summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-01-12sepolicy_vndr: qva: Label QTI Supplicant AIDL HALtachibanaAbhay Singh Gill
Change-Id: I6f81ed23a6edf702effb01c393a845770fff1f11
2022-01-20sepolicy: Allow access for hal_graphics_composer_defaultHEADsugisawaVinoth Jayaram
Allow bootanim prop access for hal_graphics_composer_default. Change-Id: Ic6d5c2b12a2cc03dfc9b2348b76a7ce9e7dfc2b9
2022-01-20sepolicy_vndr: qva: Don't protect vendor_hal_qesdhal_hwserviceMarco Marinho
QSSI sepolicy grants permissions for untrusted_app to be a client of the qesd HAL. It is not allowed for all_untrusted_apps to find protected hwservice, hence don't protect the hwservice. Change-Id: I7fdfb16c0aa22da9793ac25856ffd45e197456fa
2022-01-20qva: Remove mediatranscoding sepolicyArian
Change-Id: Ie9818d52e997de166f8f9229369d2e29f78d8e95
2022-01-20sepolicy_vndr: qva: Update sxrhalservice label from new qssi sepolicyArian
Change-Id: I6a2841822144af3bd0a16866f94556c16426575b
2022-01-20sepolicy_vndr: test: Replace qti-testscripts usage with vendor-qti-testscriptsArian
Change-Id: I3240841a18c887b85b20027abb5cfaef00bdaf46
2022-01-20sepolicy_vndr: Add drm clearkey policiesEruvaram Kumar Raja Reddy
Add selinux rules for drm clearkey services. Refine and extend drm widevine service rules for future updates. Change-Id: I4cada93265a8e469352a6ecba3c7b676b665c2d3
2022-01-20sepolicy_vndr: qva: Allow vendor_cnd to read wifi_hal_propArian
W libc : Access denied finding property "wifi.interface" W cnd : type=1400 audit(0.0:22): avc: denied { read } for name="u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=26257 scontext=u:r:vendor_cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=0 Change-Id: I6cf8ad4133ca3013d844d4ef3b2701de22f408b0
2022-01-20sepolicy_vndr: qva: Update vendor property typesArian
Change-Id: I93335f35c94250bc62defb36552ac5db2efbb98b
2022-01-20sepolicy_vndr: generic: Add app_data_file_type to vendor_radio_data_fileArian
Change-Id: Ia6ef04a1e719806ff2ecfcfa56a41c89a311ff7b
2022-01-20sepolicy_vndr: Fix compilation issues for newer upgradeHimanshu Agrawal
Change-Id: I60686d0066a1aa099a7dffbca091c9a7e2bac7f8
2022-01-20legacy: Add write permission to proc file systemAnkita Bajaj
Provide Wi-Fi HAL read and write access to proc file system. Wi-Fi Hal needs access to proc file system in order to configure kernel tcp parameters for achieving higher peak throughputs. CRs-Fixed: 2491783 Change-Id: I36613f74aaa4adfc33e68442befcdb78af5edd5c
2022-01-20legacy: Address init denials regarding socket_deviceAayush Gupta
[ 9.346918] type=1400 audit(71454275.960:7): avc: denied { create } for comm="init" name="dpmwrapper" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0 Ref: [0]: https://source.codeaurora.org/quic/la/device/qcom/sepolicy/commit/?h=LA.UM.9.2.1.r1-03800-sdm660.0&id=79488292273efa5ab89bc405a5f6ae4dec5d011d Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: I262b06821c0625978b3685d0666bd2cf599fbf98
2022-01-20legacy: Allow sensors read sensor propsMichael Bestas
* As seen on non-legacy Change-Id: I54ede545836306d3a8d2181bb60e0667988228de
2022-01-20sepolicy: Add required sysfs nodes access for displayRavikanth Tuniki
Resolve following read access for sysfs nodes 1 - devices/platform/soc/soc:qcom,cam-req-mgr/video4linux/video0. 2 - devices/platform/cam_sync/video4linux/video1. CRs-Fixed: 2423140 Change-Id: I51d4edf3bbfcd05d6f52b2b4df6372a24df322a2
