| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
* Fix the missing type removed in commit
I4c29491abef1f235a190bcd1e157aec406fac2fa
Change-Id: Ie5d4cb5c550768a117369493bcfb95c7e19f4f06
|
|
|
|
|
|
| |
This reverts commit f2ce603429b7a83cb0e69b2e45fc782148fd152e.
Change-Id: Id4cc66138057f3fd10f0deafd6d5290fccddbf1f
|
|\
| |
| |
| |
| |
| |
| |
| | |
git://codeaurora.org/device/qcom/sepolicy into cm-14.0
"LA.UM.5.5.r1-00900-8x96.0"
Change-Id: I1a53f98a3bfb51c0b087be8ce85d420419fa5aa1
|
| |\
| | |
| | |
| | | |
Change-Id: Icfd788c2bb5484128ab08a7eb16a807e53794636
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
CRs Change ID Subject
--------------------------------------------------------------------------------------------------------------
994517 Ie15eece2cde55b921f976fc9f369333ea9e8efc1 Permissions needed for LOWI
936950 Ia4b0bd9d8a24b596ff6186501378a031112e33d2 sepolicy: Add set property permission for irq balance
1069576 I4c29491abef1f235a190bcd1e157aec406fac2fa common: Remove the references to misc_device
1070928 Idb2bf7cb3894421ef78354cb965e7fbb77627172 msmcobalt: file_context: Add file context for non-hlos m
1073791 I39c7b4b81ce0ebc91abe14fc153088e710d195fa Allow apps to find imscm service
1066977 I2772dc300bb3cfdbe39a5bede8d653aa35eea14a voiceprint: update configuration to address permission i
Change-Id: I1a38188cd9faea48cd97c94cc2c61904c1b1bdd9
CRs-Fixed: 1073791, 936950, 1069576, 994517, 1070928, 1066977
|
| | | |\ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Apps fails to connect to imscm service. Allow it
to find imscm service
Change-Id: I39c7b4b81ce0ebc91abe14fc153088e710d195fa
CRs-Fixed: 1073791
|
| | | |\ \
| | | | |/
| | | |/| |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
To use a per-interface socket during Plug-Fest ANQP testing
CRs-fixed: 994517
Change-Id: Ie15eece2cde55b921f976fc9f369333ea9e8efc1
|
| | | |\ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
AOSP now defines the misc partition with it's own label. Removing
references to the older one from the internal sepolicy files.
CRs-Fixed: 1069576
Change-Id: I4c29491abef1f235a190bcd1e157aec406fac2fa
|
| | | |\ \ \
| | | | |_|/
| | | |/| | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Some configurations were missing from the current te file
Change-Id: I2772dc300bb3cfdbe39a5bede8d653aa35eea14a
CRs-Fixed: 1066977
|
| | | |\ \ \ |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The non-hlos mount points(/firmware and /bt_firmware) are now built
as a part of the image rather than being created on the fly. Adding
the labels for both of them here. Also added a rule to allow init to
mount the non-hlos partitions on the same.
Change-Id: Idb2bf7cb3894421ef78354cb965e7fbb77627172
|
| | | |\ \ \ \
| | | | |/ / /
| | | |/| | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Sepolicy changes needed on new OS to support IRQ Balance.
This property need to set during early boot.
CRs-Fixed: 936950
Change-Id: Ia4b0bd9d8a24b596ff6186501378a031112e33d2
|
| | |\| | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
CRs Change ID Subject
--------------------------------------------------------------------------------------------------------------
1036981 Ia0cfce4e3c00e4ad67c13a1a3f37e82e8435a2ab selinux: restorecon interactive sysfs files before use
1070511 1070968 Ic618467a6c219828041c3f47d7696dca47cf62f4 sepolicy: restore persist-time file
1067815 Sepolicy: Allow mediaserver to access media_settings_xml
Change-Id: Ifd64de7b52339c7a56de49f6d3e4b6567668146c
CRs-Fixed: 1067815, 1070968, 1070511, 1036981
|
| | | |\ \ \ \
| | | | |/ / /
| | | |/| | | |
|
| | | | | |/
| | | | |/|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Interactive files in sysfs receives the default sysfs type.
