summaryrefslogtreecommitdiffstats
path: root/Android.mk
Commit message (Collapse)AuthorAgeFilesLines
* Do not include common SE policies automaticallyRicardo Cerqueira2015-10-121-9/+10
| | | | | | | | | | | | | | | Automatic additions to BOARD_SEPOLICY_UNION from Android.mk do not guarantee order or precedence of rules. More often than not, these rules get included _after_ the device's own, which makes it impossible for the device to extend them, or even to use types defined here. Manually include these in the device's BoardConfig with "include device/qcom/sepolicy/sepolicy.mk" before its own specific BOARD_SEPOLICY_DIRS (if any) instead. Or just include files piecemeal. Change-Id: I2ce0c3ec325906a46570b26c5f0c2018390d2ec9
* Replacing permissions with macrosAvijit Kanti Das2015-06-261-115/+0
| | | | | | | | Replacing all the permissions with macros Allow all domians except untrusted_app to access diag_device Restrict untrusted_app to access diag_device Change-Id: Ibad902746f25a23f10840fae3c0bac65b2ff74e0
* sepolicy: add selinux policy for FIPS enablementWilliam Clark2015-05-221-0/+1
| | | | | | | | | Define selinux policy for qfintverify daemon. The daemon requires access to qce and rng devices. CRs-fixed: 817860 Change-Id: I13ec23bd283461d0bc098898981ee1060218f95a
* SEAndroid: Adding NFC specific policiesPuneet Mishra2015-04-231-1/+2
| | | | | | | | Add context for qmux_socket for nfc service and add execution permission for nfc_data_file to permit SmartCardService. Change-Id: I18a925e083a361cfe976a4423a2c41140a8a1caa CRs-Fixed: 758181
* Seandroid: Add policy for FIDO daemonsPuneet Mishra2015-04-201-0/+2
| | | | | | | | | | | Adding policy for FIDO deamon to communicate with system_app, platform_app using binder and init using property socket. Adding policy for FIDO test authenticator to comunicate with system_app, platform_app using binder and init using property socket. CRs-Fixed: 815779 Change-Id: I6afd01b5a3c0632c1b72599a8096dca931458ba9
* sepolicy : Add rules for seempdWilliam Clark2015-04-131-0/+1
| | | | | | Added new rules for seempd and its dependencies. Change-Id: If250e2df141a1a3f810c44cbafde9565f3b370ea
* seandroid: Adding policy from other directoriesAvijit Kanti Das2015-04-081-0/+2
| | | | | | | | Adding policy from other directories maintaining the order of the policies. CRs-Fixed: 811138 Change-Id: I0f34fa7ecb5ca90987b2b909e7caad6c768133e4
* sepolicy: recovery: Allow recovery to read from /data and the sdcardAmeya Thakur2015-04-061-1/+2
| | | | | | | | The recovery code can now access update packages that may be stored on the data partition or on the external sdcard. CRs-Fixed: 817238 Change-Id: Ied0f60556ad1a126e8d5ba4cfea7315521dfbf54
* Seandroid: Allow shell to read persist partitionAvijit Kanti Das2015-04-011-0/+1
| | | | | | Allowing shell to read /persist partition. Change-Id: Ib651ec016bc2267e623c0fd08e75fc12d8b1e561
* netd: Allow dnsmasq access to netd fifo fileBryse Flowers2015-03-161-1/+2
| | | | | | | Dnsmasq needs getattr permission for netd fifo file. Change-Id: I3ac877ce8a45d1de148daf16ebf8eedaeeaf52d8
* sepolicy: allow netdomain access to cnd and dpmdSanket Khidkikar2015-03-161-1/+2
| | | | | | | | | | Allow entities with netdomain permission access to cnd and dpmd Allow cnd to set socket options CRs-Fixed: 802399 Change-Id: I0d3a6fed98e88d46bd6ceae0b3c654c1b53ac56f
* SEAndroid: add policies for DTS Eagle native serviceAlexy Joseph2015-02-181-2/+3
| | | | | | Add policies for DTS HPX audio effects native service. Change-Id: I90185029a80d37b65b0b77e00bcd8c0c8582c63e
