summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* msm8960: Remove the references to misc_devicecm-14.0Adrian DC2016-10-181-1/+1
| | | | | | | * Fix the missing type removed in commit I4c29491abef1f235a190bcd1e157aec406fac2fa Change-Id: Ie5d4cb5c550768a117369493bcfb95c7e19f4f06
* Revert "uncrypt needs to write to the BCB"Steve Kondik2016-10-171-4/+0
| | | | | | This reverts commit f2ce603429b7a83cb0e69b2e45fc782148fd152e. Change-Id: Id4cc66138057f3fd10f0deafd6d5290fccddbf1f
* Merge tag 'LA.UM.5.5.r1-00900-8x96.0' of ↵Steve Kondik2016-10-1799-20/+1741
|\ | | | | | | | | | | | | | | git://codeaurora.org/device/qcom/sepolicy into cm-14.0 "LA.UM.5.5.r1-00900-8x96.0" Change-Id: I1a53f98a3bfb51c0b087be8ce85d420419fa5aa1
| * Merge d22eecffecc4bc284dd053b01181c854e3a0df2a on remote branchLinux Build Service Account2016-10-1020-13/+52
| |\ | | | | | | | | | Change-Id: Icfd788c2bb5484128ab08a7eb16a807e53794636
| | * Promotion of sepolicy.lnx.2.0-00040.Linux Build Service Account2016-10-0411-11/+22
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 994517 Ie15eece2cde55b921f976fc9f369333ea9e8efc1 Permissions needed for LOWI 936950 Ia4b0bd9d8a24b596ff6186501378a031112e33d2 sepolicy: Add set property permission for irq balance 1069576 I4c29491abef1f235a190bcd1e157aec406fac2fa common: Remove the references to misc_device 1070928 Idb2bf7cb3894421ef78354cb965e7fbb77627172 msmcobalt: file_context: Add file context for non-hlos m 1073791 I39c7b4b81ce0ebc91abe14fc153088e710d195fa Allow apps to find imscm service 1066977 I2772dc300bb3cfdbe39a5bede8d653aa35eea14a voiceprint: update configuration to address permission i Change-Id: I1a38188cd9faea48cd97c94cc2c61904c1b1bdd9 CRs-Fixed: 1073791, 936950, 1069576, 994517, 1070928, 1066977
| | | * Merge "Allow apps to find imscm service"Linux Build Service Account2016-10-033-1/+3
| | | |\
| | | | * Allow apps to find imscm serviceZhao Fan2016-10-033-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apps fails to connect to imscm service. Allow it to find imscm service Change-Id: I39c7b4b81ce0ebc91abe14fc153088e710d195fa CRs-Fixed: 1073791
| | | * | Merge "Permissions needed for LOWI"Linux Build Service Account2016-10-031-1/+5
| | | |\ \ | | | | |/ | | | |/|
| | | | * Permissions needed for LOWIDante Russo2016-09-281-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To use a per-interface socket during Plug-Fest ANQP testing CRs-fixed: 994517 Change-Id: Ie15eece2cde55b921f976fc9f369333ea9e8efc1
| | | * | Merge "common: Remove the references to misc_device"Linux Build Service Account2016-09-294-8/+1
| | | |\ \
| | | | * | common: Remove the references to misc_deviceAmeya Thakur2016-09-214-8/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | AOSP now defines the misc partition with it's own label. Removing references to the older one from the internal sepolicy files. CRs-Fixed: 1069576 Change-Id: I4c29491abef1f235a190bcd1e157aec406fac2fa
| | | * | | Merge "voiceprint: update configuration to address permission issue"Linux Build Service Account2016-09-291-1/+3
| | | |\ \ \ | | | | |_|/ | | | |/| |
| | | | * | voiceprint: update configuration to address permission issueGarmond Leung2016-09-191-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some configurations were missing from the current te file Change-Id: I2772dc300bb3cfdbe39a5bede8d653aa35eea14a CRs-Fixed: 1066977
| | | * | | Merge "msmcobalt: file_context: Add file context for non-hlos mount points"Linux Build Service Account2016-09-272-0/+9
| | | |\ \ \
| | | | * | | msmcobalt: file_context: Add file context for non-hlos mount pointsAmeya Thakur2016-09-262-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The non-hlos mount points(/firmware and /bt_firmware) are now built as a part of the image rather than being created on the fly. Adding the labels for both of them here. Also added a rule to allow init to mount the non-hlos partitions on the same. Change-Id: Idb2bf7cb3894421ef78354cb965e7fbb77627172
