summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* legacy: Resolve hal_gnss_default deniallineage-15.1Michael Bestas2018-11-251-0/+1
| | | | | | | * This comes up when switching gnss to hwbinder * Mimic the old location rule to resolve the denial Change-Id: I118ac5fad75f7ab02ccf4a728c2bc67a9eb57752
* mm-qcamerad: move move snap_app:fd use perms to commonjrior0012018-10-072-2/+1
| | | | | | * more than just legacy needs this Change-Id: Id345d69835f495d9ca6813d6ea55433631e53c97
* sepolicy: Reflect the fact that Snap has now a defined domainsb65962018-10-061-1/+1
| | | | | | | * This adapts rule added in commit 710d097, as required after https://github.com/LineageOS/android_device_lineage_sepolicy/commit/e61f6cdc33cbaa181790a4bc0e0d9ffff3b6fe2b Change-Id: I617d65d348b70174a8c0308332f50992f09ecd13
* allow mm-qcamerad to use platform_app fdjrior0012018-09-221-1/+1
| | | | | | | | | | | * fixes the following denial mm-qcamera-daem: type=1400 audit(0.0:15): avc: denied { use } for path="anon_inode:dmabuf" dev="anon_inodefs" ino=5959 scontext=u:r:mm-qcamerad:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=fd permissive=0 BUGBASH-2287 Change-Id: I9a4af24d3c4bfafb29b029ead90681bfc370f280
* msm8960: Fix compilationMarco Zanin (B--B)2018-07-141-2/+0
| | | | | | | * Remove rules that cause build breakages Change-Id: Iaefab105ed52178f3c7d356aa2782147df8d2fbf Signed-off-by: Marco Zanin (B--B) <mrczn.bb@gmail.com>
* Allow binderized keymaster HAL access to firmware files.Danny Baumann2018-07-021-0/+2
| | | | Change-Id: I7fe1bfd28117dc61354e65cf4c3ea2ff9880ae0a
* sepolicy: Allow perf HAL to set freq propsBruno Martins2018-06-231-1/+3
| | | | | | | | | | | | * Addresses the following errors caught in a log: E ANDR-PERF-TARGET-INIT: Inside InitializeTarget W vendor.qti.hard: type=1400 audit(0.0:12): avc: denied { write } for name="property_service" dev="tmpfs" ino=14909 scontext=u:r:hal_perf_default:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 W vendor.qti.hard: type=1400 audit(0.0:13): avc: denied { write } for name="property_service" dev="tmpfs" ino=14909 scontext=u:r:hal_perf_default:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 W libc : Unable to set property "ro.min_freq_0" to "384000": connection failed; errno=13 (Permission denied) W libc : Unable to set property "ro.min_freq_4" to "384000": connection failed; errno=13 (Permission denied) Change-Id: I6de28c23fdb816faad0eaf45e8f4d793865d6eea
* legacy: allow gnss to create dir for xtra datajrior0012018-06-171-0/+1
| | | | Change-Id: I925ef41fa713e829b932cc502a6820ad9f8e3037
* legacy: Add rules for init.qcom.bt.shMichael Bestas2018-06-171-2/+9
| | | | | | | | | * Turns out we need to use init.qcom.bt.sh instead of running hci_qcomm_init directly, as that causes BT to take longer than 10 seconds to enable on first time it's enabled after boot Change-Id: I0ee4a645d3828429b2deb0464f78090f49c9eb7b
* common: Fix labelling of lcd-backlightMichael Bestas2018-06-121-1/+1
| | | | | | * Codeaurora strikes again with a wrong regex Change-Id: Id1be8ab8c264f05d3c1ddd3c622495a220fd074f
* sepolicy: Allow mm-qcamerad to access v4L "name" nodeBruno Martins2018-06-044-58/+5
| | | | | | | * Label additional nodes and add it as common rule, since it doesn't apply only to msm8953. Change-Id: I42b329d782795feed776b09d5c12d89be9bac868
* sepolicy: Fix video4linux "name" node labelingBruno Martins2018-06-042-6/+6
| | | | | | Do u even regex, br0? Change-Id: If907448d394f967268c9f72051bec5a47220087b
* sepolicy: allow vold to read persist dirsjrior0012018-05-211-0/+2
| | | | Change-Id: Ibff5485fcaebc181d9aa17fcea38cf4ae3146193
* sepolicy: qti_init_shell needs to read dir toojrior0012018-05-211-1/+1
| | | | Change-Id: I35e8bbffb44626c95f3d59adb4d97bc07da043a4
* msm8916: Label the FRP partitionRicardo Cerqueira2018-05-211-0/+1
| | | | | | * Partial cherry-pick of commit 3aaeeceb270dc6c8af8dd9a95fa8b9e33097ff50 Change-Id: Ifa500ca57dc71831074a39fb5b05246c12cd0d4c