* Revert "WFD : Add WFD specific security policies"vivek mehta2015-02-121-1/+0
| | | | | | This reverts commit 8ec06e0f230459de4b2653c28dfc7c6712885061. Change-Id: Iff01c142a509cf421ac3010ab1f89b6f5c95fc77
* Seandroid: Add policy for dts configurator and notifier nodesAlexy Joseph2015-02-051-1/+2
| | | | | | | Add policy for dts configurator service and notifier nodes. Change-Id: I9a7909dcfb8afff91f7a52e39393f637845896c5 CRs-fixed: 780001
* SEandroid: Ultrasound: Add policy for ultrasoundRavit Dennis2015-02-011-1/+2
| | | | | | | Adds policies for the ultrasound daemons, digital pen system service and system applications Change-Id: I9193a8625d1e0e707a825a63981b02fc9924a043
* WFD: SELinux policies for native wfdserviceManu Prasad2015-01-271-1/+2
| | | | | | | Define domain polices for native WFD service domain CRs-Fixed: 781774 Change-Id: Ic6aeddba07e96cac9e2a8c8591d63e06960af9f2
* Merge tag 'AU_LINUX_ANDROID_LA.BF.1.1.05.00.02.162.248' into HEADBiswajit Paul2015-01-221-1/+5
|\ | | | | | | | | | | AU_LINUX_ANDROID_LA.BF.1.1.05.00.02.162.248 based on quic/aosp/LA.BF.1.1 Change-Id: Ifef447c365953fba94c5046a5c641c8a3e6b5a7c
| * Seandroid: Adding policy for imscmAvijit Kanti Das2014-12-011-0/+1
| | | | | | | | | | | | Adding policy for IMSCM Change-Id: I9a552dc5240f0120181aa037061c9bc55f8ef316
| * SEAndroid: Updated vold domain related policyRavi Kumar Siddojigari2014-11-201-1/+3
| | | | | | | | | | | | | | | | Updated vold domain related policy where it need access to dirty_ratio on proc and update kernel rules where it need access to the blk file on vold device node Change-Id: I0aca64860530d291e4c3a374e82a7d623498aa28
| * Add secure policies for hbtpMohan Pallaka2014-11-181-1/+2
| | | | | | | | | | | | | | Add secure policies for hbtp(host based touch processing) service which uses device nodes through hbtp daemon Change-Id: I6dbd17947b1d6d9d4e8f9c2af6771252783ab8a3
| * SEAndroid: Allow mediaserver to access media files for testingTatenda Chipeperekwa2014-11-171-1/+2
| | | | | | | | | | | | | | Display APT test apps require access to "/data/display-test/media/*" location for test automation. Change-Id: If8b17594d129df119707d8212187c3c0e48ddb8e
* | Seandroid: Add policy for energy-awareness.Avijit Kanti Das2014-12-151-1/+2
| | | | | | | | | | | | Add policies for energy-awareness service Change-Id: I177a8acd4773eb0e8a567437ad3373c7420ebe99
* | SEAndroid: Allow mediaserver to access media files for testingTatenda Chipeperekwa2014-11-181-1/+2
|/ | | | | | | Display APT test apps require access to "/data/display-test/media/*" location for test automation. Change-Id: If8b17594d129df119707d8212187c3c0e48ddb8e
* WFD : Add WFD specific security policiesManu Prasad2014-11-141-1/+2
| | | | Change-Id: I905d8d78a759bb02c11f25cb275f642f46181eef
* sepolicy: add rule for dhcpBoxiang Pan2014-11-141-1/+2
| | | | | | add rule for dhcp to connect to cnd socket. Change-Id: Ib5572269fd692e01ee5d6521b1c9c6bf72b52cc0
* sepolicy: Update policy for secure componentsDinesh K Garg2014-11-141-0/+1
| | | | | | | | | | | Playready stores license under /data/data/app_ms. All TZ apps including Playready would create their own directory under /data/misc/qsee. To get test apps working with older dir structure, userdebug mode build would have permision to create directory under /data/data. Test apps based on newer targets must move to new structure. Also add policies for secureUI. Change-Id: Ibc4412ca9e8e065d54263bb46333bd223dfb553d
