tequilaOS/platform_device_qcom_sepolicy_vndr-sm8450
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4176 commits 1 branch 0 tags 5.8 MiB
Commit graph

1047 commits

Author SHA1 Message Date
Arun Kumar Neelakantam
8c8acc41ff sepolicy_vndr: add ssgtzd_opener socket sepolicy 
ssgtzd_opener socket file is created to provide service registration
and adding sepolicy to access this socket

Change-Id: I06afa4e9e6857d6f13731eaf46d9acbc5e606224
 2021-11-15 22:12:11 +05:30
Arun Kumar Neelakantam
5e19c5be0a sepolicy_vndr: trusteduilistener: add sepolicies 
Add SEpolicies for new TrustedUI Listener daemon.

Change-Id: I87cd757a5df129352b7ab74d80bb2ecfd0ec99df
 2021-11-11 00:28:52 +05:30
shrkum
5f861e159c Allow vendor_pd_mapper to open to /dev/kmsg 
Change-Id:If9f89c010bfc8a888f6ad6e842a1f5c61e97b8af
 2021-10-25 12:22:03 +05:30
qctecmdr
c075fdc753 Merge "sepolicy_vndr: Adding graphics libs" 2021-10-22 14:46:21 -07:00
kranthi
8871a4e3cf sepolicy-vndr:Allowing system process to read gpu model 
type=1400 audit(0.0:307): avc: denied { read } for name=""gpu_model""
dev=""sysfs"" ino=111904 scontext=u:r:vendor_voiceui_app:s0
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0
app=com.qualcomm.qti.sva

Change-Id: If9f89c010bfc8a733f6ad6e842a1f5c61e97b8af
 2021-10-22 04:02:03 -07:00
qctecmdr
453e7b1f20 Merge "sepolicy: Add sepolicy to access vendor_dmabuf_display_heap_device from mediacodec" 2021-10-15 09:53:00 -07:00
Weiyi Chen
fdc7fe4783 sepolicy: shsusrd permissions 
Allows shsusrd to create and listen on unix domain socket,
operate on netlink route socket and connect to netmgrd socket.

Change-Id: I883dee4496e6ac420f4f8b149a8da25370460fa6
 2021-10-13 15:32:40 -07:00
Vinay Pandurangi
f7fef315bb sepolicy: Add sepolicy to access vendor_dmabuf_display_heap_device from mediacodec 
Change-Id: Ic7a557af5cf56a371cf8278a43ffa3ba071e73d0
 2021-10-12 10:30:05 -07:00
qctecmdr
642992dd5c Merge "sepolicy_vndr: Add sepolicy for esoc node" 2021-10-08 16:20:34 -07:00
Sauvik Saha
ab1e149631 sepolicy_vndr: Fixing avc denial for waipio 
* [Waipio] avc: denied { call } for comm="ims_rtp_daemon"
* scontext=u:r:vendor_hal_imsrtp:s0 tcontext=u:r:vtloopback_app:
* s0:c165,c256,c512,c768 tclass=binder permissive=0

Change-Id: I3de76b9c1b409aec882b6aa490a0801798d45a8d
 2021-10-07 23:12:24 -07:00
kranthi
64d7ccb738 sepolicy_vndr: Adding graphics libs 
Adding libgpudataproducer,libVkLayer_ADRENO_qprofiler,libq3dtools_esx

Change-Id: Iabfa7995bba351d4cd048f440836d9245adfb105
 2021-10-07 04:52:54 -07:00
qctecmdr
36e9a3c8eb Merge "add policies for vendor location." 2021-09-30 07:13:07 -07:00
qctecmdr
74ecb27590 Merge "sepolicy_vndr: Allow shell to access tracefs instances" 2021-09-30 00:44:08 -07:00
Ashish Dhiman
499fb657e1 add policies for vendor location. 
Change-Id: I064d192c91342b52ef28420259740484533cb23d
 2021-09-28 17:31:36 +05:30
Naseer Ahmed
86b243d686 sepolicy: Add memtrack HAL 
Change-Id: I96aba595b174dcdf8949e17cd13f97d1c76af1d4
 2021-09-21 09:41:27 -07:00
Kamal Agrawal
b36b7d0e58
sepolicy_vndr: Allow shell to access tracefs instances 
Add policy to allow shell to access tracefs instances.
Fix is for below error:
W ls : type=1400 audit(0.0:219): avc: denied { read } for
name="instances" dev="tracefs" ino=10789 scontext=u:r:shell:s0
tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir
permissive=0

