tequilaOS/platform_device_qcom_sepolicy_vndr-sm8450
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4427 commits 1 branch 0 tags 5.8 MiB
Commit graph

4427 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ajit Vaishya
8f3bf939fe sepolicy: parrot: Fix avc denials for wakeup nodes 
Label wakeup Wlan sysfs nodes listed by
SuspendSepolicyTests.sh

Change-Id: I3a62350079365902d2cf345d5c3ff4676c42a45b
CRs-Fixed: 3451976
 2023-05-29 07:39:16 -07:00
qctecmdr
c184af7d5b Merge "Allow wcnss service to access hal perf service" 2023-05-29 00:35:54 -07:00
Ajit Vaishya
8f55af7809 Allow wcnss service to access hal perf service 
Add sepolicy rule for vendor wcnss service to access
vendor hal perf service.

Change-Id: Ib6250b3ef7e77918bf348c344e628fd60ce274c3
CRs-Fixed: 3294921
 2023-05-08 07:06:17 -07:00
Vamsi Krishna Gattupalli
8afaf747e6 sepolicy: Fix avc denials for wakeup nodes 
Label wakeup sysfs nodes listed by SuspendSepolicyTests.sh

Change-Id: I4b543c1c628613990bad565330899a0147510924
Signed-off-by: Ansa Ahmed <ansaahme@qti.qualcomm.com>
 2023-05-03 04:40:44 -07:00
qctecmdr
5d822535a9 Merge "anorak: update sepolicy for KineticsXR controllers" 2023-04-25 23:44:36 -07:00
Zhen Wang
b2cf6bd4f9 Sepolicy_vndr: add qvr to access camera 
Allow qvrservice to access camera data(/data/vendor/camera).

Change-Id: Iaa961113e45c2504bf1669196feb495e032d97db
 2023-04-11 11:05:41 +08:00
Meng Wang
d3a6f45a28 anorak: update sepolicy for KineticsXR controllers 
Update sepolicy for KineticsXR controllers.

Change-Id: I72091dec47eacce451a8002b5dbbaa4a5c4ca015
 2023-04-06 09:23:16 +08:00
Vamana Murthi
b30000e27c Allow vendor_location_xtwifi_client to access ssgtzd socket 
Change-Id: I473ae330cfa265a324c136b068fe94e62d38c845
CRs-Fixed: 3362880
 2023-04-03 20:52:19 +05:30
qctecmdr
7767f4672d Merge "Add rules for qms daemon" 2023-03-23 03:28:42 -07:00
Tengfei Fan
37d04f59a7 sepolicy: add root path for remoteproc-wpss wakeup node 
Add root path for remoteproc-wpss wakeup node.

Change-Id: Ie6931140e7690d32c52e3e17bad7e3f11ac0c1a9
 2023-03-22 17:24:47 +08:00
Vamana Murthi
2a0ce8f444 sepolicy rules to allow Gnss Hal to access RIL Srv 
Change-Id: I58f8f71978ddca6e97811e7523a1966cc6f475f8
CRs-fixed: 3287913
 2023-03-20 14:51:17 +05:30
Pavan Kumar M
43fa987fe0 Add rules for qms daemon 
Change-Id: Ifb54c1cfcdf231964530a3fe6e2785808cd6904a
 2023-03-20 00:10:15 -07:00
vidyalak
f149500bed sm6150: support for vendor_boot and init_boot partition 
Included vendor_boot and init_boot partition for AB OTA
In msmsteppe sepolicy changes.

Change-Id: I6f10642819de572e6f26e9b084188579ba5336bf
 2023-03-17 10:56:18 +05:30
Tengfei Fan
b6acde700a sepolicy: Fix avc denials of remoteproc-wpss for wakeup nodes 
Label wakeup sysfs nodes listed by SuspendSepolicyTests.sh

Change-Id: I382fb204eafeedf331b89aebfe74e0684ba2e12d
 2023-03-13 14:34:40 +08:00
Vaishnavi AVS
31cb5eaa26 sepolicy_vndr: Add sepolicy rules for I2C wakeup nodes 
Add sepolicy rules for I2C wakeup nodes to fix avc denials
and errors from suspend sepolicy scripts.

