Add dir search permissions in vendor_modprobe for new
debugfs labels debugfs_bootreceiver_tracing and debugfs_wifi_tracing.
Change-Id: I9f95cb0d623a5ebc80eb69cd135099f7b3b31085
Shell permissions set in genfs_contexts for SELinux context applicable
for /sys/class/kgsl/kgsl-3d0/perfcounter is overridden if not set in
file_contexts.
Change-Id: I3eb818226abf497e1106af68ece9356bee0a3702
[1] sku version file contexts are loaded by early-
init phase and sku version node is created after
file contexts are loaded. The transistion time
from early init to post-fs is around ~2.5 seconds.
avc denied messages are observed when sku_version
is accessed as vendor file contexts are slow in
reporting.
[2] Hence, move file contexts to genfs as genfs
helps to track and label the node even if the
node is created afterwards.
Change-Id: Idcdebf0dbc5a4e9e97bddc9a5f4e3151f6a97d8b
issue:snapcam app call libbitml_nsp_v2_skel.so has permission denied
fix:libbitml_nsp_v2_skel.so need to change to sp-hal, then system domain can
call vendor domain
Change-Id: Ia890bb74420d3c397ed7024d8ca83fe7b2cbdd56
When enable AP with wlan2, wifi@1.0-service needs to create wlan2
iface if it is not exists. An avc denied message arises that warns
wifi@1.0-service lacks sys_module capability, but finally wlan2
iface is still created.
Fix the avc denied message by adding sys_module capability for
hal_wifi_default.
CRs-Fixed: 3138698
Change-Id: I24fe42a77c135b9a11710c530904eec34e2b5daf
Move all the netmgrd policies from qva to common.
Provide rmnet module sysfs read access to shsusrd.
Add the parameters belonging to all rmnet extended modules to rmnet context.
CRs-Fixed: 3134255
Change-Id: Icfa7965d8f3f2793ec0680db58c94146707652dd
Adding a new label to /sys/block/dev/sd*
Allow vendor_qti_init_shell to have permissions to
update read_ahead_kb nodes of
- /sys/block/ram*
- /sys/block/loop*
- /sys/block/sd*
- /sys/block/zram0
Change-Id: I123fb7608b95c33ec15b6c5ad3f1e7dd471c6853
* Allow Spearhead to create and manage child processes. The child
processes of Spearhead will manage a subset of Spearhead
functionality
* Allow creation and management of FIFO file. The FIFO file is used
to control the operation of Spearhead (ON / OFF) via filesystem
Change-Id: Ie2c715b2a777b4754ccb5c5be1eebf858b80ef27
Add more sepolicy rules to access new trusted_touch_enable,
trusted_touch_type and trusted_touch_event nodes in TUI HAL.
Change-Id: I9592fb68dc3d38288b5b4ed6c5c118eefc1cf4fb
As the debugfs_mmc check is going to be done most of drivers
and will hit search denails .
So adding the permission to dir search .
Change-Id: I69751e34bcad90af9bfa4d98c89287258382fe7c
While setting ssr recovery persist property avc denial error
is thrown and that could be due to wpss is not added
to the allowed list.
Add wpss subsystem to the list to overcome this.
Change-Id: Ie77539ccc5d44056f54fe7c006017438ee903eec
