summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-06-13sepolicy_vndr: Restrict access to /sys/devices/soc0/serial_numberuminekotachibana-mr1Michael Bestas
Change-Id: I6254ef6e160ff0d3c3ce2e51f20f557e75826dff
2023-06-12sepolicy_vndr: qva: Update QTI USB HAL to v1.3Alexander Koskovich
Change-Id: Ia3481e6780d75c177038170598e45bab530524b9
2023-06-12sepolicy_vndr: qva: Allow vendor_cnd to read wifi_hal_propArian
The `wifi.interface` property was labelled as `exported_default_prop` by system/sepolicy in android 11. Since android 12 it is labelled as `wifi_hal_prop` which causes the following denial. W libc : Access denied finding property "wifi.interface" W cnd : type=1400 audit(0.0:22): avc: denied { read } for name="u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=26257 scontext=u:r:vendor_cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=0 Change-Id: I6cf8ad4133ca3013d844d4ef3b2701de22f408b0
2023-06-12sepolicy_vndr: generic: Add app_data_file_type to vendor_radio_data_fileArian
Change-Id: Ia6ef04a1e719806ff2ecfcfa56a41c89a311ff7b
2023-06-12sepolicy_vndr: generic: Fix compilation issues for newer upgradeHimanshu Agrawal
Applied the changes from legacy to generic targets. Original Change-Id: I60686d0066a1aa099a7dffbca091c9a7e2bac7f8 Change-Id: I8285fdc49bde169f9718cd0b153088b8b0cd052b
2023-06-12sepolicy_vndr: Switch to BOARD_VENDOR_SEPOLICY_DIRSAayush Gupta
- BOARD_SEPOLICY_DIRS is deprecated and gives compile-time errors when used in unison with a device using BOARD_VENDOR_SEPOLICY_DIRS Ref: [0]: https://github.com/LineageOS/android_system_sepolicy/commit/ec3ac470a98342c13c1fec8d46433c73b08531be Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: Icefb062cc8cdef532b4310684d9a66afe97e49c4
2023-05-03Merge 16df2b50ec0546ee03ea00a6d2a4fe68bd9d3597 on remote branchLinux Build Service Account
Change-Id: Iddc83524967f3755645fee686150eed87bbe836b
2023-04-28Revert "Revert "Revert "sepolicy_vendor: Add permission to number of IFEs, ↵V S Ganga VaraPrasad (VARA) Adabala
IFE_LITEs, SFEs and SBI""" This reverts commit bdd281556a8f40ae7742500a4ab6b7759c7916c8. Change-Id: If72356df362878929292af5ceb991ef2179d97bd
2023-04-28Revert "Revert "sepolicy_vendor: Add permission to number of IFEs, ↵V S Ganga VaraPrasad (VARA) Adabala
IFE_LITEs, SFEs and SBI"" This reverts commit 5df70e4339a9fa2132b7eabea9c6e250e0e645fc. Change-Id: I02e2b559824565b71899205f4ef1a64e6ac2c8a2
2023-04-27sepolicy: Fix avc denials for wakeup nodesPavanKumar S.R
Label wakeup sysfs nodes listed by SuspendSepolicyTests.sh Change-Id: I52f344cb8d3c1dad4b83a33cd18091ae53fb4c32
2023-04-28Revert "sepolicy_vendor: Add permission to number of IFEs, IFE_LITEs, SFEs ↵V S Ganga VaraPrasad (VARA) Adabala
and SBI" This reverts commit 377864ac7a493e2ab9002ce027a22a7d84019c28. Change-Id: I764fd4b0d8992d500f891962faf63d82763a38a3
2023-04-27sepolicy_vendor: Add permission to number of IFEs, IFE_LITEs, SFEsKarthik Dillibabu