Change-Id: Ia8e1972b5699dd5a56b4079840da8866c5ff6bf5
 2023-03-06 00:42:23 -08:00
Vaishnavi AVS
2199a340af sepolicy_vndr: Add sepolicy rules for UART wakeup nodes 
Add sepolicy rules for UART wakeup nodes to fix avc denials
and errors from suspend sepolicy scripts.

Change-Id: Ic0e4a09b29f6adf55e3b9b825dbca4b7472a1736
 2023-03-06 12:03:21 +05:30
Rakesh Kota
380fc2940e sepolicy_vndr: Add sepolicy rules for PON wakeup nodes on ravelin 
Add sepolicy rules for PON wakeup nodes to fix errors
from suspend sepolicy scripts.

Change-Id: If291843654fb78c62d64aa23b759db9f7d4f4b96
 2023-02-22 15:50:41 +05:30
Leela Sravani Atmakuri
9bbbddbefe sepolicy_vndr: Modify nativehaltestservice.te 
CRs-Fixed: 3412497
External Impact: No

Change-Id: I04d2309db37d8e14506d2d4ba743ac1279247240
 2023-02-21 02:31:05 -08:00
Udipto Goswami
aec146fc65 sepolicy_vndr: Add permission for USB HAL to access usb sysfs nodes 
Adding permissions for for usb hal to access the
vendor_sysfs_usb_node. This is required to hal to perform error
recovery in host mode.

Change-Id: Ie7fff2ba54fd50864ab6be90e97d002be7ca10cc
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
 2023-02-13 22:39:21 -08:00
Leela Sravani Atmakuri
11b5899b2b sepolicy_vndr: Add nativehaltestservice.te 
CRs-Fixed: 3400283

Change-Id: I5688524048cb430a311939763b66f8a344095120
 2023-02-08 02:24:25 -08:00
qctecmdr
483eed269a Merge "sepolicy_vndr: Add sepolicy rules to access RGB nodes on ravelin" 2023-02-02 05:16:53 -08:00
Arvind Kumar
4149ce8a88 parrot: Update sepolicy for OTA partitions to fix AVC denials. 
Update sepolicy for OTA partitions to fix AVC denials
seen during OTA update.

Change-Id: I56bad41bef6e35df5a76ddd8ee4aeaa08f01e3ce
 2023-01-31 10:52:04 +05:30
Rakesh Kota
86973c5b83 sepolicy_vndr: Add sepolicy rules to access RGB nodes on ravelin 
Add label for led device node on ravelin platform.

Change-Id: I797de14c5e4c089625008a16f7df462c13415b6b
 2023-01-20 12:59:36 +05:30
qctecmdr
fc030efab5 Merge "sepolicy_vndr: add sepolicy for spdaemon to use wake-lock" 2023-01-11 22:26:24 -08:00
sganda
67783127fa sepolicy_vndr: add sepolicy for spdaemon to use wake-lock 
allow spdaemon daemon to access wake-lock sysfs nodes

Change-Id: I2af3b37387d2de35a37848a8aab667bf968423ed
Signed-off-by: sganda <quic_sganda@quicinc.com>
 2023-01-11 15:51:28 +05:30
qctecmdr
bbcb88bf33 Merge "sepolicy_vndr: hal_trustedui: Add sepolicy rules to access touch nodes" 2023-01-11 01:55:00 -08:00
Akhil Budampati
840718ffec sepolicy_vndr: hal_trustedui: Add sepolicy rules to access touch nodes 
Add sepolicy rules to access new trusted_touch_enable,
trusted_touch_type and trusted_touch_event nodes in TUI HAL