2022-01-20legacy: Allow writing WLAN driver/fw version into propertyBruno Martins
Similarly to non-legacy. Change-Id: I00d4d5ebe7162ea2d60c47e893579cc4e741c393
2022-01-20common: Address BT denialsBruno Martins
Change-Id: I92bfabbb00be52aa7cebd489e9a79e1ab2176d73
2022-01-20sepolicy_vndr: Switch to SYSTEM_EXT_{PUBLIC,PRIVATE}_SEPOLICY_DIRSMichael Bestas
Fixes: warning: BOARD_PLAT_PRIVATE_SEPOLICY_DIR has been deprecated. Use SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS instead. warning: BOARD_PLAT_PUBLIC_SEPOLICY_DIR has been deprecated. Use SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS instead. Change-Id: I752602079de8ff4c5370fe3ec861b8746838d878
2022-01-20sepolicy_vndr: Switch to BOARD_VENDOR_SEPOLICY_DIRSAayush Gupta
- BOARD_SEPOLICY_DIRS is deprecated and gives compile-time errors when used in unison with a device using BOARD_VENDOR_SEPOLICY_DIRS Ref: [0]: https://github.com/LineageOS/android_system_sepolicy/commit/ec3ac470a98342c13c1fec8d46433c73b08531be Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: Icefb062cc8cdef532b4310684d9a66afe97e49c4
2021-12-13Merge 02950739e3602a76f464dfc27ac5deb2b2bd2ddc on remote branchLinux Build Service Account
Change-Id: I918f7a3eeff334cd4b5363e91aec41cadcbbd390
2021-12-02atoll: Addressing the syntax error in "qva/vendor/atoll/genfs_contexts"urevanth
Change-Id: I18f6508e763b02ad1758dd549ad1325fda7eff5f Signed-off-by: urevanth <quic_urevanth@quicinc.com>
2021-11-30sepolicy: Add create socket file permission for vendor_wcnss_serviceBaowei Liu
cnss_cli use unix socket to communicate with cnss-daemon. cnss-daemon need create unix socket server file when init. Change-Id: Ibbe1eb1f418da17c0155a0663f6a94d8777ef80f
2021-11-24Merge "sepolicy_vndr: Remove ffs_prop form recovery.te"qctecmdr
2021-11-24Merge 9021b7aa45dbcc735a2b0f1f07663462c9e64ad4 on remote branchLinux Build Service Account
Change-Id: Ic4f02565d4f1076b6c08272c8a816fac4f2895ad
2021-11-16Merge "sepolicy: Add SE-Linux rules to access NFC properties"qctecmdr
2021-11-16sepolicy_vndr: Remove ffs_prop form recovery.teUdipto Goswami
The AOSP code already defines and gives permission to this label. Further this is renames in latest code to ffs_config_prop so referring the label here gives compilation error. Removing it since already the permissions are there. Change-Id: I14154df9cf269e3524c80a539c97bcb77dd97fc0 Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
2021-11-12sepolicy: Add SE-Linux rules to access NFC propertiesBhuvan Varshney
Add sepolicy rules to allow secure element HAL to read NFC properties. Change-Id: Icf2436b523d9854ad31ac56cb75b75b200b0bb2b
2021-11-11sepolicy_vndr: Compilation fix for S upgradeHimanshu Agrawal
Change-Id: Ie41b7cc0bb91d5d92480fafa9d44bcbe8b855343
2021-11-02Merge "sepolicy_vndr: add policy for hostapd"qctecmdr
2021-10-29selinux attribute mlstrustedsubject added to qvrd_vndrDavid Arellanes
Change-Id: I0f93db13f2b2bff64cd54b324bce5d320b2430b9
2021-10-24Merge 9e1dcf7de58b79a34690b9ece62a8b8f8ef66f92 on remote branchLinux Build Service Account
Change-Id: I2a6ed3fcf04b0014aba6fe4b54dff6372d63c9f2
2021-10-21Merge "sepolicy_vndr: suppress xdsp denial."qctecmdr
2021-10-17Merge "sepolicy: sepolicy rules for accessing read_ahead_kb"qctecmdr
2021-10-12sepolicy: sepolicy rules for accessing read_ahead_kbSarthak Garg