| | | * | | | Merge "sepolicy: Add set property permission for irq balance"Linux Build Service Account2016-09-271-0/+1
| | | |\ \ \ \ | | | | |/ / / | | | |/| | |
| | | | * | | sepolicy: Add set property permission for irq balancevaibhav bhalla2016-09-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sepolicy changes needed on new OS to support IRQ Balance. This property need to set during early boot. CRs-Fixed: 936950 Change-Id: Ia4b0bd9d8a24b596ff6186501378a031112e33d2
| | * | | | | Promotion of sepolicy.lnx.2.0-00039.Linux Build Service Account2016-09-274-2/+7
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 1036981 Ia0cfce4e3c00e4ad67c13a1a3f37e82e8435a2ab selinux: restorecon interactive sysfs files before use 1070511 1070968 Ic618467a6c219828041c3f47d7696dca47cf62f4 sepolicy: restore persist-time file 1067815 Sepolicy: Allow mediaserver to access media_settings_xml Change-Id: Ifd64de7b52339c7a56de49f6d3e4b6567668146c CRs-Fixed: 1067815, 1070968, 1070511, 1036981
| | | * | | | Merge "selinux: restorecon interactive sysfs files before use"Linux Build Service Account2016-09-261-1/+2
| | | |\ \ \ \ | | | | |/ / / | | | |/| | |
| | | | * | | selinux: restorecon interactive sysfs files before useSwetha Chikkaboraiah2016-09-211-1/+2
| | | | | |/ | | | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Interactive files in sysfs receives the default sysfs type. Allow int_shell-sh domain to restorecon these to sysfs_devices_system_cpu. Change-Id: Ia0cfce4e3c00e4ad67c13a1a3f37e82e8435a2ab
| | | * | | Merge "sepolicy: restore persist-time file"Linux Build Service Account2016-09-261-0/+1
| | | |\ \ \
| | | | * | | sepolicy: restore persist-time fileAmir Samuelov2016-09-231-0/+1
| | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was accidentally removed, so restore it for time daemon. CRs-Fixed: 1070511 Change-Id: Ic618467a6c219828041c3f47d7696dca47cf62f4
| | | * / / Sepolicy: Allow mediaserver to access media_settings_xml_propSanjay Singh2016-09-232-1/+4
| | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | mediaserver should be able to access media_settings_xml_prop. change-Id: Ia099814177b7be00109c6a5cf5417317376b8ca0
| | * | | Promotion of sepolicy.lnx.2.0-00038.Linux Build Service Account2016-09-228-0/+25
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 1050368 I4548c0bec2192e7f182739289b8d8c51ac0dbbf8 common: Add SELinux policy for Android N fastmmi 1068549 I3d107cf871645383d0f7de548f0d55515dd7240e sepolicy: Update rmt_storage and rfs_access 1042922 I999815c1771583ba495a078cf333302bdef6ca5d sepolicy: Add rule to have permissions to cache recovery 1066935 I0bb0f5e8e060090b0bc470a7113b23ce8cc4a964 sepolicy: allow init script to read GPU frequencies sysf Change-Id: Idd49140d233f63a868944144950bc0a9fc99a9cc CRs-Fixed: 1068549, 1066935, 1042922, 1050368
| | | * | Merge "sepolicy: allow init script to read GPU frequencies sysfs node"Linux Build Service Account2016-09-214-0/+10
| | | |\ \
| | | | * | sepolicy: allow init script to read GPU frequencies sysfs nodeJonathan Wicks2016-09-144-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | init script will read GPU frequencies from sysfs node and copy the values to a system property to allow 3rd party apps that rely on these frequencies to still work. CRs-Fixed: 1066935 Change-Id: I0bb0f5e8e060090b0bc470a7113b23ce8cc4a964
| | | * | | Merge "sepolicy: Update rmt_storage and rfs_access"Linux Build Service Account2016-09-212-0/+8
| | | |\ \ \
| | | | * | | sepolicy: Update rmt_storage and rfs_accessNikhilesh Reddy2016-09-192-0/+8
