summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove wifi_data_file from data_between_core_and_vendor_violatorsSrinivas Girigowda2018-11-252-3/+0
| | | | | CRs-Fixed: 2221880 Change-Id: I124d152c5b309dc708fd8a27905f55bd3c91259a
* Add create_dir_perms to data files for vendor_initSridhar Parasuram2018-11-251-0/+43
| | | | Change-Id: Icd550bb4eb696ca3ca1fb8932b869fa25187831c
* sepolicy: Allow hostapd to access/write /data/vendor/ partitionAbhishek Srivastava2018-11-251-0/+30
| | | | | | | While turning on SAP, conf file is created in /data/vendor/wifi/hostapd . selinux permission is added to create files under the same path. CRs-Fixed: 2195908 Change-Id: I20c7f806f5597e8e9d88118feaf340f54b286569
* wifi: Use wpa_data_file instead of wifi_vendor_data_fileAbhishek Srivastava2018-11-252-0/+11
| | | | | | | | | | system/sepolicy already defines wpa_data_file, Use that instead of wifi_vendor_data_file Note: wifi_vendor_data_file cannot be removed due to the dependencies.This shall be taken subsequently. Change-Id: I916724ed60162b2b32247f07cca9c1a69363c9fb CRs-Fixed: 2195448
* sepolicy : set write permissions for sysfs_boot_adsp.Paresh Purabhiya2018-11-243-0/+7
| | | | | | | allow sysfs_boot_adsp write permissions to /sys/kernel/boot_adsp/boot node. Change-Id: I370c6be54b0cad987fb679b66c3d8f8552c3c99a
* sepolicy: Remove apq8098_latv and qsc605 platform rulesBruno Martins2018-11-1624-1044/+0
| | | | | | * These are not legacy platforms yet Change-Id: I4709408d9817570f4832c5ad2a97efa74fa65127
* legacy: Correctly label display.qserviceEthan Chen2018-10-305-2/+4
| | | | | | | * Since this is not hosted in a vendor service anymore, this needs to be listed as a regular service, not a hwservice. Change-Id: Icc72d329f534e942c5873e6f7963c2b1072aee2d
* sepolicy: Allow android service to write on tombstonesAjit Vaishya2018-10-291-0/+6
| | | | | | | | | | With this commit added sepolicy rule, so that android.hardware.wifi@1.0-service support to write on tombstones path. i.e /data/vendor/tombstones/wifi Change-Id: I53633c5291f27041f23726e3d8426eab1adcd664 CRs-Fixed: 2241490
* Change to compile due to hostapd.te removalSridhar Parasuram2018-10-292-2/+9
| | | | Change-Id: Ic06cb6002d816c477cf8eac5cb87fb882911193f
* Revert "sepol: hostapd is now hal_wifi_hostapd"Michael Bestas2018-10-297-2/+72
| | | | | | | | | * This commit was not proper and causes cnd denials. We will be picking the upstream commits instead. This reverts commit ac81139c2811a30219ebbf27d4788b7fd4b462c5. Change-Id: Id5ddcae41a01c1d05d5c9985dcb2082a3e602f42
* sepolicy-legacy: Treat BT vendor properties like non-vendor ones.Danny Baumann2018-10-132-0/+2
| | | | Change-Id: I66e08c3bdbd595a69b89e30e1442c04a85be7ccc
* common: Relabel /data/vendor/display filesBruno Martins2018-09-175-9/+9
| | | | | | * This matches non-legacy QC sepolicies Change-Id: If12de9ac506f6f4260c789d0bbe6bed83d064a40
* common: Define persist_block_deviceBruno Martins2018-09-161-0/+2
| | | | | | | | * This used to be defined in device/lineage/sepolicy, but had to be removed in order not to conflict with device/qcom/sepolicy. Add definition here as well. Change-Id: Id915bea27263b224d1b25021dc189efc3a07a0dd
* sepolicy-legacy: Adapt for new path (sepolicy -> sepolicy-legacy)Danny Baumann2018-09-142-2/+2
| | | | Change-Id: Ia38a0bd984e9c53fdaae15a8d58281dfe901b168
* sepol: Correct legacy sepolicy pathsKevin F. Haggerty2018-09-071-7/+7
| | | | Change-Id: I35fe10f6b7adc5be7bbb611c2b908721d9b3bb5d
* sepol: Remove still supported platforms and consolidate makefilesRashed Abdel-Tawab2018-08-30128-4828/+4
|
* common: Remove duplicate definition of hostapd data filesBruno Martins2018-08-203-4/+2
| | | | | | * Already defined now by system policies Change-Id: I1cbdcc8ebd918bef7c5a4e22a57adbfa75878be0
