qctecmdr
87981a774d
Merge "sepolicy_vndr: allow rproc autopil bg scripts to access slpi"
2021-09-01 14:44:30 -07:00
Jun-Hyung Kwon
bfa84717ab
sepolicy_vndr: allow rproc autopil bg scripts to access slpi
...
allow remoteproc autopil bg scripts to access slpi sysfs nodes
Change-Id: Ib2862a2a31e196d98124de66fbb3aa5e3e13f585
2021-09-01 13:20:10 -07:00
Roopesh Nataraja
d826b86b82
taro: Label sdf block as boot_block_device
...
This is a workaround to fix an update_engine crash
due to switching of LUNS between sde and sdf.
Change-Id: I8f3b87f8446928ed78b71182e930f06b6b1ea203
2021-09-01 09:02:21 -07:00
qctecmdr
df1748ad10
Merge "sepolicy_vndr: taro: Add esoc sysfs nodes"
2021-08-30 16:14:42 -07:00
qctecmdr
af9ac51900
Merge "sepolicy_vndr: Add sepolicy for ssg system service"
2021-08-24 09:11:59 -07:00
qctecmdr
811ce2217f
Merge "Add sepolicy for perf qesdk client"
2021-08-23 12:35:31 -07:00
qctecmdr
1da2ca4cc2
Merge "sepolicy_vndr: dontaudit system_server search of proc shs dir"
2021-08-20 02:30:54 -07:00
qctecmdr
a88bf5bebc
Merge "sepolicy_vndr: Fix sepolicy denials for write to proc/sys/kernel"
2021-08-19 17:49:15 -07:00
qctecmdr
85f9d5bb06
Merge "sepolicy_vndr: change vendor_qcc_trd to vendor_qcc_trd_2"
2021-08-19 13:35:57 -07:00
Rishabh Bhatnagar
babbf9878b
sepolicy_vndr: Fix sepolicy denials for write to proc/sys/kernel
...
Add read/write permissions for init scripts to write to uclamp
default node /proc/sys/kernel/sched_util_uclamp_min_rt_default.
avc: denied { write } for comm="sh" name="sched_util_clamp_min_rt_default"
dev="proc" ino=187895 scontext=u:r:vendor_qti_init_shell:s0
tcontext=u:object_r:proc_sched:s0 tclass=file permissive=0
Change-Id: I2c59d74f0ea735a8658cb6414e713e8161a927c9
2021-08-19 11:59:10 -07:00
Bhargav Upperla
6dc9989950
Add sepolicy for perf qesdk client
...
Provide access to qesdk & perf-hal
Change-Id: I444093d77beab4db582ac408b1a25439b0633562
2021-08-18 20:53:46 -07:00
Gerald Dasal
bcb76b2ebc
sepolicy_vndr: Add sepolicy for ssg system service
...
mlid and ssgtzd need to be able to talk to service
apps as well as other vendor services.
Change-Id: Iaee709672f4dd83c428a047be17bb0c087a50215
2021-08-18 16:43:43 -07:00
Subash Abhinov Kasiviswanathan
6cd53c182a
sepolicy_vndr: dontaudit system_server search of proc shs dir
...
Dontaudit system_server search of the vendor proc shs directory.
Change-Id: Idd075963fa6e5babcff38720d1b3a72e08da5fcd
2021-08-18 15:56:38 -07:00
Phani Deepak Parasuramuni
cdd1fc2dac
sepolicy_vndr: change vendor_qcc_trd to vendor_qcc_trd_2
...
vendor_qcc_trd type is only defined in LA.QSSI.12.0 se policies
and used in LA.VENDOR.1.0 se policies. But this creates a problem when
LA.VENDOR.1.0 is run with pure AOSP image. In pure AOSP image type definition
of vendor_qcc_trd will not be present and hence qcc-trd daemon is failing
is failing to start with following error:
type=1401 audit(1624551973.831:245): op=security_compute_sid
invalid_context="u:r:vendor_qcc_trd:s0" scontext=u:r:init:s0
tcontext=u:object_r:vendor_qcc_trd_exec:s0 tclass=process
Solution: Defining a new type 'vendor_qcc_trd_2' in vendor side
and adding the attribute 'vendor_qcc_trd' defined in QSSI SE policies.
Change-Id: I5c767a0d330cece2965acf101006e6998cbbef91
2021-08-18 15:28:22 -07:00
qctecmdr
951dbdb76a
Merge "common: Add sepolicy for watchdog wakeup_enable"
2021-08-18 15:25:11 -07:00
Elliot Berman
b1aed60249
common: Add sepolicy for watchdog wakeup_enable
...
