Adding permissions for for usb hal to access the
vendor_sysfs_usb_node. This is required to hal to perform error
recovery in host mode.
Change-Id: Ie7fff2ba54fd50864ab6be90e97d002be7ca10cc
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
Remove thermal-engine access to audio device node as it doesn't
require any audio device resources access.
Change-Id: I65826695c48ef139fe6678b78bd6a98c7757bef4
- Add IQtiRadioConfig to vendor_hal_telephony_service
domain in vendor partition which is needed for RIL
to connect to the service.
Change-Id: I00dfc42d78db1fb54e9186def0394ce1e7afa8b4
CRs-Fixed: 3162170
Spearhead framework is used for collecting data path stats
for debugging. ipa_lnx_agent is the agent that will collect stats
related to dataipa driver. For this framework to function
we need to define new SELinux policies to provide the
required access privileges.
Change-Id: I47665d6bbea653572631b4260913ad458a216169
Currently, lowirpcd uses CDSP access SE policy
which is not by required for lowirpcd
Change-Id: Ic161109c07bf1b87839494ed4c4d5d31449d3ab6
CRs-Fixed: 3017691
Revert "Remove custom signing cert and rules"
This reverts commit f2ea07094a.
Revert "sepolicy_vndr: Add sepolicy for ssg system service"
This reverts commit bcb76b2ebc.
Change-Id: I91ad0e09954becddc164c1a969b32dddd8ac8d09
Add dir search permissions in vendor_modprobe for new
debugfs labels debugfs_bootreceiver_tracing and debugfs_wifi_tracing.
Change-Id: I9f95cb0d623a5ebc80eb69cd135099f7b3b31085
Shell permissions set in genfs_contexts for SELinux context applicable
for /sys/class/kgsl/kgsl-3d0/perfcounter is overridden if not set in
file_contexts.
Change-Id: I3eb818226abf497e1106af68ece9356bee0a3702
[1] sku version file contexts are loaded by early-
init phase and sku version node is created after
file contexts are loaded. The transistion time
from early init to post-fs is around ~2.5 seconds.
avc denied messages are observed when sku_version
is accessed as vendor file contexts are slow in
reporting.
[2] Hence, move file contexts to genfs as genfs
helps to track and label the node even if the
node is created afterwards.
Change-Id: Idcdebf0dbc5a4e9e97bddc9a5f4e3151f6a97d8b
When enable AP with wlan2, wifi@1.0-service needs to create wlan2
iface if it is not exists. An avc denied message arises that warns
wifi@1.0-service lacks sys_module capability, but finally wlan2
iface is still created.
Fix the avc denied message by adding sys_module capability for
hal_wifi_default.
CRs-Fixed: 3138698
Change-Id: I24fe42a77c135b9a11710c530904eec34e2b5daf
Move all the netmgrd policies from qva to common.
Provide rmnet module sysfs read access to shsusrd.
Add the parameters belonging to all rmnet extended modules to rmnet context.
CRs-Fixed: 3134255
Change-Id: Icfa7965d8f3f2793ec0680db58c94146707652dd
Adding a new label to /sys/block/dev/sd*
Allow vendor_qti_init_shell to have permissions to
update read_ahead_kb nodes of
- /sys/block/ram*
- /sys/block/loop*
- /sys/block/sd*
- /sys/block/zram0
Change-Id: I123fb7608b95c33ec15b6c5ad3f1e7dd471c6853
As the debugfs_mmc check is going to be done most of drivers
and will hit search denails .
So adding the permission to dir search .
Change-Id: I69751e34bcad90af9bfa4d98c89287258382fe7c
vold deamon tries to query the QMCS partition during bootup.
While this access is correctly denied, it results in errors.
For debug and ENG builds, suppress denial messages when the vold
context attempts to access the QMCS context.
Change-Id: Ibe9a153e5863ad13475bd777b221bbc8bbfb5893
- Add IQtiRadio and IImsRadio in
vendor_hal_telephony_service domain in vendor
partition which is needed when GSI build is loaded.
Change-Id: I3a6d8a1486558db1622c2c447256024eed8773ae
CRs-Fixed: 3073450