* sepol: hostapd is now hal_wifi_hostapdRashed Abdel-Tawab2018-08-187-72/+2
| | | | Change-Id: I91648b2b07340b9a061c04246f68d8dbdef0e008
* sepol: Remove duplicated hal_vehicle attributeRashed Abdel-Tawab2018-08-171-4/+0
| | | | | | hal_vehicle is now in common AOSP global policy Change-Id: I3f70868b3880caa0d5b88d1127aff2257f5dd967
* msm8960: Fix compilationMarco Zanin (B--B)2018-07-141-2/+0
| | | | | | | * Remove rules that cause build breakages Change-Id: Iaefab105ed52178f3c7d356aa2782147df8d2fbf Signed-off-by: Marco Zanin (B--B) <mrczn.bb@gmail.com>
* Allow binderized keymaster HAL access to firmware files.Danny Baumann2018-07-021-0/+2
| | | | Change-Id: I7fe1bfd28117dc61354e65cf4c3ea2ff9880ae0a
* sepolicy: Allow perf HAL to set freq propsBruno Martins2018-06-231-1/+3
| | | | | | | | | | | | * Addresses the following errors caught in a log: E ANDR-PERF-TARGET-INIT: Inside InitializeTarget W vendor.qti.hard: type=1400 audit(0.0:12): avc: denied { write } for name="property_service" dev="tmpfs" ino=14909 scontext=u:r:hal_perf_default:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 W vendor.qti.hard: type=1400 audit(0.0:13): avc: denied { write } for name="property_service" dev="tmpfs" ino=14909 scontext=u:r:hal_perf_default:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 W libc : Unable to set property "ro.min_freq_0" to "384000": connection failed; errno=13 (Permission denied) W libc : Unable to set property "ro.min_freq_4" to "384000": connection failed; errno=13 (Permission denied) Change-Id: I6de28c23fdb816faad0eaf45e8f4d793865d6eea
* legacy: allow gnss to create dir for xtra datajrior0012018-06-171-0/+1
| | | | Change-Id: I925ef41fa713e829b932cc502a6820ad9f8e3037
* legacy: Add rules for init.qcom.bt.shMichael Bestas2018-06-171-2/+9
| | | | | | | | | * Turns out we need to use init.qcom.bt.sh instead of running hci_qcomm_init directly, as that causes BT to take longer than 10 seconds to enable on first time it's enabled after boot Change-Id: I0ee4a645d3828429b2deb0464f78090f49c9eb7b
* common: Fix labelling of lcd-backlightMichael Bestas2018-06-121-1/+1
| | | | | | * Codeaurora strikes again with a wrong regex Change-Id: Id1be8ab8c264f05d3c1ddd3c622495a220fd074f
* sepolicy: Allow mm-qcamerad to access v4L "name" nodeBruno Martins2018-06-044-58/+5
| | | | | | | * Label additional nodes and add it as common rule, since it doesn't apply only to msm8953. Change-Id: I42b329d782795feed776b09d5c12d89be9bac868
* sepolicy: Fix video4linux "name" node labelingBruno Martins2018-06-042-6/+6
| | | | | | Do u even regex, br0? Change-Id: If907448d394f967268c9f72051bec5a47220087b
* sepolicy: allow vold to read persist dirsjrior0012018-05-211-0/+2
| | | | Change-Id: Ibff5485fcaebc181d9aa17fcea38cf4ae3146193
* sepolicy: qti_init_shell needs to read dir toojrior0012018-05-211-1/+1
| | | | Change-Id: I35e8bbffb44626c95f3d59adb4d97bc07da043a4
* msm8916: Label the FRP partitionRicardo Cerqueira2018-05-211-0/+1
| | | | | | * Partial cherry-pick of commit 3aaeeceb270dc6c8af8dd9a95fa8b9e33097ff50 Change-Id: Ifa500ca57dc71831074a39fb5b05246c12cd0d4c
* legacy: Make WCNSS props readable to hci_qcomm_initBruno Martins2018-05-211-1/+2
| | | | Change-Id: I3a9d988f75f64b45d1abb952b771a7e9bb30cac8
* legacy: Resolve msm8992/4 perfd denialsMichael Bestas2018-05-202-1/+4
| | | | Change-Id: Ibef3bd2704b8edbefb90085c7c246ab832646300
* legacy: perf: allow checking for existence of other processes (signull)Matt Wagantall2018-05-201-0/+3
