tequilaOS/platform_device_qcom_sepolicy_vndr-sm8450
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4635 commits 1 branch 0 tags 5.8 MiB
Commit graph

4635 commits

This branch
This branch
All branches
Author SHA1 Message Date
Michael Bestas
586eb798d6
Merge tag 'LA.VENDOR.1.0.r1-25800-WAIPIO.QSSI14.0' into staging/lineage-21.0_merge-LA.VENDOR.1.0.r1-25800-WAIPIO.QSSI14.0 
"LA.VENDOR.1.0.r1-25800-WAIPIO.QSSI14.0"

# By Seshu Madhavi Puppala (2) and others
# Via Linux Build Service Account (2) and others
* tag 'LA.VENDOR.1.0.r1-25800-WAIPIO.QSSI14.0':
  qseecomd-sepolicy: Add context for qseecomd restart at hibernate exit.
  sepolicy: Add properties to restart keymint and gatekeeper services
  * sepolicy_vndr: fix for AVC denial for U upgrade targets
  sepolicy_vndr: sepolicy rules for SecCam2test app
  Sepolicy_vndr: allow qvr to access heap device
  sepolicy_vndr: Add sepolicies for eSE
  sepolicy_vndr: add permission to access XR app

Change-Id: I4f0fb22feb43c7d703bef8dbb9e35873d5ab1069
 2024-06-28 14:52:08 +03:00
Linux Build Service Account
57164669b3 Merge 92a36955eb on remote branch 
Change-Id: I77c727795c994dec9ed325ec5ff48a5b661b7720
 2024-06-18 06:18:45 -07:00
Seshu Madhavi Puppala
92a36955eb qseecomd-sepolicy: Add context for qseecomd restart at hibernate exit. 
Test:
Multiple iteration of DS-QB and hibernate

Change-Id: Id4f8bdaa405af3c2f76437dec32b939d782b3111
 2024-05-31 14:48:22 +05:30
Seshu Madhavi Puppala
205f099dcc sepolicy: Add properties to restart keymint and gatekeeper services 
The changes includes adding new properties
2)vendor.keymint.quickboot
3)vendor.gatekeeper.quickboot

Add access permission to qseecomd. Using these properties keymint and gatekeeper service
will be restarted on hibernate exit.

Test:
1)Device is successfully able to Hibernate enter and exit.
2)Keymint and Gatekeeper service are restarting after Hibernate-exit.

Change-Id: I9e1d8481cfc244a9bfabbf06fc3777ec2f7b6898
 2024-05-30 15:10:07 +05:30
Vaishali Rai
b335f2d075 * sepolicy_vndr: fix for AVC denial for U upgrade targets 
* I/auditd ( 963): avc: denied { find } for pid=3614 uid=10149
* name=vendor.qti.ImsRtpService.IRTPService/ImsRtpService
* scontext=u:r:vendor_qtelephony:s0:c149,c256,c512,c768
* tcontext=u:object_r:default_android_service:s0
* tclass=service_manager permissive=0
*
* add dontaudit rule for U upgrades since
* AServiceManager_isDeclared does find operation internally

Change-Id: I820e73f39be4b6f25eda24619abaae9ae92ce34a
(cherry picked from commit 1a332e6b327f5b0e6d2524948dba5f327994e749)
 2024-05-23 04:11:38 -07:00
Michael Bestas
f6cdacdcd0
qva: Label qcom,battery_charger extcon 
Change-Id: I3927a94417f897c0a5b2625a28f064f39b8181a6
 2024-05-21 03:28:24 +03:00
Bruno Martins
49a07b0071
qva: Extend extcon rules 
Change-Id: I163817d45b0b11ef1c871b4a6cbf5d0657b3f67d
 2024-05-21 03:28:24 +03:00
Suresh Koleti
6c5be29b06
Add IQtiRadio in vendor 
- Add IQcRilAudio in
  vendor_hal_telephony_service domain in vendor
  partition which is needed when GSI build is loaded.