and SBI Add sepolicy rule to allow read the files(num_ifes, num_ife_lites, num_sfes and num_sbi) present in /sys/kernel/camera from camera HAL. CRs-Fixed: 3434941 Change-Id: I8fcd083df32e185a1ffc88a8c1ff94027079d1fc
2023-04-18Merge 1a332e6b327f5b0e6d2524948dba5f327994e749 on remote branchLinux Build Service Account
Change-Id: Idcdfce58db79a1564a22132991511450c2cdfc64
2023-04-17sepolicy_vndr:SP data logger entries for filesystem accessNikhil Chaturvedi
Change-Id: I69d9f65f90db19bb6f096f8dc58df83c4e525889 Signed-off-by: Nikhil Chaturvedi <quic_nchaturv@quicinc.com>
2023-04-17Merge "sepolicy: Fix avc denials for wakeup nodes"qctecmdr
2023-04-17Merge "sepolicy: Add keymint SPU service permission to qseecom TA dma heap"qctecmdr
2023-04-16Merge "kalama:Giving permission for mmc1 to mount SD Card in recovery mode"qctecmdr
2023-04-16sepolicy: Add keymint SPU service permission to qseecom TA dma heapLiron Daniel
Change-Id: Ie29d8c99474a18b92a7e5647818be9814a5b52a8
2023-04-15Merge "sepolicy: hdmi sysfs support."qctecmdr
2023-04-15Merge "SEPolicy: Add support for SPU Strongbox KeyMint"qctecmdr
2023-04-14sepolicy: hdmi sysfs support.Pritama Biswas
Change-Id: I5739291ac9790cca700d49afcd7e2f7007234f54
2023-04-14kalama:Giving permission for mmc1 to mount SD Card in recovery modeLAVEENA FULWANI
Change-Id: Ia58095fc64f5ff0736dc658165f0a2317a290838
2023-04-13Merge "Added SE-Policy for UsbUdev Service"qctecmdr
2023-04-13sepolicy: Fix avc denials for wakeup nodesPavanKumar S.R
Label wakeup sysfs nodes listed by SuspendSepolicyTests.sh Change-Id: I52f344cb8d3c1dad4b83a33cd18091ae53fb4c32
2023-04-12Merge "Add sepolicy rules for kona"qctecmdr
2023-04-12SEPolicy: Add support for SPU Strongbox KeyMintLiron Daniel
Add SEPolicy rules for SPU Strongbox KeyMint service. Change-Id: Icb8721f0bc5b9d4063fa8b80a17540b1fdf84169
2023-04-13Added SE-Policy for UsbUdev ServiceAshutosh Das
Change-Id: Id1abeb50d4e55ba18087c423cf204d6dc92ceee2
2023-04-11sepolicy_vndr: Add access rules for HDMI bridgeZun Qiao
Add access rules for HDMI bridge for kona target. Change-Id: Id6e0c6d56c8134af4d974c504dcba39210d9845a
2023-04-11Add sepolicy rules for konaXinzheng Long
Add sepolicy rules for kona Change-Id: Ic5daa5768a91abd4369fcbe6b7d067387047ceaf
2023-04-11Merge "sepolicy_vendor: Add permission to number of IFEs, IFE_LITEs, SFEs ↵qctecmdr
and SBI"
2023-04-10Sepolicy : Added sepolicy rules for pm7250b node.Neelu Maheshwari
Change-Id: I2c0c7ea4810d347977e2e3185cdbdaf0755f236c
2023-04-10Merge "location: Allow gnss hal to read boot status property"qctecmdr
2023-04-07Sepolicy: add dontaudit for default propjiaoyuan
sepolicy warning for default_prop Change-Id: I92defd09b6fc6698d8d865314ede269db852c8cd
2023-04-05Merge 28fc47c05f1820155443c6eb30262b31f2732546 on remote branchLinux Build Service Account
Change-Id: Id78441c8e1020d2ac45da44143b4446adba2f97c
2023-04-06* sepolicy_vndr: fix for AVC denial for U upgrade targetsVaishali Rai