Change-Id: Ia508b90d648be8b61938e29792e3fab0d740ba87
 2021-09-18 12:48:45 +05:30
Linux Build Service Account
e443daae7d Merge "Filecontext changed for vm-system mount" into sepolicy.vndr.lnx.12.0 2021-09-13 17:47:28 -07:00
qctecmdr
a2b712ff6b Merge "sepolicy: Add sepolicy to access demura heap device" 2021-09-10 10:28:56 -07:00
qctecmdr
cc3491aae5 Merge "sepolicy: Add rules for /dev/dma_heap/qcom,demura device" 2021-09-09 20:59:46 -07:00
Lakshmi Narayana Kalavala
d56c891c64 sepolicy: Add sepolicy to access demura heap device 
Add read access permission for demura heap device for
hal_graphics_allocator_default module

Change-Id: I095f7d7453405879a58f2e66749fd27b8264a4f7
 2021-09-09 17:12:23 -07:00
qctecmdr
975234aee7 Merge "sepolicy: rename hang_guard to qguard" 2021-09-09 03:56:13 -07:00
xiaohuin
59fd672884 sepolicy: rename hang_guard to qguard 
change hang_guard to qguard

Change-Id: I6a11a7fbb0ab8d9682e89750bb111ebe9fc618fd
CRs-Fixed: 3005281
 2021-09-09 03:10:51 -07:00
jiaoyuan
474a2276e5 Add policy for aide libs 
Change-Id: I293ecb11f5e730120ce75b648a9f85e576de8875
 2021-09-08 19:26:15 -07:00
appadura
297e3cb4d2 Filecontext changed for vm-system mount 
On platform using qvirtmgr/qcrosvm, switch to using
same_process_hal_file label for vendor vm images as
they are loaded by system.

Change-Id: Id859e1114fdcd3e190fb006768226e47cec2db38
 2021-09-07 19:28:38 -07:00
qctecmdr
6585b6e957 Merge "Add rules to define and use media performance class property" 2021-09-07 13:58:03 -07:00
Roopesh Nataraja
e1a866f79c sepolicy_vndr: Add selinux context for xbl_ramdump_[ab] 
xbl_ramdump partition is being converted into A/B partition.
Add corresponding selinux rule to define context for this partition.

Change-Id: I6fd10a4f4675592b770f9b582d66dfd245cdc424
 2021-09-07 09:56:02 -07:00
Roopesh Nataraja
9e757a7a64 Add rules to define and use media performance class property 
Since QCV enforces common vendor image across chipsets from the
same family, create an internal property called
'ro.vendor.media_performance_class' to set the right value based
on chipset capability at run time. Assign this value to
'ro.odm.build.media_performance_class' in QCV init rc.

Change-Id: Ie6f4e36151cd65f078b4eb1e52d29b280c849c77
 2021-09-07 09:48:25 -07:00
Patrick Daly
0fac5bfe50 sepolicy: Add rules for /dev/dma_heap/qcom,demura device 
Define policy for qcom,demura device.

Change-Id: I1264329ecea1349f5fb78919644c02fd0bc552f2
 2021-09-02 18:16:02 -07:00
qctecmdr
87981a774d Merge "sepolicy_vndr: allow rproc autopil bg scripts to access slpi" 2021-09-01 14:44:30 -07:00
Jun-Hyung Kwon
bfa84717ab sepolicy_vndr: allow rproc autopil bg scripts to access slpi 
allow remoteproc autopil bg scripts to access slpi sysfs nodes

Change-Id: Ib2862a2a31e196d98124de66fbb3aa5e3e13f585
 2021-09-01 13:20:10 -07:00
Roopesh Nataraja
d826b86b82 taro: Label sdf block as boot_block_device 
This is a workaround to fix an update_engine crash
due to switching of LUNS between sde and sdf.

Change-Id: I8f3b87f8446928ed78b71182e930f06b6b1ea203
 2021-09-01 09:02:21 -07:00
qctecmdr
df1748ad10 Merge "sepolicy_vndr: taro: Add esoc sysfs nodes" 2021-08-30 16:14:42 -07:00
qctecmdr
af9ac51900 Merge "sepolicy_vndr: Add sepolicy for ssg system service" 2021-08-24 09:11:59 -07:00
qctecmdr
811ce2217f Merge "Add sepolicy for perf qesdk client" 2021-08-23 12:35:31 -07:00
qctecmdr
1da2ca4cc2 Merge "sepolicy_vndr: dontaudit system_server search of proc shs dir" 2021-08-20 02:30:54 -07:00
qctecmdr
a88bf5bebc Merge "sepolicy_vndr: Fix sepolicy denials for write to proc/sys/kernel" 2021-08-19 17:49:15 -07:00
qctecmdr
85f9d5bb06 Merge "sepolicy_vndr: change vendor_qcc_trd to vendor_qcc_trd_2" 2021-08-19 13:35:57 -07:00
Rishabh Bhatnagar
babbf9878b sepolicy_vndr: Fix sepolicy denials for write to proc/sys/kernel 
Add read/write permissions for init scripts to write to uclamp
default node /proc/sys/kernel/sched_util_uclamp_min_rt_default.
avc: denied { write } for comm="sh" name="sched_util_clamp_min_rt_default"
dev="proc" ino=187895 scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:proc_sched:s0 tclass=file permissive=0