Change-Id: I0f516196e953514cf99926181528eecccc99022c
 2023-01-11 09:51:56 +05:30
qctecmdr
145726016f Merge "sepolicy_vndr: Add QSPM related dontaudit rules for mediacodec" 2023-01-09 23:04:55 -08:00
sganda
11bfa34b4a sepolicy_vndr: add sepolicy for keymasterd for anorak 
Keymaster daemon is given permissions to access spcom related files
and devices

Change-Id: Ic753bf9b93594d8e51a48e709dd938e249dcc963
Signed-off-by: sganda <quic_sganda@quicinc.com>
 2023-01-03 20:38:57 +05:30
Sachu George
149bcb3606 sepolicy_vndr: Add QSPM related dontaudit rules for mediacodec 
Added QSPM related dontaudit selinux rules for mediacodec to address
below denials.

SELinux : avc:  denied  { find } for interface=vendor.qti.qspmhal::IQspmhal
sid=u:r:mediacodec:s0 pid=1041 scontext=u:r:mediacodec:s0 tcontext=
u:object_r:vendor_hal_qspmhal_hwservice:s0 tclass=hwservice_manager permissive=0

Change-Id: I802d30646be36c6afba3a4c652d2d3201b7e0dad
 2023-01-03 18:12:22 +05:30
qctecmdr
d65bf3f91c Merge "sepolicy_vndr: allow charger to read display properties" 2022-12-26 22:40:42 -08:00
qctecmdr
f53cb3d08f Merge "QGuard: add permission for black screen detector" 2022-12-23 00:24:42 -08:00
xiaohuin
5c24ca8f16 QGuard: add permission for black screen detector 
1. add logger permission
2. add black screen detector permissions

Change-Id: I7416325a7a74cf82f317bc3334e0f45bd60d79cd
CRs-Fixed: 3367465
 2022-12-23 15:47:48 +08:00
Devanshi Bansal
9f28b215d4 sepolicy_vndr: allow charger to read display properties 
Change-Id: I1d9c503bcfe2fad1d816afb665790151c9a361d1
 2022-12-20 20:56:19 -08:00
Kedi Xu
a8a8860cc6 sepolicy_vndr:Add qvrservice qipcrtr_socket permission 
qvrservice need create qmi connection to sensor, so add
this permission.

Change-Id: I915fbe4b1b75c4768e0e731f4b9e4e32ff401c72
 2022-12-18 23:31:52 -08:00
Sairam Bandikanti
8d7b080232 sepolicy: Allow qseecomd to register powerstate hal 
Add rules to qseecomd to access powerstate hal.
The changes also includes adding new property
vendor.keymaster.quickboot and add access permission
to qseecomd. Using this property keymaster service
can be restarted on Hibernate-Exit.

Test:
 Confirmed from Boot-Up logs for Hibernate Entry registered.

Change-Id: I45a122b09b20dbfbd8654a4c7cc159ce06929053
 2022-12-13 21:02:05 -08:00
qctecmdr
e9b1d96f5c Merge "sepolicy_vndr: Add selinux label for LED devices" 2022-12-06 23:46:45 -08:00
xuanpeng
4ddea154d9 sepolicy_vndr: Add selinux label for LED devices 
Add label for LED devices for led hal and vibrator hal to access it
properly.

Change-Id: I0515724c146dba1def0a7d585e4bdac1eaae7b5c
 2022-12-06 14:38:36 +08:00
qctecmdr
59cdbbeaaa Merge "sepolicy: Add sepolicy rules for PowerState HAL to access swap block" 2022-12-05 09:37:52 -08:00
Shyam Narwade
2dcac9c7e5 sepolicy: Add sepolicy rules for PowerState HAL to access swap block 
Added sepolicy rules for PowerState HAL to call swapon and swapoff api for hibernation

Change-Id: Iafdc9fce55550e32a43400b209247e4714c263a4
 2022-11-29 11:08:34 +05:30
qctecmdr
aebb6a98ba Merge "sepolicy: Add Sepolicy permission for charger and QG" 2022-11-22 23:04:30 -08:00
Manaf Meethalavalappu Pallikunhi
ba128925e9 sepolicy: Remove thermal-engine access to audio device node 
Remove thermal-engine access to audio device node as it doesn't
require any audio device resources access.