Adding sepolicy rule to fix avc denials while accessing read_ahead_kb node for vold. Change-Id: I078b00b07b31a813a2151595e24332cfa2361901 Signed-off-by: Sarthak Garg <sartgarg@codeaurora.org>
2021-10-11sepolicy_vndr: suppress xdsp denial.Rui Wang
Change-Id: Ie33815a9fbf1b4b8ee7b7acdfdeae896805fae1c
2021-10-07sepolicy_vndr: Fixing avc denialSauvik Saha
* avc: denied { call } for comm="ims_rtp_daemon" * scontext=u:r:vendor_hal_imsrtp:s0 tcontext=u:r: * vtloopback_app:s0:c165,c256,c512,c768 tclass=binder permissive=0 Change-Id: Iec4288d24a3ca9559fa213eb7ffff75d67c777dd
2021-10-04se-policy: Added donot audit rule.Ashish Jain
Added donot audit rule for dac override warning for perf serivce. Change-Id: I975452c82c2fdd28fef1015e5eafca23ccfb7016
2021-09-29Sepolicy: Add sepolicy change to not audit for xdspAbhinav Sohane
Issue: AVC denials seen for hal_camera_default while accessing vendor_xdsp_service. Fix: Addeddontaudit for hal_camera_defaiult to access vendor_xdsp_service. CRs-Fixed: 3027156 Change-Id: I915389a2073e4774c00a1129d6ddf371681138c3
2021-09-28sepolicy_vndr: add policy for hostapdSwarn Singh
This commit gives hostapd permissions rw_dir_perms to open, search, write, add_name, remove_name in wifi data files. Change-Id: Ifc39cd245da035512af89733b55f57e9ce608f00 CRs-Fixed: 3008412
2021-09-28sepolicy_vndr: Fixing avc denials for loopback appSauvik Saha
* [Kodiak]avc: denied { read } for name="u:object_r: * vendor_ims_prop:s0" dev="tmpfs" ino=30786 scontext=u:r: * platform_app:s0:c512,c768 tcontext=u:object_r:vendor_ims_prop: * s0 tclass=file permissive=0 app=com.qti.vtloopback Change-Id: I8b2658ff7fe8d18812aa45c9daa3a2906f7e942f
2021-09-24Merge "sepolicy_vndr: Update sepolicy rule for mediatranscoder"qctecmdr
2021-09-23sepolicy_vndr: Update sepolicy rule for mediatranscoderSanjay Singh
Allow mediatranscoder to access hal_allocator. Change-Id: I62511ef6c48a4276845edebb04298d23ab927739
2021-09-23sepolicy_vndr: Add labels for wakeup sources for atoll and msmnileKavya Nunna
Add a change to fix the avc denials for the wakeup source used for pmic nodes. Change-Id: Id836c0890e197d9d32b69fb0b3d9f3ca960a65f1
2021-09-22sepolicy_vndr: Add sepolicy for ssg system serviceGerald Dasal
mlid and ssgtzd need to be able to talk to service apps as well as other vendor services. Change-Id: Iaee709672f4dd83c428a047be17bb0c087a50215
2021-09-19Merge "NeuralNetworks: Modify nnhal to access adsp properties"qctecmdr
2021-09-17Merge 062c4adf8179848c887540b06a4e513d1605d045 on remote branchLinux Build Service Account
Change-Id: I28726ad2f01b16c8534c27872d82abb598b80942
2021-09-17Merge "sepolicy_vndr: khaje: sepolicy rules for perf-lm"qctecmdr
2021-09-16sepolicy_vndr: dontaudit qti-media access to default propMalathi Gottam
Vendor qti-media service is not making use of any of the properties under default-prop, so suppress this access denial using dontaudit. Change-Id: I860d2e534dcfbf05be733706b780fd4784c3467d
2021-09-16sepolicy_vndr: khaje: sepolicy rules for perf-lmAman Mehta
Path correction for sepolicy rules Change-Id: I12efeaa94fd5216626a33bc6bd3f05d0f6ed56d2
2021-09-15NeuralNetworks: Modify nnhal to access adsp propertiesRajashekar Adi
Modify NNHAL sepolicy rules to read adsp properties. Change-Id: I53ffab1e039a5a07fa58de53baddf6c962a92565
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 03:18:56 +0000