| | | | | |/ | | | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the rmt_storage and rfs_access policy to add: 1) Write perms to the kmsg device 2) Capability net_bind_service CRs-Fixed: 1068549 Change-Id: I3d107cf871645383d0f7de548f0d55515dd7240e
| | | * | | Merge "common: Add SELinux policy for Android N fastmmi"Linux Build Service Account2016-09-191-0/+2
| | | |\ \ \ | | | | |/ / | | | |/| |
| | | | * | common: Add SELinux policy for Android N fastmmitaozhang2016-09-131-0/+2
| | | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add SELinux policy for Android N fastmmi WIFI case need new policy CRs-Fixed: 1050368 Change-Id: I4548c0bec2192e7f182739289b8d8c51ac0dbbf8
| | | * | Merge "sepolicy: Add rule to have permissions to cache recovery file"Linux Build Service Account2016-09-191-0/+5
| | | |\ \
| | | | * | sepolicy: Add rule to have permissions to cache recovery fileBrahmaji K2016-09-131-0/+5
| | | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add selinux rules to have permissions to create, read and write permissions to /cache/recovery/command file, which is required to wipe the data when maximum wrong attempts of password reached. CRs-fixed: 1042922 Change-Id: I999815c1771583ba495a078cf333302bdef6ca5d
| * | | | common: Add SELinux policy for Android N fastmmitaozhang2016-09-241-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add SELinux policy for Android N fastmmi WIFI case need new policy CRs-Fixed: 1050368 Change-Id: I4548c0bec2192e7f182739289b8d8c51ac0dbbf8
| * | | | Merge bd14aa20396870842e312ec60199e30793550f23 on remote branchLinux Build Service Account2016-09-2254-7/+562
| |\| | | | | | | | | | | | | | | | | | Change-Id: Ib075149ef84cdbfeafde9bf7b9e966488db42e17
| | * | | Promotion of sepolicy.lnx.2.0-00034.Linux Build Service Account2016-09-1454-7/+562
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRs Change ID Subject -------------------------------------------------------------------------------------------------------------- 1057269 Iefa7474ec1ddcb0efe0689ff065629aa1d99c0b9 sepolicy: Adding permissions for camerasever. 1052935 I7713f18a10508ef297e2742969dc5f9064cf9b50 sepolicy: Restrict diag access available to domains 1064092 I5b2624082479d9f9c346aa6acc0cb2235f2f7a63 sepolicy: allow qseecomd to access qsee_ipc_irq_spss dev 1050321 1063858 I9ddd96bf9882fc73dc83b62af24b74670eb36792 Add policy for persist time folder 1063858 I1a7a379a7ac62bc994b24329e056580f9712cbfc Add search rights to persist file for time_daemon 1056052 Ic2ff9b497d7a0b0dca91b72c328b3eb5cda17cce netmgrd: Enable support for destroying TCP sockets throu 1025803 I5b84094fa4f429095c45c3536e6a193e98786eb2 sepolicy:Add oemfs ruler for carrier switch 1063804 Idcdddd06df9d959e78ee80a36c890c8560c41350 sepolicy: Allow mmi access boot mode prop 1064752 I5d65ffaf92617b3942820c0892a0700737c1a07b sepolicy: Add DRM device node to sepolicy file_contexts 1063341 I7ac989f3f26b3d084454cef3e12a44eef083975c sepolicy: allow spdaemon to access cryptoapp device node 1062722 I7ec47c2654b93e5b96ea93e4930cc3b227ca79d0 Sepolicy: allow ipacm to create netfilter socket 1038954 I41cc8a41b096c1b03f43472d1bce51638fa87976 sepolicy: Add adsrpc permission to camera server. Change-Id: I76fb1c8ad1b9767638f2aa99cdff4de665d11f77 CRs-Fixed: 1025803, 1063341, 1052935, 1064752, 1063804, 1057269, 1056052, 1038954, 1063858, 1050321, 1064092, 1062722
| | | * | sepolicy: Add adsrpc permission to camera server.Mridul Singh2016-09-131-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fd-dsp needs to access DSP using FastRPC. Hence added permission for daemon CRs-Fixed: 1038954 Change-Id: I41cc8a41b096c1b03f43472d1bce51638fa87976
| | | * | Merge "netmgrd: Enable support for destroying TCP sockets through diag"Linux Build Service Account2016-09-131-0/+1
| | | |\ \ | | | | |/ | | | |/|
