tequilaOS/platform_device_qcom_sepolicy_vndr-sm8450
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4427 commits 1 branch 0 tags 5.8 MiB
Commit graph

4427 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sridhar Kasukurthi
c2fd5acf47 sepolicy_vndr: Add policy for atfwd client 
Add policy for atfwd daemon client

Change-Id: I0251b892ffdfbd02ba16b3dc08998581b1c45015
CRs-Fixed: 3164800
 2022-03-31 21:49:28 -07:00
Jishnu Prakash
183bcd90c7 sepolicy_vndr: Correct paths for RGB nodes for parrot 
Correct paths used in sepolicy rules for RGB LED nodes on PM6150L
for parrot.

Change-Id: Ibd3965ffc854a34e099c195cb4b687a2b262c9c5
 2022-03-30 01:59:24 -07:00
Akshay Ashtunkar
5d954060a4 sepolicy: add sepolicy to stop display demura service 
Demura service is not required when feature is not supported
or not enabled. Stop demura service when demura not enabled.

Change-Id: I13b94daf10097a119e85a075fb511609df64d2ed
CRs-Fixed: 3160357
 2022-03-28 14:57:35 +05:30
Fenglin Wu
f47f650959 sepolicy: add selinux label for LED devices 
Add LED devices path in genfs_contexts for it to get correct selinux
label.

Change-Id: Ieda247900e453e7ee692e47a4b2aa56eaa999fdd
 2022-03-28 16:43:26 +08:00
qctecmdr
46fef10a30 Merge "sp-hal: add new policy for libbitml_nsp_v2_skel.so" 2022-03-25 18:52:55 -07:00
jiaoyuan
3f754bc42e sp-hal: add new policy for libbitml_nsp_v2_skel.so 
issue:snapcam app call libbitml_nsp_v2_skel.so has permission denied
fix:libbitml_nsp_v2_skel.so need to change to sp-hal, then system domain can
call vendor domain

Change-Id: Ia890bb74420d3c397ed7024d8ca83fe7b2cbdd56
 2022-03-25 15:48:51 -07:00
qctecmdr
238e7f92d1 Merge "Add rule to allow access qvr to use tcp/udp socket" 2022-03-25 15:17:26 -07:00
Gnaneshwar Gatla
a9577edc5a Add net_admin permission for netlink msgs in mutualex 
Change-Id: I1efe958323cf0091de83ffc6642e2e9287f9c8e3
 2022-03-24 15:10:13 -07:00
qctecmdr
6b040fd37d Merge "dontaudit for default_prop policy" 2022-03-22 05:16:29 -07:00
jiaoyuan
d4b107e46b dontaudit for default_prop policy 
Change-Id: I18d0ce1fb720220cfed590167c217fa483e49917
 2022-03-22 14:50:55 +08:00
qctecmdr
431c8fc913 Merge "sepolicy_vndr : setting the secontext for spcom wakup nodes" 2022-03-21 22:56:41 -07:00
shrkum
4da82c2a38 sepolicy: Adding mmc1 type device. 
Change-Id: Ia188c6cf4314acb80de790d597354d4348083f90
 2022-03-21 15:58:48 +05:30
sasikumar maddineni
7f652a720a sepolicy_vndr : setting the secontext for spcom wakup nodes 
Change-Id: I92c47c145f587c6de7f36ca232da14e074f2a54e
 2022-03-17 00:00:04 -07:00
jiaoyuan
2fe1537c20 Snapcam: add new policy for snapcam 
Change-Id: Iceed05e542813503a262e3c79dc12b5c9ba4f062
 2022-03-10 15:18:43 +08:00
Samyak Jain
f56136939e Add rule to allow access qvr to use tcp/udp socket 
Change-Id: Ib3ac662addc1f651aa210403d154be3ed1dc5b79
(cherry picked from commit b54fcb5bd0a21d20223dd4eda792b93c0826c15b)
 2022-03-09 18:04:02 +05:30
qctecmdr
c01b7afc4b Merge "sepolicy: add sys_module capability for hal_wifi_default" 2022-03-07 21:47:49 -08:00
Hu Wang
75d1426dfe sepolicy: add sys_module capability for hal_wifi_default 
When enable AP with wlan2, wifi@1.0-service needs to create wlan2
iface if it is not exists. An avc denied message arises that warns
wifi@1.0-service lacks sys_module capability, but finally wlan2
iface is still created.

Fix the avc denied message by adding sys_module capability for
hal_wifi_default.

CRs-Fixed: 3138698
Change-Id: I24fe42a77c135b9a11710c530904eec34e2b5daf
 2022-03-04 15:04:53 +08:00
Rohit Soneta
24ced1be5a sepolicy: Add rule for TUI HAL to access allocator HAL 
Change-Id: I5b8e24bb63f3b0d458772991928111b8abf289ad
 2022-03-03 22:52:42 -08:00
Jishnu Prakash
e35c14c91f sepolicy_vndr: Add sepolicy rules to access RGB nodes 
Add sepolicy rules for RGB LED nodes on PM6150L to ensure correct
permissions for sysfs_leds.