* sepolicy: Add mmi policy files.Mulu He2014-11-121-1/+2
| | | | | | Add policy file for MMI application. Change-Id: I0d6f264797c2423255026788aad8653e90567c1f
* Seandroid: replacing policies with macroAvijit Kanti Das2014-11-031-1/+0
| | | | | | Using macro for location services Change-Id: Ic70498c3463803a36718091d43837c2f93e6d34b
* Seandroid: Moving wpa related policies to wpa.teAvijit Kanti Das2014-11-031-1/+0
| | | | | | | Moving all wpa related issues to wpa.te and removing unnecessary files Change-Id: I610dbb0041ad89489fad2235f3d7cbb0c49edfb8
* Seandroid: Removing unused fileAvijit Kanti Das2014-11-031-1/+0
| | | | | | Removing unused file gloabal_macro.te Change-Id: If5bd3813b0918ca08bbcebc4339d873f4abb95a9
* sepolicy : Define policy for wcnss service domainSamir Mehta2014-11-031-1/+2
| | | | | | Adding wcnss domain and secontext needed for this domain. Change-Id: I905a0e7b3e1672ead5980b81134c4d1a9b5164e5
* Seandroid: Adding policy for QTI.Avijit Kanti Das2014-11-031-0/+1
| | | | | | Adding policy for QTI. Change-Id: Iea59e6add0540600effdbc117ef6dc7c88055218
* port-bridge: Fix denials seen on startup.Subash Abhinov Kasiviswanathan2014-10-301-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move port-bridge to confined domain and add policies for denials seen on startup Allow operations on sockets [ 21.705807] type=1400 audit(1637.259:22): avc: denied { create } for pid=993 comm="port-bridge" scontext=u:r:port-bridge:s0 tcontext= u:r:port-bridge:s0 tclass=netlink_kobject_uevent_socket permissive=1 [ 21.707349] type=1400 audit(1637.259:23): avc: denied { bind } for pid=993 comm="port-bridge" scontext=u:r:port-bridge:s0 tcontext= u:r:port-bridge:s0 tclass=netlink_kobject_uevent_socket permissive=1 [ 26.487757] type=1400 audit(1642.049:33): avc: denied { read } for pid=1681 comm="port-bridge" scontext=u:r:port-bridge:s0 tcontext= u:r:port-bridge:s0 tclass=netlink_kobject_uevent_socket permissive=1 Allow capabilities [ 26.487857] type=1400 audit(1642.049:34): avc: denied { dac_override } for pid=1679 comm="port-bridge" capability=1 scontext=u:r:port-bridge:s0 tcontext=u:r:port-bridge:s0 tclass=capability permissive=1 Allow operations on mhi transport [ 26.488010] type=1400 audit(1642.049:35): avc: denied { read write } for pid=1679 comm="port-bridge" name="mhi_pipe_32" dev="tmpfs" ino=12840 scontext=u:r:port-bridge:s0 tcontext=u:object_r:mhi_device:s0 tclass=chr_file permissive=1 [ 26.488093] type=1400 audit(1642.049:36): avc: denied { open } for pid=1679 comm="port-bridge" path="/dev/mhi_pipe_32" dev="tmpfs" ino=12840 scontext=u:r:port-bridge:s0 tcontext=u:object_r:mhi_device:s0 tclass=chr_file permissive=1 Allow operations on gadget serial device [ 26.488203] type=1400 audit(1642.049:37): avc: denied { read write } for pid=1679 comm="port-bridge" name="ttyGS0" dev="tmpfs" ino=10594 scontext=u:r:port-bridge:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1 [ 26.488267] type=1400 audit(1642.049:38): avc: denied { open } for pid=1679 comm="port-bridge" path="/dev/ttyGS0" dev="tmpfs" ino=10594 scontext=u:r:port-bridge:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1 [ 26.488333] type=1400 audit(1642.049:39): avc: denied { ioctl } for pid=1679 comm="port-bridge" path="/dev/ttyGS0" dev="tmpfs" ino=10594 scontext=u:r:port-bridge:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1 Change-Id: I7744f75943ebbd4e88193e7d34c9bbd1bf3e4478
* Seandroid: Adding policy for ssr.Avijit Kanti Das2014-10-301-0/+2
| | | | | | Adding policy for ssr_diag and subsystem_ramdump Change-Id: Ifcf04dd8db700b62dd81b4df82467ec785068405