Allow int_shell-sh domain to restorecon these to
sysfs_devices_system_cpu.
Change-Id: Ia0cfce4e3c00e4ad67c13a1a3f37e82e8435a2ab
|
| | | |\ \ \ |
|
| | | | |/ /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
It was accidentally removed, so restore it for time daemon.
CRs-Fixed: 1070511
Change-Id: Ic618467a6c219828041c3f47d7696dca47cf62f4
|
| | | |/ /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
mediaserver should be able to access media_settings_xml_prop.
change-Id: Ia099814177b7be00109c6a5cf5417317376b8ca0
|
| | |\| |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
CRs Change ID Subject
--------------------------------------------------------------------------------------------------------------
1050368 I4548c0bec2192e7f182739289b8d8c51ac0dbbf8 common: Add SELinux policy for Android N fastmmi
1068549 I3d107cf871645383d0f7de548f0d55515dd7240e sepolicy: Update rmt_storage and rfs_access
1042922 I999815c1771583ba495a078cf333302bdef6ca5d sepolicy: Add rule to have permissions to cache recovery
1066935 I0bb0f5e8e060090b0bc470a7113b23ce8cc4a964 sepolicy: allow init script to read GPU frequencies sysf
Change-Id: Idd49140d233f63a868944144950bc0a9fc99a9cc
CRs-Fixed: 1068549, 1066935, 1042922, 1050368
|
| | | |\ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
init script will read GPU frequencies from sysfs node and copy
the values to a system property to allow 3rd party apps that
rely on these frequencies to still work.
CRs-Fixed: 1066935
Change-Id: I0bb0f5e8e060090b0bc470a7113b23ce8cc4a964
|
| | | |\ \ \ |
|
| | | | | |/
| | | | |/|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Update the rmt_storage and rfs_access policy to add:
1) Write perms to the kmsg device
2) Capability net_bind_service
CRs-Fixed: 1068549
Change-Id: I3d107cf871645383d0f7de548f0d55515dd7240e
|
| | | |\ \ \
| | | | |/ /
| | | |/| | |
|
| | | | |/
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add SELinux policy for Android N fastmmi
WIFI case need new policy
CRs-Fixed: 1050368
Change-Id: I4548c0bec2192e7f182739289b8d8c51ac0dbbf8
|
| | | |\ \ |
|
| | | | |/
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add selinux rules to have permissions to create, read and
write permissions to /cache/recovery/command file, which is
required to wipe the data when maximum wrong attempts of
password reached.
CRs-fixed: 1042922
Change-Id: I999815c1771583ba495a078cf333302bdef6ca5d
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add SELinux policy for Android N fastmmi
WIFI case need new policy
CRs-Fixed: 1050368
Change-Id: I4548c0bec2192e7f182739289b8d8c51ac0dbbf8
|
| |\| | |
| | | | |
| | | | |
| | | | | |
Change-Id: Ib075149ef84cdbfeafde9bf7b9e966488db42e17
|
| | |\| |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
CRs Change ID Subject
--------------------------------------------------------------------------------------------------------------