* I/auditd ( 963): avc: denied { find } for pid=3614 uid=10149 * name=vendor.qti.ImsRtpService.IRTPService/ImsRtpService * scontext=u:r:vendor_qtelephony:s0:c149,c256,c512,c768 * tcontext=u:object_r:default_android_service:s0 * tclass=service_manager permissive=0 * * add dontaudit rule for U upgrades since * AServiceManager_isDeclared does find operation internally Change-Id: I820e73f39be4b6f25eda24619abaae9ae92ce34a
2023-04-05Merge "sepolicy_vndr: cleanup vendor_qhdcservice"qctecmdr
2023-04-05sepolicy_vendor: Add permission to number of IFEs, IFE_LITEs, SFEsKarthik Dillibabu
and SBI Add sepolicy rule to allow read the files(num_ifes, num_ife_lites, num_sfes and num_sbi) present in /sys/kernel/camera from camera HAL. CRs-Fixed: 3434941 Change-Id: I8fcd083df32e185a1ffc88a8c1ff94027079d1fc
2023-04-05sepolicy: CEC HAL supportPritama Biswas
Change-Id: I89f85beabb09bb2e22311741338d9f253896e3b6
2023-03-31sepolicy_vndr: Allow mediacodec to find DisplayConfig HALNeelu Maheshwari
Add sepolicy rules to allow mediacodec to create DisplayConfig HAL. This is required for creating DisplayConfig ClientInterface by mediacodec Change-Id: I8d08f4fb04d0d21d5caae19abdb971cd995b6ac0
2023-03-30location: Allow gnss hal to read boot status propertyHarikrishnan Hariharan
Change-Id: I5f2beba0874341cb3a30a056d3ab42ab04cf9e1c CRs-Fixed: 3345987
2023-03-30Merge "sepolicy_vndr: allow init shell access kgsl nodes."qctecmdr
2023-03-29Allow dumpstate for binder call with Dc servicePavan Kumar M
This allows dumpstate to have a binder call with Ims Data Channel Service. This is needed for a CTS testcase: SELinuxHostTest#testNoBugreportDenials Denial:avc: denied { call } for scontext=u:r:dumpstate:s0 tcontext=u:r:vendor_ims_dcservice:s0 tclass=binder permissive=0 Change-Id: Id42df851e5d193bf6b89a899a876abd03acf23e8
2023-03-28sepolicy_vndr: allow init shell access kgsl nodes.Karthik Gopalan
Allow vendor init shell to access /sys/class/kgsl/kgsl/ node. Change-Id: I3b7036b591f3619ba7490d0296c5159a22e1afcf
2023-03-28sepolicy_vndr: cleanup vendor_qhdcservicePhani Deepak Parasuramuni
Change-Id: Iea20b81544513343924e33a86ea6a486e48a364f
2023-03-27Allow dumpstate for binder call with Dc servicePavan Kumar M
This allows dumpstate to have a binder call with Ims Data Channel Service. This is needed for a CTS testcase: SELinuxHostTest#testNoBugreportDenials Denial:avc: denied { call } for scontext=u:r:dumpstate:s0 tcontext=u:r:vendor_ims_dcservice:s0 tclass=binder permissive=0 Change-Id: Id42df851e5d193bf6b89a899a876abd03acf23e8
2023-03-24Merge "sepolicy: Fix avc denials for wakeup nodes"qctecmdr
2023-03-24Merge "sepolicy_vndr: add vendor_episteme_app"qctecmdr
2023-03-21sepolicy_vndr: add vendor_episteme_appShubhra Singh
Change-Id: I2a4f6014d923a156e17d428b372c492ea2b33ab0
2023-03-17Merge "sepolicy: add labels to /sys/block/dev/sd*"qctecmdr
2023-03-17sepolicy: Fix avc denials for wakeup nodesPavanKumar S.R
Label wakeup sysfs nodes listed by SuspendSepolicyTests.sh Change-Id: Ibec1769cffa9dc2c2a9c338fa61926e46b1f9e51
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 03:33:30 +0000