* SEAndroid: location policiesTushar Janefalkar2014-10-251-1/+6
| | | | | | | | | Added location sepolicies for native processes and location_app context for apks. Also introduced policies for location features CRs-fixed: 736188 Change-Id: Iae597a4e205fff8d7a6fc4a54b719b995472a60a
* SeAndroid: Updated SEPolices for tee componentsDinesh K Garg2014-10-251-1/+2
| | | | | | Updated sepolicies for tee components Change-Id: Id0f4798c2f0b9a59c71b20088d5e86182481b942
* Seandroid: Add group policy for IMS daemonsAvijit Kanti Das2014-10-251-3/+1
| | | | | | Adding policy for imsdatadaemon, imsqmidaemon, imsrtpdaemon Change-Id: I72d15fcec36b0c119a258679dcc2eeb61c8ceb7c
* sepolicy: add policies for perfdVince Leung2014-10-221-0/+1
| | | | | | | | | Add policies for perfd required for PerfLock. Add system_server policy to allow it to use mpctl. Add system_app policy to allow it to use mpctl. Add mediaserver policy to allow it to use mpctl. Change-Id: I084e097f0d33d473995fffd7c9da65a52d90b898
* Seandroid: Addressing few more denial logsAvijit Kanti Das2014-10-221-1/+1
| | | | | | Adding few more policies to address bootup denal log Change-Id: If31bd6cf7e654f407698f4dae5421b382b5f3c14
* sePolicy : Policy file for ssr_setupAmeya Thakur2014-10-221-1/+2
| | | | | | ssr_setup policy file is now part of the build. Change-Id: I3bb94935d7d7adc506297b897cb1e793bce518ee
* SEAndroidi: Add policy for for dpmSusheel Yadagiri2014-10-221-1/+3
| | | | | | Adding policy for DMPD service. Change-Id: I4045c9bd4d9ed46a629b889a4ca663a7759579e9
* seandroid: Add policies for IPAAvijit Kanti Das2014-10-221-1/+2
| | | | | | Add policies for IPA user space daemons: ipacm & ipacm-diag Change-Id: Ib59f9e84074af4674ae1dba1628bb298cde88803
* SEAndroid: Add policy rules for rfs_access daemonNikhilesh Reddy2014-10-221-0/+1
| | | | | | | | The rfs_access is started as a service by init process. This change moves rfs_access to its own domain and also adds relevant policies to move it to confined domain Change-Id: I1009fa600a587d4a9fdf53cc306f157b34b51908
* Seandroid: Enable PP daemon at bootAvijit Kanti Das2014-10-221-0/+1
| | | | | | | Enables pp-daemon to start at boot and adds the necessary selinux policies for it's operation Change-Id: I450bada4a8f5c5b49e59c2c179897d306a5e8791
* sepolicy: Add policies for qlogdjinwu2014-10-221-1/+2
| | | | | | Add se policy for qlogd to enable logging. Change-Id: Iaf3d1795d217f415e4cfb5e9adb44b094991b218
* SEAndroid: Add policy for adsprpcd daemonAvijit Kanti Das2014-10-221-1/+2
| | | | | | Add type enforcement file for adsprpcd daemon. Change-Id: Ifdbf5d0f69a70bbffa6f8dad1135939ca638c26b
* SePolicy: Define sepolicy for vm_bmsJie Cheng2014-10-221-0/+1
| | | | | | Add the sepolicy for vm_bms daemon. Change-Id: Ied81fdb28ebcd599574894475b6e8d58295ce8fd
* sepolicy: add sepolicy for USB UICC daemonTarun Gupta2014-10-221-2/+4
| | | | | | warnings related usb_uicc_daemon are fixed Change-Id: I1bdff7f349950ecea1cc6550a39b5589f0e8e789
* Seandroid: Add policy to enable voice and data callAvijit Kanti Das2014-10-201-1/+2
| | | | | | Adding policy to enable voice add data call Change-Id: Iae2b204b041689814d49cf0f5d34701ff86ca7ea
* SePolicy: Define sepolicy for charger_monitor.Jie Cheng2014-10-201-0/+1
| | | | | | | | This policy is need to give charger_monitor access to uevent, sysfs and wake_lock. CRs-Fixed: 737037 Change-Id: I4a02426c763e1d4e96308e913c1eda913e062231
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-28 08:02:50 +0000