Change-Id: I3a6d8a1486558db1622c2c447256024eed8773ae
CRs-Fixed: 3073450 3115861
 2024-05-21 03:28:24 +03:00
Michael Bestas
13952f5a52
sepolicy: Label vendor.qti.ims.factoryaidlservice.IImsFactory 
This service can be found on ingot 14 release

Change-Id: I7dd4c7c3ea233fcc0760fd5c26bccf7254c0e9cf
 2024-05-21 03:28:19 +03:00
Michael Bestas
a3463e5ce3
sepolicy: Move some AIDL rules to common policy 
These services can be found on ingot 14 release

Change-Id: Iaf5494b3325384061a99f5bc0736ea029d12ad21
 2024-05-21 03:25:54 +03:00
Sridhar Kasukurthi
d6a218c5b9
sepolicy_vndr: Add IQtiOemHook and IDeviceInfo 
- Add IQtiOemHook and IDeviceInfo in
  vendor_hal_telephony_service domain in vendor
  partition which is needed when GSI build is loaded.

Change-Id: Ia119414d2aa417215fbc9bdefe69ee5771860d23
CRs-Fixed: 3152356
 2024-05-19 14:03:10 +03:00
Michael Bestas
7a49fa4b75
taro: Label discard_max_bytes sysfs 
Change-Id: Ibd8af5fa1f44134ec99eb2df7a6c4de3d72d4df8
 2024-05-19 13:59:18 +03:00
dianlujitao
76acc1fc3c
generic: Allow init write to discard_max_bytes 
Change-Id: If22a1fe0036f49d5cfb3f3c21cd9c44b96ac6ae8
 2024-05-19 13:59:18 +03:00
xuanpeng
d9e0c83e27
sepolicy: enable vibrator HAL to access qcom-haptics class sysfs 
Add a new label vendor_sysfs_haptics for qcom-haptics class
sysfs file and allow vibrator HAL service to access it.

Change-Id: I8a9a623fb46e8433e6fa1af41ce3e68b68790d6a
 2024-05-19 13:59:18 +03:00
Phalguni Bumhyavarapu
dc90f31378
device/qcom/sepolicy_vndr : Support Widevine AIDL 
Change-Id: I3d02f04029c59fc518ded5cca2c2748dd3c04224
 2024-05-19 13:59:17 +03:00
Phalguni Bumhyavarapu
9d53036141
device/qcom/sepolicy_vndr : Support Widevine AIDL 
Change-Id: I671613ef3d4ccf7255e7dd25c15df0c6d3f86519
 2024-05-19 11:33:48 +03:00
Tushar Patra Jamula
942964627a sepolicy_vndr: sepolicy rules for SecCam2test app 
Change-Id: I7c2db52a48817c3b1acf7c0e028a9ce78a1974fb
Signed-off-by: Tushar Patra Jamula <quic_tjamula@quicinc.com>
 2024-05-07 03:59:50 -07:00
Linux Build Service Account
a8ff05c697 Merge cf2b4aabd0 on remote branch 
Change-Id: I8b1f4573be15fd79fba52fed47eabe97b65aa6fe
 2024-05-02 23:30:46 -07:00
Michael Bestas
99bfc2a391
Merge tag 'LA.VENDOR.1.0.r1-25300-WAIPIO.QSSI15.0' into staging/lineage-21.0_merge-LA.VENDOR.1.0.r1-25300-WAIPIO.QSSI15.0 
"LA.VENDOR.1.0.r1-25300-WAIPIO.QSSI15.0"

* tag 'LA.VENDOR.1.0.r1-25300-WAIPIO.QSSI15.0':
  Camera: Anorak: Add Missing Permissions to run QVR and Camera HAL Concurrently
  sepolicy_vndr: Adding changes to support codec2.
  sepolicy: allow qvr to access camera hal service.
  anorak: add controller permission to access camera hal
  Camera: Anorak: Add Permissions to run QVR and Camera HAL Concurrently
  Camera: Anorak: Add QVR permissions to Camera HAL
  anorak: move qvrcamservice from common/ to anorak/
  SEPolicy change for Location Qesdk Service..
  Sepolicy_vndr: add permission for qvrcamservice

 Conflicts:
	qva/vendor/common/service.te

Change-Id: I49a386bcc21f24ad27c05cd024b190f7f681b961
 2024-05-02 20:17:18 +03:00
Alexander Winkowski
564a900000 sepolicy_vndr: Allow qti_init_shell to set watermark boost factor 
Change-Id: Iffaf1f7846fdcf758adc1b173c52ac8a34754ee9
 2024-04-28 18:30:25 +02:00
Divyanand Rangu
6d758c353c sepolicy_vndr: allow init_shell to access proc_watermark_scale_factor. 
Add init_shell to update node under new label added in T,
proc_watermark_scale_factor.