| | | | * netmgrd: Enable support for destroying TCP sockets through diagSubash Abhinov Kasiviswanathan2016-08-171-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This enables the SOCK_DESTROY feature for TCP sockets. When changing networks, this is needed to close all blocking calls on existing sockets and return ECONNABORTED and close the socket gracefully. The other end of the connection is sent a RST to notify this event. This feature was earlier implemented using IOCTL SIOCKILLADDR and called a custom function tcp_nuke_addr internally. This functionality will be deprecated going forward in favor of SOCK_DESTROY. Add support for netmgrd to use this method of destroying sockets. Fix the following denial - [ 26.041163] type=1400 audit(1471467994.893:67): avc: denied { create } for pid=1548 comm="netmgrd" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=netlink_tcpdiag_socket permissive=0 CRs-Fixed: 1056052 Change-Id: Ic2ff9b497d7a0b0dca91b72c328b3eb5cda17cce
| | | * | Merge "sepolicy: Adding permissions for camerasever."Linux Build Service Account2016-09-121-0/+1
| | | |\ \
| | | | * | sepolicy: Adding permissions for camerasever.Mridul Singh2016-09-121-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding cameraserver permissions to access system files. CRs-Fixed: 1057269 Change-Id: Iefa7474ec1ddcb0efe0689ff065629aa1d99c0b9
| | | * | | Merge "sepolicy: Restrict diag access available to domains"Linux Build Service Account2016-09-1231-5/+95
| | | |\ \ \
| | | | * | | sepolicy: Restrict diag access available to domainsBiswajit Paul2016-09-1231-5/+95
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Current diag access is overly permissive. Restrict diag access to a whilelist of all domains. CRs-Fixed: 1052935 Change-Id: I7713f18a10508ef297e2742969dc5f9064cf9b50
| | | * | | | Merge "Sepolicy: allow ipacm to create netfilter socket"Linux Build Service Account2016-09-121-0/+3
| | | |\ \ \ \
| | | | * | | | Sepolicy: allow ipacm to create netfilter socketSkylar Chang2016-09-121-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow IPACM to open netlink_netfilter_socket. CRs-Fixed: 1062722 Change-Id: I7ec47c2654b93e5b96ea93e4930cc3b227ca79d0
| | | * | | | | Merge "sepolicy: Add DRM device node to sepolicy file_contexts list"Linux Build Service Account2016-09-121-0/+3
| | | |\ \ \ \ \ | | | | |_|_|/ / | | | |/| | | |
| | | | * | | | sepolicy: Add DRM device node to sepolicy file_contexts listJeykumar Sankaran2016-09-081-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add DRM device node to sepolicy list and provide graphics_device access. CRs-Fixed: 1064752 Change-Id: I5d65ffaf92617b3942820c0892a0700737c1a07b
| | | * | | | | sepolicy:Add oemfs ruler for carrier switchjinfaw2016-09-1215-1/+415
| | | | |/ / / | | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.Carrier overlay apk could be found and loaded in oemfs 2.Carrier Link file could be found in oemfs,such as "lib.so.link" Change-Id: I5b84094fa4f429095c45c3536e6a193e98786eb2 CRs-Fixed: 1025803
| | | * | | | Merge "Add search rights to persist file for time_daemon"Linux Build Service Account2016-09-091-0/+2
| | | |\ \ \ \
| | | | * | | | Add search rights to persist file for time_daemonMao Jinlong2016-09-091-0/+2
| | | | | |/ / | | | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | time_daemon need search rights to persist file as there are data files of time_daemon in persist folder. Change-Id: I1a7a379a7ac62bc994b24329e056580f9712cbfc CRs-Fixed: 1063858
| | | * / | | sepolicy: allow qseecomd to access qsee_ipc_irq_spss device nodeAmir Samuelov2016-09-093-1/+7
| | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow qseecomd to access /dev/qsee_ipc_irq_spss, when using libspl.so , for SP-TZ communication. CRs-Fixed: 1064092 Change-Id: I5b2624082479d9f9c346aa6acc0cb2235f2f7a63
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-01 14:12:16 +0000