Add sepolicy permission for init to disable wakeup aware watchdog.
Change-Id: Ib78f2b4878a6645b3d42f3d96261375026032ce4
2021-08-17 10:28:38 -07:00
qctecmdr
e0904a477d
Merge "sepolicy_vndr: Update lowirpcd to use the system heap"
2021-08-16 03:17:25 -07:00
Sauvik Saha
f4ba9d955c
sepolicy_vndr: Fixing avc denials for loopback app
...
* denied { read } for name="u:object_r:vendor_ims_prop:s0"
* dev="tmpfs" ino=332 scontext=u:r:platform_app:s0:c512,c768
* tcontext=u:object_r:vendor_ims_prop:s0 tclass=file
* permissive=0 app=com.qti.vtloopback
Change-Id: I8b2658ff7fe8d18812aa45c9daa3a2906f7e942f
2021-08-13 18:47:51 -07:00
qctecmdr
cd7bdafc94
Merge "sepolicy_vndr: Add sepolicy for disable RC thread prop"
2021-08-13 00:23:55 -07:00
qctecmdr
78274a3646
Merge "sepolicy_vndr: remove unused cne te_macros"
2021-08-12 20:03:32 -07:00
qctecmdr
154cd72a23
Merge "sepolicy_vndr: add read access to vendor_slpi_sysfs nodes"
2021-08-12 17:37:17 -07:00
Jun-Hyung Kwon
8229c3388b
sepolicy_vndr: add read access to vendor_slpi_sysfs nodes
...
add a rule to allow sensors_hal to read vendor_slpi_sysfs nodes
Change-Id: I2aa0ebd198a0fdbfac45b6dd37e727802f612903
2021-08-12 11:56:22 -07:00
Griffin Stamp
bad2ceb0be
sepolicy-vndr: TUI access permisisons for CP_APP
...
Change-Id: Id7225d4e84a24aea1aeb03c4826ded09ae911fb0
2021-08-10 14:10:18 -07:00
Manoj Basapathi
8e94b50aa9
sepolicy_vndr: remove unused cne te_macros
...
Change-Id: I8aa6cc888a78db013acd730d78bd9494c7aea2eb
2021-08-10 12:10:37 +05:30
Jeya R
c241bc86ed
sepolicy_vndr: Update lowirpcd to use the system heap
...
Update the lowirpcd service to use the built-in system heap.
Change-Id: I0695560dbf6de0c1f8db561b89ddae19c66f95f4
2021-08-10 10:28:40 +05:30
Jasleen Kalsi
fdc215c379
sepolicy_vndr: add sepolicy for microdump
...
Fix below avc denial due to access call
avc: denied { read write } for name=""data""dev="
"sysfs"" ino=150387 scontext=u:r:vendor_qcc_trd:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
Add sepolicy for the microdump collector parameters
Change-Id: Icdf7129d539666fae9cd23e9bdaf1dd6469d4e4e
2021-08-09 05:02:32 -07:00
Arun Kumar K R
e1606f6420
sepolicy_vndr: Add sepolicy for disable RC thread prop
...
Add vendor.display.disable_rounded_corner_thread to
vendor_display_prop
Change-Id: I621e2ef36c505eda20fd01baa7e0ab208d2c5704
2021-08-09 15:30:09 +05:30
Matthew Leung
4945f3d439
sepolicy_vndr: taro: Add esoc sysfs nodes
...
Add esoc sysfs paths on taro.
Change-Id: Id358ac6fb85564b314ae6cfb6785e9d352b9c642
2021-08-09 01:27:28 -07:00
Ritesh Kumar
6300772a22
sepolicy_vndr: Remove sepolicy access rules for hbtp
...
sepolicy access rules for hbtp is needed on old targets
which support improve touch.
Change-Id: Iaf792b71dc058b5c0708bf258ed715d8483dc0c3
2021-08-09 00:08:49 -07:00
qctecmdr
9a33bc0b00
Merge "sepolicy_vndr: Added policy for retire_frame_event"
2021-08-08 18:15:30 -07:00
qctecmdr
009463114d
Merge "selinux: common: Add support to write wake_lock node"
2021-08-06 06:03:20 -07:00
qctecmdr
187c103330
Merge "common: Add sepolicy for remoteproc autopil bg scripts"
2021-08-06 03:49:23 -07:00
qctecmdr
a284d22b72
Merge "sepolicy: Add rules to define and use soc model property"
2021-08-05 20:12:42 -07:00
Benergy Meenan Ravuri
c699a7e543
sepolicy: Add rules to define and use soc model property
...
Add rules to define and use soc model property.