Change-Id: I8d28a4466380c9b55defc0cabbdb9d26d9838e1d
 2022-03-03 03:22:14 -08:00
qctecmdr
9df2d4be70 Merge "sepolicy: Update rule for dplh nodes" 2022-03-01 04:34:00 -08:00
qctecmdr
920922a571 Merge "Enable sepolicies for Neo Change-Id: I7fd754fb9b3554ef2fbc4fc0b6d7a6aaf45dc637" 2022-02-28 23:51:58 -08:00
Varun Garg
184ddbacd3 sepolicy: Update rule for dplh nodes 
Updated rules for gplaf & dplh nodes.

Change-Id: Id4450368fb5dee844b308778fe65a485b2a1d72e
 2022-02-25 01:56:51 -08:00
sasikumar maddineni
69c2a84997 Enable sepolicies for Neo 
Change-Id: I7fd754fb9b3554ef2fbc4fc0b6d7a6aaf45dc637
 2022-02-22 12:41:12 +05:30
Arvind Kumar
35e9d83d49 Add rule to fix avc denial for qtidiagservices 
Fix below denial for qtidiagservice
avc: denied { search } for comm="ti.diagservices" name="data"
dev="sda12" ino=380 scontext=u:r:qtidiagservices_app:s0
tcontext=u:object_r:system_data_file:s0:c512,c768 tclass=dir
permissive=0

Change-Id: I25576aa296744a4e2173e132b7e381f3a9623230
 2022-02-21 20:10:08 -08:00
qctecmdr
853ea50bd8 Merge "sepolicy: Update rule for gplaf nodes" 2022-02-21 02:08:21 -08:00
Naman Jain
5ac9aa6834 sepolicy_vndr: Add sepolicy for ctl.vendor.console 
Add property for ctl.vendor.console to fix avc denial issues, and
add permission for setprop.

Change-Id: I4e71c72f605ec8908eec2493d3c0ba1187aae1a4
 2022-02-20 20:36:53 -08:00
Subash Abhinov Kasiviswanathan
87290b49ce rmnet: Update module related policies 
Move all the netmgrd policies from qva to common.
Provide rmnet module sysfs read access to shsusrd.
Add the parameters belonging to all rmnet extended modules to rmnet context.

CRs-Fixed: 3134255
Change-Id: Icfa7965d8f3f2793ec0680db58c94146707652dd
 2022-02-18 15:11:55 -07:00
qctecmdr
ff2742e901 Merge "sepolicy change for 3dfa waipio" 2022-02-16 23:43:23 -08:00
qctecmdr
4efa21ca30 Merge "sepolicy_vndr: Add shell permission to /sys/class/kgsl/kgsl-3d0/perfcounter" 2022-02-16 17:10:46 -08:00
Varun Garg
1accd67172 sepolicy: Update rule for gplaf nodes 
Updated rules for gplaf nodes.

Change-Id: I0b833133b7cfd2f5d31a721d56600db5a1b7ca70
 2022-02-16 06:03:36 -08:00
Karthik Nagarajan
4ea0d9aeff sepolicy change for 3dfa waipio 
remove cdsp access permision for 3dfa service.

Change-Id: I5c812cb7a303bf9e0a1c2a57c69eb8133d34942a
Signed-off-by: Karthik Nagarajan <quic_karnagar@quicinc.com>
 2022-02-15 21:11:21 -08:00
Mohammed Mirza Mandayappurath Manzoor
985bbf7e34 sepolicy_vndr: Add shell permission to /sys/class/kgsl/kgsl-3d0/perfcounter 
Allow shell users to have permission to update sysfs node
/sys/class/kgsl/kgsl-3d0/perfcounter

Change-Id: I648b7f4b25e4c8c1644be5046677f41e7b5d2f8c
 2022-02-11 16:46:25 -08:00
Subash Abhinov Kasiviswanathan
104ec4065b sepolicy_vndr: fix copyright markings 
Change-Id: I95093537c84f89e9a79acc6286d93cc18e9a0772
 2022-02-10 15:07:52 -07:00
qctecmdr
a503824f01 Merge "sepolicy: add labels to /sys/block/dev/sd*" 2022-02-09 04:25:42 -08:00
Divyanand Rangu
40f5a66461 sepolicy: add labels to /sys/block/dev/sd* 
Adding a new label to /sys/block/dev/sd*
Allow vendor_qti_init_shell to have permissions to
update read_ahead_kb nodes of
 - /sys/block/ram*
 - /sys/block/loop*
 - /sys/block/sd*
 - /sys/block/zram0

