolicy_vndr: Add sepolicy for libOpenCL_adreno" 2023-07-26 01:09:51 -07:00
Manoj Basapathi
48e92c1ded sepolicy : Add sysfs_net related path entries 
VTS test fails when secontext entry for the driver path
is not present in genfs_context.
Update the secontexts for sysfs_net for GVM target
missing entry is-
/devices/platform/soc/1c00000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/net/

Change-Id: I326d16b8afb2faa75e2680d415d94d037ac02d66
 2023-07-21 12:25:17 +05:30
Padmanabham Bodda
c47211431f sepolicy_vndr: Add sepolicy for libOpenCL_adreno 
Add sepolicy to fix avc denial

CRs-Fixed: 3565678
Change-Id: If96a27728c09bcbd4d4d81a5dca60ce8ed864826
 2023-07-20 18:06:58 +05:30
Karthik Dillibabu
61bc43239f sepolicy_vendor: Add sysfs permission for camera 
Added sepolicy read permission to camera for sysfs.

CRs-Fixed: 3482752
Change-Id: Ia54aadc1bf1284423eaf7bd72de609e25cc9e5d2
 2023-07-10 12:13:01 +05:30
Zhen Wang
2c7cf83eb6 Sepolicy_vndr: label /mnt/vendor/calib dir 
The /mnt/vendor/calib is a new added partition
of qvr and sensors calibration file and sensor
file, here gives access permission.

Change-Id: I3d534a875bc383d878613ea46dbc45e1ab3d6d2a
 2023-07-06 15:40:47 +08:00
qctecmdr
2e5cd5d8a9 Merge "sepolicy : Allow kernel to create perf_events after hotplug" 2023-06-28 05:38:06 -07:00
Guifu Li
8cd413ed18 Add sepolciy for QFPS feature to read the system tats from procfs 
1. read file node: /proc/sys/walt/input_boost/input_boost_freq
[ 8282.383405] type=1400 audit(1684701607.559:346): avc: denied { read } for
comm="pmCoreThread" name="input_boost_freq" dev="proc" ino=59521
scontext=u:r:vendor_hal_poweroptservice_qti:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

2. read file node: /proc/stat
[ 8418.275848] type=1400 audit(1684701743.455:407): avc: denied { read } for
comm=504F5349582074696D65722031 name="stat" dev="proc" ino=4026532014
scontext=u:r:vendor_hal_poweroptservice_qti:s0 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0

Change-Id: I2b05573d7e177ce1119caec28bab77b08c120f1c
Signed-off-by: Li Guifu <quic_guifli@quicinc.com>
 2023-06-28 00:33:17 -07:00
Shivnandan Kumar
19ad419639 sepolicy : Allow kernel to create perf_events after hotplug 
Callback in memlat(pmu_lib) in the context of hotplug thread
is unable to create perf event after cpu powers back up due
to selinux denials in user build. Add sepolicy to fix it.
perf_event need to be accessed from both DCVS and kernel domains.

Change-Id: I10decd83172029df5bed8671d51124878b98eede
 2023-06-27 10:57:53 +05:30
qctecmdr
2c5b1f975d Merge "sepolicy : Add sysfs_net related path entries" 2023-06-23 05:37:36 -07:00
qctecmdr
30371011d2 Merge "sepolicy_vndr: Allow system_server read vendor_persist_camera_prop" 2023-06-23 01:25:39 -07:00
Manoj Basapathi
4af58dbe73 sepolicy : Add sysfs_net related path entries 
VTS test fails when secontext entry for the driver path
is not present in genfs_context.
Update the secontexts for sysfs_net for GVM target

Change-Id: I0bd377ebcfcdbc13b8b5b6d0385b5a9ea719b269
 2023-06-23 12:01:17 +05:30
qctecmdr
7cb47f6008 Merge "Sepolicy_vndr: add widevine to access qseecom_ta heap" 2023-06-21 10:54:46 -07:00
Uttkarsh Aggarwal
ad1ddc4a5d sepoliy_vndr: Handle write permission on configfs 
In current implementation for NCM enablement we do
cd /config/usb_gadget/g1/functions/ncm.0
echo WINNCM > os_desc/interface.ncm/compatible_id
Here we simply trying to write inside configfs which cause
AVC denial.
AVC denial:
type=1400 audit(0.0:12): avc: denied { write } for comm="init.qcom.usb.s"
name="interface.ncm" dev="configfs" ino=34930 scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=dir permissive=0.
type=1400 audit(0.0:12): avc: denied { create } for comm="init.qcom.usb.s"
name="compatible_id" scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=file permissive=0.
type=1400 audit(0.0:12): avc: denied { create } for comm="init.qcom.usb.s"
name="compatible_id" scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=file permissive=0.

In this patch we are giving permission to write in configfs in target
specific files.