Change-Id: I412f520f921c3479520b0981e6b06f85ebd5325f
2021-08-05 03:33:02 -07:00
Stephen Thomas-Dorin
e8f3c0b872
Add properties for rcs service
...
Change-Id: I76d8225392b3601998935c4db4a2e20ad90653ea
(cherry picked from commit 1e1ff3c026575a9c149eb36a24b7ab88a10b4b11)
2021-08-03 23:12:52 -07:00
Tushar Nimkar
86249b4a3f
selinux: common: Add support to write wake_lock node
...
This change gives write access to /sys/power/wake_lock node.
Change-Id: Ib4772a4419c197d16b4c826c23b944a9f0a7ec69
2021-07-30 09:59:24 +05:30
Aman Mehta
6062b05c1b
sepolicy_vndr: Added policy for retire_frame_event
...
Added policy for retire_frame_event
Change-Id: I958858a5e185b9dad4e362783c494cc6454e4f56
2021-07-29 10:40:13 +05:30
Siddharth Gupta
604f69040e
common: Add sepolicy for remoteproc autopil bg scripts
...
This change adds the relevant sepolicy permissions for background
processes to run and do remoteproc auto pil.
Change-Id: If74b87371408d7dd7615ff79d12acb575044d49a
2021-07-27 17:12:08 -07:00
Roopesh Nataraja
6a721567e0
sepolicy_vndr: Fix avc denials from vendor_libsochelpertest_app
...
Fix below avc denials.
libsochelpertest: type=1400 audit(0.0:2253): avc: denied { read }
for name=""u:object_r:default_prop:s0"" dev=""tmpfs"" ino=145
scontext=u:r:vendor_libsochelpertest_app:s0:c134,c256,c512,c768
tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
app=com.qualcomm.qti.libsochelpertest
RenderThread: type=1400 audit(0.0:2255): avc: denied { read }
for name=""gpu_model"" dev=""sysfs"" ino=111904
scontext=u:r:vendor_libsochelpertest_app:s0:c134,c256,c512,c768
tcontext=u:object_r:vendor_sysfs_kgsl:s0 tclass=file permissive=0
app=com.qualcomm.qti.libsochelpertest
Change-Id: I08235eae68edede129c0d9cf75f70d268404e009
2021-07-26 17:20:56 -07:00
qctecmdr
8623ca7aa1
Merge "sepolicy: Add sepolicy to access memory devices"
2021-07-26 16:11:48 -07:00
qctecmdr
a292825b26
Merge "sepolicy_vndr: remove dmabuf display heap policy for display composer"
2021-07-26 10:39:08 -07:00
qctecmdr
0ddb42744b
Merge "sepolicy: Add SE policy to allow audio HAL"
2021-07-23 09:23:47 -07:00
Bavyasritha Alahari
047b2f6abd
sepolicy: Add SE policy to allow audio HAL
...
Add sepolicy to have access to /dev/msm_adsp_sleepmon.
Policy added in hal_audio_default.
Change-Id: I764ca2f0b6bff0536382803fd250e9e7efa61f65
2021-07-23 10:10:29 +05:30
Lakshmi Narayana Kalavala
7fede0ce44
sepolicy: Add sepolicy to access memory devices
...
Add read/write access permission for memory devices to
hal_graphics_composer module
Change-Id: I894868f8f19b798edb9c80d94f73148b2c151a74
2021-07-22 18:03:18 -07:00
qctecmdr
ff12786181
Merge "Sepolicy : Enable socket connect for Widevine"
2021-07-20 15:14:25 -07:00
Chris Goldsworthy
e38e736b8d
sepolicy_vndr: remove dmabuf display heap policy for display composer
...
This change was initially authored in commit c52a221f06
2021-07-19 21:48:56 -07:00
Chris Goldsworthy
75dd19861f
Revert "sepolicy_vndr: remove dmabuf display heap policy for display composer"
...
This reverts commit c52a221f06
2021-07-19 21:41:49 -07:00
qctecmdr
715b695d8a
Merge "sepolicy: Add labels and policies for qcom,cp_app mem-buf Virtual Machine"
2021-07-19 17:28:07 -07:00
qctecmdr
319a8c9b18
Merge "sepolicy_vndr: remove dmabuf display heap policy for display composer"
2021-07-18 21:39:08 -07:00
Phalguni Bumhyavarapu
71cea90939
Sepolicy : Enable socket connect for Widevine
...
socket created in /dev/socket is notify-topology
Change-Id: I0a055a0caecb840a71f06f4a82846184ffb3ac6e
2021-07-16 16:40:32 -07:00