| | | | | | | | | | | | | | | | Certain perfd optimizations depend on this ability. Change-Id: Ib994cf879db73c02d8c79c8b7e6a8a855496c6be sepolicy: perfd: fix signull permission Commit 1a20a7fbc2 ("sepolicy: perf: allow checking for existence of other processes (signull)") was implemented incorrectly. It granted perfd only permissions to signull itself, not other processes. Fix this, granting signull permissions to all processes by using the 'domain' attribute. Change-Id: I5ea7c543ba5854550bb020382b43368d75244f32
* legacy: Label BT_QCA6174 sysfs filesLuK13372018-05-201-0/+2
| | | | | | | | | | | | | Qcom sepolicy only covers bt_qca6174, while our devices uses bt_qca6174.91. Label using a regex to make sure every case is covered. This fixes the following denial. avc: denied { write } for comm="hci_thread" name="state" dev="sysfs" ino=17919 scontext=u:r:bluetooth:s0 tcontext=u:object_r:sysfs:s0 tclass=file And should also fix bluetooth. Change-Id: Ice453dee8750e6c9ca6b1fe6cb20709c39958c7e
* legacy: Fix msm8992/4 mm-qcamerad sysfs denialsMichael Bestas2018-05-202-0/+4
| | | | | | * Label as sysfs_graphics like non-legacy sysfs Change-Id: Iadccb98b26cc704e84ff4c85ee3eadc2fcc95f0c
* legacy: Fix labelling msm8992/4 SSR sysfsMichael Bestas2018-05-201-1/+1
| | | | Change-Id: Ia282fc2cb3e70b407a5c7a0b045a4cb68dc80188
* legacy: Fix more msm8916 perfd denialsMichael Bestas2018-04-302-0/+4
| | | | Change-Id: If5cd58caad0c4f084764f21ab1fbb5c5b11be371
* Escape '.' characterMichael Bestas2018-04-2119-792/+792
| | | | Change-Id: I3d3c1c2d0c04f8dc77037cbf47ce7b1452fe8c33
* sepolicy: Remove leftover foldersMichael Bestas2018-04-2114-624/+0
| | | | | | | msmpeafowl: sdm670 msmskunk: sdm845 Change-Id: I1c71c14af53123cc7852cd7948ee66575323d239
* legacy: Consistent indentationMichael Bestas2018-04-204-33/+33
| | | | Change-Id: I44dcf57ec36e3ecd0674d84f8fe1f8a98ee71d28
* legacy: Address mm-pp-daemon denialsLuK13372018-04-205-0/+11
| | | | Change-Id: I9b5f18936b3b7dc362b81750b24af41810ea847e
* legacy: Allow thermal-engine to read sysfs_spmi_devLuK13372018-04-201-0/+2
| | | | Change-Id: I11b65ea2a853b7b71652ef8bc4447bc554a8393a
* legacy: Add debugfs rules for rmt_storageBruno Martins2018-04-203-0/+8
| | | | Change-Id: Id29dbfe25a979ff8257ba5f4f6fe94ec2c2b471c
* legacy: Allow hal_graphics_allocator_default access sysfs_graphicsNikolas Lim2018-04-201-0/+1
| | | | Change-Id: Ibf48ea3a61e3ff08feb2e24287dee39d2ebe3889
* legacy: Allow hal_graphics_composer_default read firmwareMichael Bestas2018-04-201-0/+1
| | | | Change-Id: I9a65a68b0de351cd072a4aa4b66f78a7b082d354
* legacy: Allow bluetooth_loader read persistMichael Bestas2018-04-201-0/+2
| | | | Change-Id: I1696d40518a6193a335e4930e5b576b7dda86f0d
* legacy: Address perfd denialsLuK13372018-04-203-0/+10
| | | | Change-Id: If569ce1cb560a19123b1b7bfae5e10e653825f35
* legacy: Allow perfd write to sysfs_kgslMichael Bestas2018-04-201-0/+1
| | | | | | * msm8916 perfd wants to write to "max_pwrlevel" Change-Id: I86e9f7ac7cc82f3d8605d215aa39171b385ecc61
* legacy: Allow qcom power HAL to interact with perfdMichael Bestas2018-04-201-0/+1
| | | | | | * We applied this for mpdecision, perfd needs it too Change-Id: Ib43f7575cefdeddcc02a3a6240c6f38aef18300d
* hal_gnss_default: Do not log udp socket failuresSubash Abhinov Kasiviswanathan2018-04-201-0/+9
| | | | | | | | | | | | | | | | | | hal_gnss_default uses data services API's to use data related functionality for SUPL/E911 call. This was internally using internet datagram sockets for IOCTL calls to retrieve interface name leading to this denial. Since HAL is not supposed to have this permission, use netlink route sockets instead to achieve this functionality. Fixes the following denial - audit(0.0:94): avc: denied { create } for comm="Loc_hal_worker" scontext=u:r:hal_gnss_default:s0 tcontext=u:r:hal_gnss_default:s0 tclass=udp_socket permissive=0 BUG:37730994 Change-Id: If358032ffcf870747d6bca4fa50fb45214d70f8c
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 20:45:00 +0000