1057269 Iefa7474ec1ddcb0efe0689ff065629aa1d99c0b9 sepolicy: Adding permissions for camerasever.
1052935 I7713f18a10508ef297e2742969dc5f9064cf9b50 sepolicy: Restrict diag access available to domains
1064092 I5b2624082479d9f9c346aa6acc0cb2235f2f7a63 sepolicy: allow qseecomd to access qsee_ipc_irq_spss dev
1050321 1063858 I9ddd96bf9882fc73dc83b62af24b74670eb36792 Add policy for persist time folder
1063858 I1a7a379a7ac62bc994b24329e056580f9712cbfc Add search rights to persist file for time_daemon
1056052 Ic2ff9b497d7a0b0dca91b72c328b3eb5cda17cce netmgrd: Enable support for destroying TCP sockets throu
1025803 I5b84094fa4f429095c45c3536e6a193e98786eb2 sepolicy:Add oemfs ruler for carrier switch
1063804 Idcdddd06df9d959e78ee80a36c890c8560c41350 sepolicy: Allow mmi access boot mode prop
1064752 I5d65ffaf92617b3942820c0892a0700737c1a07b sepolicy: Add DRM device node to sepolicy file_contexts
1063341 I7ac989f3f26b3d084454cef3e12a44eef083975c sepolicy: allow spdaemon to access cryptoapp device node
1062722 I7ec47c2654b93e5b96ea93e4930cc3b227ca79d0 Sepolicy: allow ipacm to create netfilter socket
1038954 I41cc8a41b096c1b03f43472d1bce51638fa87976 sepolicy: Add adsrpc permission to camera server.
Change-Id: I76fb1c8ad1b9767638f2aa99cdff4de665d11f77
CRs-Fixed: 1025803, 1063341, 1052935, 1064752, 1063804, 1057269, 1056052, 1038954, 1063858, 1050321, 1064092, 1062722
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
fd-dsp needs to access DSP using FastRPC.
Hence added permission for daemon
CRs-Fixed: 1038954
Change-Id: I41cc8a41b096c1b03f43472d1bce51638fa87976
|
| | | |\ \
| | | | |/
| | | |/| |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This enables the SOCK_DESTROY feature for TCP sockets. When changing
networks, this is needed to close all blocking calls on existing
sockets and return ECONNABORTED and close the socket gracefully.
The other end of the connection is sent a RST to notify this event.
This feature was earlier implemented using IOCTL SIOCKILLADDR and
called a custom function tcp_nuke_addr internally. This
functionality will be deprecated going forward in favor of
SOCK_DESTROY.
Add support for netmgrd to use this method of destroying sockets.
Fix the following denial -
[ 26.041163] type=1400 audit(1471467994.893:67): avc: denied
{ create } for pid=1548 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_tcpdiag_socket permissive=0
CRs-Fixed: 1056052
Change-Id: Ic2ff9b497d7a0b0dca91b72c328b3eb5cda17cce
|
| | | |\ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Adding cameraserver permissions to access system
files.
CRs-Fixed: 1057269
Change-Id: Iefa7474ec1ddcb0efe0689ff065629aa1d99c0b9
|
| | | |\ \ \ |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Current diag access is overly permissive. Restrict diag access
to a whilelist of all domains.
CRs-Fixed: 1052935
Change-Id: I7713f18a10508ef297e2742969dc5f9064cf9b50
|
| | | |\ \ \ \ |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Allow IPACM to open netlink_netfilter_socket.
CRs-Fixed: 1062722
Change-Id: I7ec47c2654b93e5b96ea93e4930cc3b227ca79d0
|
| | | |\ \ \ \ \
| | | | |_|_|/ /
| | | |/| | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Add DRM device node to sepolicy list and provide graphics_device access.
CRs-Fixed: 1064752
Change-Id: I5d65ffaf92617b3942820c0892a0700737c1a07b
|
| | | | |/ / /
| | | |/| | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
1.Carrier overlay apk could be found and loaded in oemfs
2.Carrier Link file could be found in oemfs,such as "lib.so.link"
Change-Id: I5b84094fa4f429095c45c3536e6a193e98786eb2
CRs-Fixed: 1025803
|
| | | |\ \ \ \ |
|
| | | | | |/ /
| | | | |/| |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
time_daemon need search rights to persist file as there are data
files of time_daemon in persist folder.
Change-Id: I1a7a379a7ac62bc994b24329e056580f9712cbfc
CRs-Fixed: 1063858
|
| | | |/ / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Allow qseecomd to access /dev/qsee_ipc_irq_spss,
when using libspl.so , for SP-TZ communication.
CRs-Fixed: 1064092
Change-Id: I5b2624082479d9f9c346aa6acc0cb2235f2f7a63
|