* legacy: Make WCNSS props readable to hci_qcomm_initBruno Martins2018-05-211-1/+2
| | | | Change-Id: I3a9d988f75f64b45d1abb952b771a7e9bb30cac8
* legacy: Resolve msm8992/4 perfd denialsMichael Bestas2018-05-202-1/+4
| | | | Change-Id: Ibef3bd2704b8edbefb90085c7c246ab832646300
* legacy: perf: allow checking for existence of other processes (signull)Matt Wagantall2018-05-201-0/+3
| | | | | | | | | | | | | | | | Certain perfd optimizations depend on this ability. Change-Id: Ib994cf879db73c02d8c79c8b7e6a8a855496c6be sepolicy: perfd: fix signull permission Commit 1a20a7fbc2 ("sepolicy: perf: allow checking for existence of other processes (signull)") was implemented incorrectly. It granted perfd only permissions to signull itself, not other processes. Fix this, granting signull permissions to all processes by using the 'domain' attribute. Change-Id: I5ea7c543ba5854550bb020382b43368d75244f32
* legacy: Label BT_QCA6174 sysfs filesLuK13372018-05-201-0/+2
| | | | | | | | | | | | | Qcom sepolicy only covers bt_qca6174, while our devices uses bt_qca6174.91. Label using a regex to make sure every case is covered. This fixes the following denial. avc: denied { write } for comm="hci_thread" name="state" dev="sysfs" ino=17919 scontext=u:r:bluetooth:s0 tcontext=u:object_r:sysfs:s0 tclass=file And should also fix bluetooth. Change-Id: Ice453dee8750e6c9ca6b1fe6cb20709c39958c7e
* legacy: Fix msm8992/4 mm-qcamerad sysfs denialsMichael Bestas2018-05-202-0/+4
| | | | | | * Label as sysfs_graphics like non-legacy sysfs Change-Id: Iadccb98b26cc704e84ff4c85ee3eadc2fcc95f0c
* legacy: Fix labelling msm8992/4 SSR sysfsMichael Bestas2018-05-201-1/+1
| | | | Change-Id: Ia282fc2cb3e70b407a5c7a0b045a4cb68dc80188
* legacy: Fix more msm8916 perfd denialsMichael Bestas2018-04-302-0/+4
| | | | Change-Id: If5cd58caad0c4f084764f21ab1fbb5c5b11be371
* Escape '.' characterMichael Bestas2018-04-2119-792/+792
| | | | Change-Id: I3d3c1c2d0c04f8dc77037cbf47ce7b1452fe8c33
* sepolicy: Remove leftover foldersMichael Bestas2018-04-2114-624/+0
| | | | | | | msmpeafowl: sdm670 msmskunk: sdm845 Change-Id: I1c71c14af53123cc7852cd7948ee66575323d239
* legacy: Consistent indentationMichael Bestas2018-04-204-33/+33
| | | | Change-Id: I44dcf57ec36e3ecd0674d84f8fe1f8a98ee71d28
* legacy: Address mm-pp-daemon denialsLuK13372018-04-205-0/+11
| | | | Change-Id: I9b5f18936b3b7dc362b81750b24af41810ea847e
* legacy: Allow thermal-engine to read sysfs_spmi_devLuK13372018-04-201-0/+2
| | | | Change-Id: I11b65ea2a853b7b71652ef8bc4447bc554a8393a
* legacy: Add debugfs rules for rmt_storageBruno Martins2018-04-203-0/+8
| | | | Change-Id: Id29dbfe25a979ff8257ba5f4f6fe94ec2c2b471c
* legacy: Allow hal_graphics_allocator_default access sysfs_graphicsNikolas Lim2018-04-201-0/+1
| | | | Change-Id: Ibf48ea3a61e3ff08feb2e24287dee39d2ebe3889
* legacy: Allow hal_graphics_composer_default read firmwareMichael Bestas2018-04-201-0/+1
| | | | Change-Id: I9a65a68b0de351cd072a4aa4b66f78a7b082d354
* legacy: Allow bluetooth_loader read persistMichael Bestas2018-04-201-0/+2
| | | | Change-Id: I1696d40518a6193a335e4930e5b576b7dda86f0d
* legacy: Address perfd denialsLuK13372018-04-203-0/+10
| | | | Change-Id: If569ce1cb560a19123b1b7bfae5e10e653825f35
* legacy: Allow perfd write to sysfs_kgslMichael Bestas2018-04-201-0/+1
| | | | | | * msm8916 perfd wants to write to "max_pwrlevel" Change-Id: I86e9f7ac7cc82f3d8605d215aa39171b385ecc61
* legacy: Allow qcom power HAL to interact with perfdMichael Bestas2018-04-201-0/+1
| | | | | | * We applied this for mpdecision, perfd needs it too Change-Id: Ib43f7575cefdeddcc02a3a6240c6f38aef18300d
* hal_gnss_default: Do not log udp socket failuresSubash Abhinov Kasiviswanathan2018-04-201-0/+9