Change-Id: I123fb7608b95c33ec15b6c5ad3f1e7dd471c6853
 2022-02-08 16:13:33 +05:30
Sasi Kumar Maddineni
dd926ac309 parrot: Enable sepolicies needed for Parrot 
Change-Id: I3fe6f3990b4314ee174abed475cf739737ee14f4
 2022-02-07 22:21:16 -08:00
Kaustubh Pandey
7630c386df sepolicy_vndr : Copyright Fix. 
Change-Id: I3c6a35ab6773e13960f74b7853407a62a6aac992
Signed-off-by: Kaustubh Pandey <quic_kapandey@quicinc.com>
Acked-by: Deepanshu Singh <deepansh@qti.qualcomm.com>
 2022-02-04 20:18:07 +05:30
qctecmdr
f3d2bb54c5 Merge "sepolicy: Add rule for cpu_hotplug node" 2022-02-02 02:44:44 -08:00
Abhinav Kannan
cd12194456 sepolicy_vndr: update policies for Spearhead 
* Allow Spearhead to create and manage child processes. The child
  processes of Spearhead will manage a subset of Spearhead
  functionality
* Allow creation and management of FIFO file. The FIFO file is used
  to control the operation of Spearhead (ON / OFF) via filesystem

Change-Id: Ie2c715b2a777b4754ccb5c5be1eebf858b80ef27
 2022-02-01 22:07:19 -08:00
Rajat Asthana
57460c5f08 sepolicy: Add rule for cpu_hotplug node 
Change-Id: I281bfb257e3136d581d4859b5a9bb4cfe4fe4c3b
 2022-02-01 18:45:36 +05:30
Mukesh Ojha
ed154ce683 Add ufs rawdump device to avoid AVC denial 
Change-Id: I053530b736531d6ace08063ce23f15ce0d0ecdcc
 2022-01-31 23:32:17 -08:00
Jun-Hyung Kwon
c7bbef3acc sepolicy_vndr: add debug property for sensors 
add debug property for sensors and restrict the use of it
only with userdebug/eng build

Change-Id: I72ec219cead1b122467f6bcde69f05294503f3cb
 2022-01-31 00:32:12 -08:00
Jaihind Yadav
584e36bb1e making qvr, sxr, rild,graphics hal binderservice. 
CTS test is failing due to binder call permission issue for dumpstate.

Change-Id: I34cf54c03ed30a63644194d20b31eb4b77a2dc53
 2022-01-28 05:56:54 -08:00
Fei Mao
cf62862160 sepolicy_vndr: hal_trustedui: Add more sepolicy rules for touch 
Add more sepolicy rules to access new trusted_touch_enable,
trusted_touch_type and trusted_touch_event nodes in TUI HAL.

Change-Id: I9592fb68dc3d38288b5b4ed6c5c118eefc1cf4fb
 2022-01-24 17:59:23 -08:00
Ravi Kumar Siddojigari
989db96adb sepolicy_vndr: add kernel domain dir serach on debugfs_mmc 
As the debugfs_mmc check is going to be done most of drivers
and will hit search denails .
So adding the permission to dir search .

Change-Id: I69751e34bcad90af9bfa4d98c89287258382fe7c
 2022-01-20 21:13:02 -08:00
qctecmdr
70594046d3 Merge "sepolicy : fix port-bridge denial" 2022-01-20 03:16:29 -08:00
qctecmdr
51208e6f53 Merge "sepolicy: allow qvrd to access sensors" 2022-01-19 03:42:38 -08:00
Kaustubh Pandey
c7bbcb21a0 sepolicy : fix port-bridge denial 
add entry for sysfs node.
avc: denied { read } for comm="port-bridge" name="name" dev="sysfs" ino=99035
scontext=u:r:vendor_port-bridge:s0 tcontext=u:object_r:sysfs:s0 tclass=file
permissive=0

Change-Id: Ibd7593554a89932211c8438a56097209d25550ef
Signed-off-by: Kaustubh Pandey <quic_kapandey@quicinc.com>
Acked-by: Deepanshu Singh <deepansh@qti.qualcomm.com>
 2022-01-17 23:09:04 +05:30
Jaihind Yadav
ea9aa9a0b9 sepoliy_vndr :labeling socid and granting the permission to the domains. 
Soc_id and family are set to be global read .

Change-Id: I3f031918cec9aaec3cc626ec79d55cd64f190f69
 2022-01-16 06:08:23 -08:00
Zhen Wang
eee51b1efc sepolicy: allow qvrd to access sensors 
1. Allow qvrservice to access native sensor services
in system server via bind call.

2. Suppressing the dsp error messages.

Change-Id: I6492c379a8b63dcf0d5faec2426094b616924b67
 2022-01-13 17:45:49 -08:00