Change-Id: I7d3843c46cfae8ac34d6d59e510274cbb5509697
Signed-off-by: Uttkarsh Aggarwal <quic_uaggarwa@quicinc.com>
 2023-06-16 14:38:42 +05:30
Sanjay Singh
73b6f228c9 sepolicy_vndr: Allow system_server read vendor_persist_camera_prop 
Allowing system_server read vendor_persist_camera_prop

Change-Id: I746d649dd437bb21e65472b97b2cb4141499cb24
 2023-06-15 20:09:26 +05:30
Sheik Anwar Shabic Y
174238fe51 Sepolicy_vndr: add widevine to access qseecom_ta heap 
Add widevine client to access qseecom_ta heap.

Change-Id: If99d73432c55f9feda823d97818ea422eae864b9
 2023-06-12 10:47:47 +05:30
qctecmdr
539bcd22ca Merge "sepolicy: parrot: Fix avc denials for wakeup nodes" 2023-05-30 02:32:03 -07:00
qctecmdr
e3068827c0 Merge "sepolicy_vndr: Allow mediaswcodec to access gpu_device" 2023-05-29 23:16:19 -07:00
Ajit Vaishya
8f3bf939fe sepolicy: parrot: Fix avc denials for wakeup nodes 
Label wakeup Wlan sysfs nodes listed by
SuspendSepolicyTests.sh

Change-Id: I3a62350079365902d2cf345d5c3ff4676c42a45b
CRs-Fixed: 3451976
 2023-05-29 07:39:16 -07:00
qctecmdr
c184af7d5b Merge "Allow wcnss service to access hal perf service" 2023-05-29 00:35:54 -07:00
Sachu George
cfa7ccb9a4 sepolicy_vndr: Allow mediaswcodec to access gpu_device 
Allow mediaswcodec to access gpu_device.

SELinux : avc: denied { read write } for name="kgsl-3d0"
dev="tmpfs" ino=1030 scontext=u:r:mediaswcodec:s0
tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0

Change-Id: I53db6aab6f06be10ae7c34ff0b2a1b8090c1ae23
 2023-05-26 14:42:48 +05:30
Ajit Vaishya
8f55af7809 Allow wcnss service to access hal perf service 
Add sepolicy rule for vendor wcnss service to access
vendor hal perf service.

Change-Id: Ib6250b3ef7e77918bf348c344e628fd60ce274c3
CRs-Fixed: 3294921
 2023-05-08 07:06:17 -07:00
Vamsi Krishna Gattupalli
8afaf747e6 sepolicy: Fix avc denials for wakeup nodes 
Label wakeup sysfs nodes listed by SuspendSepolicyTests.sh

Change-Id: I4b543c1c628613990bad565330899a0147510924
Signed-off-by: Ansa Ahmed <ansaahme@qti.qualcomm.com>
 2023-05-03 04:40:44 -07:00
qctecmdr
5d822535a9 Merge "anorak: update sepolicy for KineticsXR controllers" 2023-04-25 23:44:36 -07:00
Zhen Wang
b2cf6bd4f9 Sepolicy_vndr: add qvr to access camera 
Allow qvrservice to access camera data(/data/vendor/camera).

Change-Id: Iaa961113e45c2504bf1669196feb495e032d97db
 2023-04-11 11:05:41 +08:00
Meng Wang
d3a6f45a28 anorak: update sepolicy for KineticsXR controllers 
Update sepolicy for KineticsXR controllers.

Change-Id: I72091dec47eacce451a8002b5dbbaa4a5c4ca015
 2023-04-06 09:23:16 +08:00
Vamana Murthi
b30000e27c Allow vendor_location_xtwifi_client to access ssgtzd socket 
Change-Id: I473ae330cfa265a324c136b068fe94e62d38c845
CRs-Fixed: 3362880
 2023-04-03 20:52:19 +05:30
qctecmdr
7767f4672d Merge "Add rules for qms daemon" 2023-03-23 03:28:42 -07:00
Tengfei Fan
37d04f59a7 sepolicy: add root path for remoteproc-wpss wakeup node 
Add root path for remoteproc-wpss wakeup node.

Change-Id: Ie6931140e7690d32c52e3e17bad7e3f11ac0c1a9
 2023-03-22 17:24:47 +08:00
Vamana Murthi
2a0ce8f444 sepolicy rules to allow Gnss Hal to access RIL Srv 
Change-Id: I58f8f71978ddca6e97811e7523a1966cc6f475f8
CRs-fixed: 3287913
 2023-03-20 14:51:17 +05:30
Pavan Kumar M
43fa987fe0 Add rules for qms daemon 
Change-Id: Ifb54c1cfcdf231964530a3fe6e2785808cd6904a
 2023-03-20 00:10:15 -07:00
vidyalak
f149500bed sm6150: support for vendor_boot and init_boot partition 
Included vendor_boot and init_boot partition for AB OTA
In msmsteppe sepolicy changes.

Change-Id: I6f10642819de572e6f26e9b084188579ba5336bf
 2023-03-17 10:56:18 +05:30
Tengfei Fan
b6acde700a sepolicy: Fix avc denials of remoteproc-wpss for wakeup nodes 
Label wakeup sysfs nodes listed by SuspendSepolicyTests.sh

Change-Id: I382fb204eafeedf331b89aebfe74e0684ba2e12d
 2023-03-13 14:34:40 +08:00
Vaishnavi AVS
31cb5eaa26 sepolicy_vndr: Add sepolicy rules for I2C wakeup nodes 
Add sepolicy rules for I2C wakeup nodes to fix avc denials
and errors from suspend sepolicy scripts.