| | | | | | | | | | | | | | | | | | hal_gnss_default uses data services API's to use data related functionality for SUPL/E911 call. This was internally using internet datagram sockets for IOCTL calls to retrieve interface name leading to this denial. Since HAL is not supposed to have this permission, use netlink route sockets instead to achieve this functionality. Fixes the following denial - audit(0.0:94): avc: denied { create } for comm="Loc_hal_worker" scontext=u:r:hal_gnss_default:s0 tcontext=u:r:hal_gnss_default:s0 tclass=udp_socket permissive=0 BUG:37730994 Change-Id: If358032ffcf870747d6bca4fa50fb45214d70f8c
* sepolicy: Ignore more hal_memtrack denialsMichael Bestas2018-04-201-1/+2
| | | | | | * They are harmless Change-Id: Idb7947558a8af876e93fa02168da144d9373c9c9
* sepolicy : add secontext for eMMC blocksHimanshu Agrawal2018-04-201-0/+6
| | | | | | Adding context to boot, recovery, cache and system block device Change-Id: I5604c5ab842483760947d6fcb348d0723c9908b1
* sepolicy: rules to allow camera daemon access to app bufferNirmal Abraham2018-04-201-1/+1
| | | | | | | | | | | | | | | | | | | | Add rule to allow mm-qcamera daemon to import the fd which is allocated in app's context. Change-Id: Icdc13cf34cef98a2529b79ee61900b5130585b0d sepolicy: Allow camera daemon to access priv_app buffer. Add rule to allow mm-qcamera daemon to import the fd which is allocated in app's context. This is required for VT call camera preview to work. Change-Id: Iea4d82a44f42715ca888960549494e788dd99563 CRs-Fixed: 2133945 [mikeioannina]: Move to common sepolicy Change-Id: I6e1c48df94b31132f5b1f9afa3a07ccc3c4aab4d
* sepolicy: Fix warnings related to set_propMichael Bestas2018-04-202-2/+0
| | | | | | | * The props are already set using set_prop, remove useless unix_socket_connect Change-Id: Ib27edc72e678bd4fc1a0d6f336be5020b0757673
* Merge tag 'LA.UM.6.6.r1-07200-89xx.0' of ↵Michael Bestas2018-04-0513-0/+80
|\ | | | | | | | | | | https://source.codeaurora.org/quic/la/device/qcom/sepolicy into HEAD "LA.UM.6.6.r1-07200-89xx.0"
| * Merge f17538977d842e8d1096abc10a4bdf7da01c5dc5 on remote branchLinux Build Service Account2018-03-2524-24/+135
| |\ | | | | | | | | | Change-Id: I47b8996b7913f264864ecc9c0e69194390b7b01d
| | * Merge "Add appropriate selabel to ImageFv partition."Linux Build Service Account2018-03-149-0/+13
| | |\
| | | * Add appropriate selabel to ImageFv partition.padarshr2018-03-129-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since ImageFv is now an upgradable A/B partition, adding appropriate selabel to it. Even though this partition is added to sdm845 presently, assigning the label to all targets, so that OTA won't be broken if/when ImageFv partition is added in other targets. Change-Id: I188edb41aeb86945277d1ab4fabb885678c2a4ed
| | * | sepolicy: initial qmmf-webserver sepolicy drop.Suresh Kumar Sugguna2018-03-125-0/+67
| | |/ | | | | | | | | | | | | | | | Add qmmf webserver and corresponding permissions Change-Id: I85e0bb7be9a30992d8ff565a9cfc2f839e09f957
* | | Merge tag 'LA.UM.6.4.r1-07600-8x98.0' of ↵Michael Bestas2018-04-0515-24/+55
|\ \ \ | | | | | | | | | | | | | | | | | | | | https://source.codeaurora.org/quic/la/device/qcom/sepolicy into HEAD "LA.UM.6.4.r1-07600-8x98.0"
| * \ \ Merge dd737e453e934e2607c84efd966200bdad622534 on remote branchLinux Build Service Account2018-03-1816-24/+59
| |\ \ \ | | | |/ | | |/| | | | | Change-Id: Ic4f826280c302fad5805d9b5873c1ab4e9ec5f5b
| | * | Adding rule for radio to access perf halVarun Garg2018-03-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Adding rule for radio daemon to access perf hal Change-Id: Ib805d97363d697bd49434364ea77d475c0a91542
| | * | Merge "sesepolicy: Add permission to spdaemon to access SSR channel"Linux Build Service Account2018-03-073-0/+7
| | |\ \
| | | * | sesepolicy: Add permission to spdaemon to access SSR channelKineret Berger2018-03-053-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of using sp_keymaster for SSR notifications, we'll use a dummy channel - spdaemon_ssr. Change-Id: If6e83d470b7bf437f9935c9953a5fbc8bfe6e452
| | * | | Merge "sepolicy: qcs605: Add contexts for storsec_[ab] block device"Linux Build Service Account2018-03-071-0/+4
| | |\ \ \
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-28 08:44:03 +0000