Change-Id: I2c59d74f0ea735a8658cb6414e713e8161a927c9
 2021-08-19 11:59:10 -07:00
Bhargav Upperla
6dc9989950 Add sepolicy for perf qesdk client 
Provide access to qesdk & perf-hal

Change-Id: I444093d77beab4db582ac408b1a25439b0633562
 2021-08-18 20:53:46 -07:00
Gerald Dasal
bcb76b2ebc sepolicy_vndr: Add sepolicy for ssg system service 
mlid and ssgtzd need to be able to talk to service
apps as well as other vendor services.

Change-Id: Iaee709672f4dd83c428a047be17bb0c087a50215
 2021-08-18 16:43:43 -07:00
Subash Abhinov Kasiviswanathan
6cd53c182a sepolicy_vndr: dontaudit system_server search of proc shs dir 
Dontaudit system_server search of the vendor proc shs directory.

Change-Id: Idd075963fa6e5babcff38720d1b3a72e08da5fcd
 2021-08-18 15:56:38 -07:00
Phani Deepak Parasuramuni
cdd1fc2dac sepolicy_vndr: change vendor_qcc_trd to vendor_qcc_trd_2 
vendor_qcc_trd type is only defined in LA.QSSI.12.0 se policies
and used in LA.VENDOR.1.0 se policies. But this creates a problem when
LA.VENDOR.1.0 is run with pure AOSP image. In pure AOSP image type definition
of vendor_qcc_trd will not be present and hence qcc-trd daemon is failing
is failing to start with following error:

type=1401 audit(1624551973.831:245): op=security_compute_sid
invalid_context="u:r:vendor_qcc_trd:s0" scontext=u:r:init:s0
tcontext=u:object_r:vendor_qcc_trd_exec:s0 tclass=process

Solution: Defining a new type 'vendor_qcc_trd_2' in vendor side
and adding the attribute 'vendor_qcc_trd' defined in QSSI SE policies.

Change-Id: I5c767a0d330cece2965acf101006e6998cbbef91
 2021-08-18 15:28:22 -07:00
qctecmdr
951dbdb76a Merge "common: Add sepolicy for watchdog wakeup_enable" 2021-08-18 15:25:11 -07:00
Elliot Berman
b1aed60249 common: Add sepolicy for watchdog wakeup_enable 
Add sepolicy permission for init to disable wakeup aware watchdog.

Change-Id: Ib78f2b4878a6645b3d42f3d96261375026032ce4
 2021-08-17 10:28:38 -07:00
qctecmdr
e0904a477d Merge "sepolicy_vndr: Update lowirpcd to use the system heap" 2021-08-16 03:17:25 -07:00
Sauvik Saha
f4ba9d955c sepolicy_vndr: Fixing avc denials for loopback app 
* denied { read } for name="u:object_r:vendor_ims_prop:s0"
* dev="tmpfs" ino=332 scontext=u:r:platform_app:s0:c512,c768
* tcontext=u:object_r:vendor_ims_prop:s0 tclass=file
* permissive=0 app=com.qti.vtloopback

Change-Id: I8b2658ff7fe8d18812aa45c9daa3a2906f7e942f
 2021-08-13 18:47:51 -07:00
qctecmdr
cd7bdafc94 Merge "sepolicy_vndr: Add sepolicy for disable RC thread prop" 2021-08-13 00:23:55 -07:00
qctecmdr
78274a3646 Merge "sepolicy_vndr: remove unused cne te_macros" 2021-08-12 20:03:32 -07:00
qctecmdr
154cd72a23 Merge "sepolicy_vndr: add read access to vendor_slpi_sysfs nodes" 2021-08-12 17:37:17 -07:00
Jun-Hyung Kwon
8229c3388b sepolicy_vndr: add read access to vendor_slpi_sysfs nodes 
add a rule to allow sensors_hal to read vendor_slpi_sysfs nodes

Change-Id: I2aa0ebd198a0fdbfac45b6dd37e727802f612903
 2021-08-12 11:56:22 -07:00