Change-Id: Ia8e1972b5699dd5a56b4079840da8866c5ff6bf5
 2023-03-06 00:42:23 -08:00
Vaishnavi AVS
2199a340af sepolicy_vndr: Add sepolicy rules for UART wakeup nodes 
Add sepolicy rules for UART wakeup nodes to fix avc denials
and errors from suspend sepolicy scripts.

Change-Id: Ic0e4a09b29f6adf55e3b9b825dbca4b7472a1736
 2023-03-06 12:03:21 +05:30
Rakesh Kota
380fc2940e sepolicy_vndr: Add sepolicy rules for PON wakeup nodes on ravelin 
Add sepolicy rules for PON wakeup nodes to fix errors
from suspend sepolicy scripts.

Change-Id: If291843654fb78c62d64aa23b759db9f7d4f4b96
 2023-02-22 15:50:41 +05:30
Leela Sravani Atmakuri
9bbbddbefe sepolicy_vndr: Modify nativehaltestservice.te 
CRs-Fixed: 3412497
External Impact: No

Change-Id: I04d2309db37d8e14506d2d4ba743ac1279247240
 2023-02-21 02:31:05 -08:00
Udipto Goswami
aec146fc65 sepolicy_vndr: Add permission for USB HAL to access usb sysfs nodes 
Adding permissions for for usb hal to access the
vendor_sysfs_usb_node. This is required to hal to perform error
recovery in host mode.

Change-Id: Ie7fff2ba54fd50864ab6be90e97d002be7ca10cc
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
 2023-02-13 22:39:21 -08:00
Leela Sravani Atmakuri
11b5899b2b sepolicy_vndr: Add nativehaltestservice.te 
CRs-Fixed: 3400283

Change-Id: I5688524048cb430a311939763b66f8a344095120
 2023-02-08 02:24:25 -08:00
qctecmdr
483eed269a Merge "sepolicy_vndr: Add sepolicy rules to access RGB nodes on ravelin" 2023-02-02 05:16:53 -08:00
Arvind Kumar
4149ce8a88 parrot: Update sepolicy for OTA partitions to fix AVC denials. 
Update sepolicy for OTA partitions to fix AVC denials
seen during OTA update.

Change-Id: I56bad41bef6e35df5a76ddd8ee4aeaa08f01e3ce
 2023-01-31 10:52:04 +05:30
Rakesh Kota
86973c5b83 sepolicy_vndr: Add sepolicy rules to access RGB nodes on ravelin 
Add label for led device node on ravelin platform.

Change-Id: I797de14c5e4c089625008a16f7df462c13415b6b
 2023-01-20 12:59:36 +05:30
qctecmdr
fc030efab5 Merge "sepolicy_vndr: add sepolicy for spdaemon to use wake-lock" 2023-01-11 22:26:24 -08:00
sganda
67783127fa sepolicy_vndr: add sepolicy for spdaemon to use wake-lock 
allow spdaemon daemon to access wake-lock sysfs nodes

Change-Id: I2af3b37387d2de35a37848a8aab667bf968423ed
Signed-off-by: sganda <quic_sganda@quicinc.com>
 2023-01-11 15:51:28 +05:30
qctecmdr
bbcb88bf33 Merge "sepolicy_vndr: hal_trustedui: Add sepolicy rules to access touch nodes" 2023-01-11 01:55:00 -08:00
Akhil Budampati
840718ffec sepolicy_vndr: hal_trustedui: Add sepolicy rules to access touch nodes 
Add sepolicy rules to access new trusted_touch_enable,
trusted_touch_type and trusted_touch_event nodes in TUI HAL

Change-Id: I0f516196e953514cf99926181528eecccc99022c
 2023-01-11 09:51:56 +05:30
qctecmdr
145726016f Merge "sepolicy_vndr: Add QSPM related dontaudit rules for mediacodec" 2023-01-09 23:04:55 -08:00
sganda
11bfa34b4a sepolicy_vndr: add sepolicy for keymasterd for anorak 
Keymaster daemon is given permissions to access spcom related files
and devices

Change-Id: Ic753bf9b93594d8e51a48e709dd938e249dcc963
Signed-off-by: sganda <quic_sganda@quicinc.com>
 2023-01-03 20:38:57 +05:30
Sachu George
149bcb3606 sepolicy_vndr: Add QSPM related dontaudit rules for mediacodec 
Added QSPM related dontaudit selinux rules for mediacodec to address
below denials.

SELinux : avc:  denied  { find } for interface=vendor.qti.qspmhal::IQspmhal
sid=u:r:mediacodec:s0 pid=1041 scontext=u:r:mediacodec:s0 tcontext=
u:object_r:vendor_hal_qspmhal_hwservice:s0 tclass=hwservice_manager permissive=0

Change-Id: I802d30646be36c6afba3a4c652d2d3201b7e0dad
 2023-01-03 18:12:22 +05:30