Change-Id: I65826695c48ef139fe6678b78bd6a98c7757bef4
 2022-11-21 23:58:02 -08:00
Arvind Kumar
9021da02e4 Add file contexts for new partition on Neo 
Add file contexts for multiimgqti partition
to enable A/B OTA update on this partitions.

Change-Id: I6895cc3589bef81e3b46b35c087d9333bf86fbb9
 2022-11-16 11:14:39 +05:30
qctecmdr
fec427e02d Merge "sepolicy_vndr: Add qvrservice access ADSP permision" 2022-11-15 01:17:09 -08:00
Umang Chheda
52d148c773 sepolicy: Add Sepolicy permission for charger and QG 
Add Sepolicy nodes for charger and QG.

Change-Id: If1773395bc53457a91567d5aa9ddad41faa36834
 2022-11-11 03:06:24 -08:00
qctecmdr
eff577b51d Merge "sepoliy_vndr: Handle fsck avc denials on bootup with SSD connected" 2022-11-07 23:41:18 -08:00
Udipto Goswami
c098533269 sepoliy_vndr: Handle fsck avc denials on bootup with SSD connected 
Suppose an external SSD or pendrive with a corrupted file system
is connected to the DUT on bootup, in this case file systems
checker will run for checking these corruptions, however since
the usb nodes are created dynamically on runtime the fsck_untrusted
will not have permissions for this.
Also, the fsck is necessary for the internal storage and directories,
mounts created any external SSD can be ignored,
therefore adding dontaudit rules.

Following are the avc denials:

type=1400 audit(1661408631.839:117): avc: denied { search }
for comm="fsck.exfat" name="usb2" dev="sysfs" ino=146315
scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vendor_sysfs_usb_node:s0 tclass=dir permissive=1

type=1400 audit(1661408631.839:118): avc: denied { read }
for comm="fsck.exfat" name="start" dev="sysfs" ino=146885
scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vendor_sysfs_usb_node:s0 tclass=file permissive=1

type=1400 audit(1661408631.839:119): avc: denied { open }
for comm="fsck.exfat" path="/sys/devices/platform/soc/a600000.ssusb/
a600000.dwc3/xhci-hcd.2.auto/usb2/2-1/2-1:1.0/host1/target1:0:0/
1:0:0:0/block/sdi/sdi1/start" dev="sysfs" ino=146885
scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vendor_sysfs_usb_node:s0 tclass=file permissive=1

type=1400 audit(1661408631.839:120): avc: denied { getattr } for
comm="fsck.exfat" path="/sys/devices/platform/soc/a600000.ssusb/
a600000.dwc3/xhci-hcd.2.auto/usb2/2-1/2-1:1.0/host1/target1:0:0/
1:0:0:0/block/sdi/sdi1/start" dev="sysfs" ino=146885
scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vendor_sysfs_usb_node:s0 tclass=file permissive=1

Change-Id: If67b70c7fffc197bbd107f13fa3bb21b87d73a24
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
 2022-11-07 14:35:37 +05:30
Kedi Xu
c083994bd2 sepolicy_vndr: Add qvrservice access ADSP permision 
Change-Id: I15a6f400c94f7c7bbc6e3d379158a173bae950a1
 2022-11-03 18:25:37 -07:00
Sonal Aggarwal
b598a80b5f sepolicy_vndr: Add label for rpmb device node of emmc type for neo 
As neo_LA is emmc type device, the node /dev/mmcblk0rpmb is required
to be labelled in file contexts for neo.

Change-Id: I162a99e0b6863be208f000531ab576b2a21601da
 2022-11-03 14:51:20 +05:30
qctecmdr
12bb0cd43c Merge "sepolicy_vndr: Add fan service for Anorak" 2022-10-31 05:44:43 -07:00