Change-Id: I8f146a191f4354324789f898a63d3a10a0e36531
 2024-04-28 18:30:14 +02:00
zhw
cf2b4aabd0 Sepolicy_vndr: allow qvr to access heap device 
allow qvrservice to read heap device.

Change-Id: Ifad0e0d67c2d35a92243d8396062b4080e2fab56
 2024-04-14 18:56:17 -07:00
qctecmdr
3c71acce04 Merge "sepolicy_vndr: Add sepolicies for eSE" 2024-04-10 06:14:58 -07:00
Sandra V S Nair
0ed2a7eaca sepolicy_vndr: Add sepolicies for eSE 
Add sepolicies to support stm keymint service

Change-Id: If60226af5f296a8f70bd5468f5c17f796a8fdad1
 2024-04-10 11:24:50 +05:30
Linux Build Service Account
bc97d88762 Merge 718daf9c68 on remote branch 
Change-Id: I74d44ced9c9474af2e8af312d8c34e8ee4e6bc2c
 2024-04-09 10:57:58 -07:00
zhw
cb73bb349f sepolicy_vndr: add permission to access XR app 
allow qvrcamservice to read/write vendor_xrcb_app

Change-Id: Iff356a1379ae311339dce4418e0fd8fab527c794
 2024-04-08 18:47:03 +08:00
Fenglin Wu
7381bc84b6 sepolicy_vndr: update sepolicy for health HAL service 
Add label for QTI health AIDL HAL service and add policy for it to
access power supply devices.

Change-Id: I17d6c274e3e5fc76ca07019fe2e404c7c5171e57
 2024-04-06 12:58:39 +00:00
qctecmdr
718daf9c68 Merge "Camera: Anorak: Add Missing Permissions to run QVR and Camera HAL Concurrently" 2024-04-01 01:23:26 -07:00
qctecmdr
69672ed823 Merge "sepolicy_vndr: Adding changes to support codec2." 2024-03-31 23:14:20 -07:00
Michael Bestas
8c60f174ab
Merge tag 'LA.VENDOR.1.0.r1-24900-WAIPIO.QSSI14.0' into staging/lineage-21.0_merge-LA.VENDOR.1.0.r1-24900-WAIPIO.QSSI14.0 
"LA.VENDOR.1.0.r1-24900-WAIPIO.QSSI14.0"

# By Sandra V S Nair (3) and others
# Via Gerrit - the friendly Code Review server (9) and others
* tag 'LA.VENDOR.1.0.r1-24900-WAIPIO.QSSI14.0':
  Revert "sepolicy_vndr: Change eSE node name"
  sepolicy_vndr: Change eSE node name
  sepolicy: add qce dev permission for SRTP support
  sepolicy_vndr: Allow keymint HAL to read SOC name property
  Revert "anorak : Fixing AVC denials"
  sepolicy: allow platform_app to access DSP HAL
  sepolicy rules to allow Gnss Hal to access ssgtz for taro target
  sepolicy_vndr: Allow keymint HAL to read SOC name property
  anorak : Fixing AVC denials
  sepolicy_vndr: Allow apps to have read access to vendor_display_prop
  sepolicy: removing HTTP socket creation permissions to ssgtzd
  sepolicy_vndr: Allow keymaster HAL to read SOC name property
  sepolicy_vndr: Add sepolicy rules for eSE

Change-Id: I6f13fe93fead0f5e4fc64ff1c8af17654286afd8
 2024-03-29 12:14:04 +02:00
Vimal Kumar
b993ad7ee6 Camera: Anorak: Add Missing Permissions to run QVR and Camera HAL Concurrently 
Issue:
  avc:  denied  { add } for pid=6002 uid=1047 name=vendor.qti.hardware.qxr.IQXRCamService/default
  scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vendor_hal_qvrd_camservice:s0 tclass=service_manager permissive=0

Fix: Added sepolicy to resolve avc denied  error
Change-Id: Ifcf612006d625742b9697eff71b150754315d472
 2024-03-29 12:21:43 +05:30
Vatsal Bucha
aad8292cec sepolicy_vndr: Adding changes to support codec2. 
CRs-Fixed: 3704421

Change-Id: Ifc9be472d1f2cac187152d1a40d69d406bf14192
 2024-03-27 19:30:56 +05:30
zhw
374378330d sepolicy: allow qvr to access camera hal service. 
Change-Id: I5b301aaee72fbed61f371d580726d6e935a7baa8
 2024-03-25 01:40:07 -07:00
qctecmdr
f51084d10d Merge "SEPolicy change for Location Qesdk Service.." 2024-03-20 04:34:20 -07:00
zhw
71e881f1af anorak: add controller permission to access camera hal 
Allow controller service to connect camera hal service.

Change-Id: I940a08c365274bb1219d1bdfbba52ad6258815bb
 2024-03-19 18:58:13 -07:00
Vimal Kumar
68069d1ad9 Camera: Anorak: Add Permissions to run QVR and Camera HAL Concurrently 
- QVR and Camera HAL access permissions are  added

Change-Id: I9891b561da5dd1ee617e94fce186eecae249b3be
 2024-03-18 02:26:19 -07:00
Rama Krishna Nunna
25445c3800 Camera: Anorak: Add QVR permissions to Camera HAL 
- QVR Access permissions are needed

Change-Id: I5ddb3a32057956ad973306c282c6099d79dec1b9
 2024-03-18 01:56:57 -07:00
Linux Build Service Account
e03836a857 Merge bb272cc87d on remote branch 
Change-Id: I7ed4ae583db086b55eb4b0cc0567fe0baece406f
 2024-03-17 02:30:30 -07:00
zhw
ff0adb1b5d anorak: move qvrcamservice from common/ to anorak/ 
Change-Id: Ic1f26cabf519ceaf29a0f7d2a009bff6c5bb4128
 2024-03-12 02:39:21 -07:00
Saurabh Srivastava
41ce853d8a SEPolicy change for Location Qesdk Service.. 
CRs-Fixed: 3188054
Change-Id: I569b37117e031d5ccac47daf27714085c3a599ff
(cherry picked from commit dfdebd4d602dafdfa5fa0a65d80d0bae4250248e)
 2024-03-12 01:24:20 -07:00
zhw
de965c6ded Sepolicy_vndr: add permission for qvrcamservice 
This permission is added for FR83196(Split qvrcameraservice).
Add new qvrd_vndr_cam.te file and a set of permissions for
qvrcamservice.

Change-Id: Iba1f9cdde60f3482df2aea71d6022d501225d976
 2024-03-07 13:42:22 +08:00
qctecmdr
bb272cc87d Merge "Revert "sepolicy_vndr: Change eSE node name"" 2024-03-05 13:50:45 -08:00
Sandra V S Nair
558b7bf890 Revert "sepolicy_vndr: Change eSE node name" 
This reverts commit 10e4fdf7f3.

Reason for revert: stsafe320 eSE will also use device driver of st54 eSE.

Change-Id: I6284b71487693785c50f70faed220ae96914a300
 2024-02-29 16:37:25 +05:30
Linux Build Service Account
02372d0de8 Merge 9451c7dbb9 on remote branch 
Change-Id: I8fad453d3b3dd224b195af0b9eabdf7b20871d7c
 2024-02-19 20:35:10 -08:00
qctecmdr
0474aa2cdf Merge "sepolicy_vndr: Change eSE node name" 2024-02-11 22:01:32 -08:00
Sandra V S Nair
10e4fdf7f3 sepolicy_vndr: Change eSE node name 
eSE sepolicies were ported directly from sepolicy-vndr-wear.lnx.13.0.
sepolicy.vndr.lnx.12.0 doesn't support st54spi_gpio.
Instead, it supports stsafe320_gpio.


Change-Id: I18b1c1be30042781eeb5a6f1fe71af56b8842065
 2024-02-11 20:26:19 -08:00
qctecmdr
9451c7dbb9 Merge "sepolicy: add qce dev permission for SRTP support" 2024-02-08 04:25:14 -08:00
qctecmdr
a5edbba904 Merge "sepolicy_vndr: Allow keymint HAL to read SOC name property" 2024-02-04 04:59:03 -08:00
Vaishali Rai
74cae1998f sepolicy: add qce dev permission for SRTP support 
* ims_rtp_daemon: type=1400 audit(0.0:110):
* avc: denied { read write } for name="qce" dev="tmpfs"
* ino=1180 scontext=u:r:vendor_hal_imsrtp:s0
* tcontext=u:object_r:vendor_qce_device:s0 tclass=chr_file permissive=0
Change-Id: I94948967f9a1e49f5c1d7dc66365921ff2708d8f
(cherry picked from commit 5de93d42cc1fdb2a3d4a97486f35ef18e7567049)
 2024-01-30 22:23:31 -08:00
qctecmdr
98ceb1acf7 Merge "sepolicy: allow platform_app to access DSP HAL" 2024-01-23 01:31:22 -08:00