| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Automatic additions to BOARD_SEPOLICY_UNION from Android.mk do not
guarantee order or precedence of rules. More often than not, these
rules get included _after_ the device's own, which makes
it impossible for the device to extend them, or even to use types
defined here.
Manually include these in the device's BoardConfig with
"include device/qcom/sepolicy/sepolicy.mk" before
its own specific BOARD_SEPOLICY_DIRS (if any) instead. Or just
include files piecemeal.
Change-Id: I2ce0c3ec325906a46570b26c5f0c2018390d2ec9
|
|
|
|
|
|
|
|
| |
Replacing all the permissions with macros
Allow all domians except untrusted_app to access diag_device
Restrict untrusted_app to access diag_device
Change-Id: Ibad902746f25a23f10840fae3c0bac65b2ff74e0
|
|
|
|
|
|
|
|
|
| |
Define selinux policy for qfintverify daemon. The daemon requires access to
qce and rng devices.
CRs-fixed: 817860
Change-Id: I13ec23bd283461d0bc098898981ee1060218f95a
|
|
|
|
|
|
|
|
| |
Add context for qmux_socket for nfc service and add execution
permission for nfc_data_file to permit SmartCardService.
Change-Id: I18a925e083a361cfe976a4423a2c41140a8a1caa
CRs-Fixed: 758181
|
|
|
|
|
|
|
|
|
|
|
| |
Adding policy for FIDO deamon to communicate with system_app,
platform_app using binder and init using property socket.
Adding policy for FIDO test authenticator to comunicate with
system_app, platform_app using binder and init using property
socket.
CRs-Fixed: 815779
Change-Id: I6afd01b5a3c0632c1b72599a8096dca931458ba9
|
|
|
|
|
|
| |
Added new rules for seempd and its dependencies.
Change-Id: If250e2df141a1a3f810c44cbafde9565f3b370ea
|
|
|
|
|
|
|
|
| |
Adding policy from other directories maintaining the
order of the policies.
CRs-Fixed: 811138
Change-Id: I0f34fa7ecb5ca90987b2b909e7caad6c768133e4
|
|
|
|
|
|
|
|
| |
The recovery code can now access update packages that may be stored on the
data partition or on the external sdcard.
CRs-Fixed: 817238
Change-Id: Ied0f60556ad1a126e8d5ba4cfea7315521dfbf54
|
|
|
|
|
|
| |
Allowing shell to read /persist partition.
Change-Id: Ib651ec016bc2267e623c0fd08e75fc12d8b1e561
|
|
|
|
|
|
|
| |
Dnsmasq needs getattr permission for netd
fifo file.
Change-Id: I3ac877ce8a45d1de148daf16ebf8eedaeeaf52d8
|
|
|
|
|
|
|
|
|
|
| |
Allow entities with netdomain permission
access to cnd and dpmd
Allow cnd to set socket options
CRs-Fixed: 802399
Change-Id: I0d3a6fed98e88d46bd6ceae0b3c654c1b53ac56f
|
|
|
|
|
|
| |
Add policies for DTS HPX audio effects native service.
Change-Id: I90185029a80d37b65b0b77e00bcd8c0c8582c63e
|
|
|
|
|
|
| |
This reverts commit 8ec06e0f230459de4b2653c28dfc7c6712885061.
Change-Id: Iff01c142a509cf421ac3010ab1f89b6f5c95fc77
|
|
|
|
|
|
|
| |
Add policy for dts configurator service and notifier nodes.
Change-Id: I9a7909dcfb8afff91f7a52e39393f637845896c5
CRs-fixed: 780001
|
|
|
|
|
|
|
| |
Adds policies for the ultrasound daemons,
digital pen system service and system applications
Change-Id: I9193a8625d1e0e707a825a63981b02fc9924a043
|
|
|
|
|
|
|
| |
Define domain polices for native WFD service domain
CRs-Fixed: 781774
Change-Id: Ic6aeddba07e96cac9e2a8c8591d63e06960af9f2
|
|\
| |
| |
| |
| |
| | |
AU_LINUX_ANDROID_LA.BF.1.1.05.00.02.162.248 based on quic/aosp/LA.BF.1.1
Change-Id: Ifef447c365953fba94c5046a5c641c8a3e6b5a7c
|
| |
| |
| |
| |
| |
| | |
Adding policy for IMSCM
Change-Id: I9a552dc5240f0120181aa037061c9bc55f8ef316
|
| |
| |
| |
| |
| |
| |
| |
| | |
Updated vold domain related policy where it need access
to dirty_ratio on proc and update kernel rules where it need
access to the blk file on vold device node
Change-Id: I0aca64860530d291e4c3a374e82a7d623498aa28
|
| |
| |
| |
| |
| |
| |
| | |
Add secure policies for hbtp(host based touch processing)
service which uses device nodes through hbtp daemon
Change-Id: I6dbd17947b1d6d9d4e8f9c2af6771252783ab8a3
|
| |
| |
| |
| |
| |
| |
| | |
Display APT test apps require access to "/data/display-test/media/*"
location for test automation.
Change-Id: If8b17594d129df119707d8212187c3c0e48ddb8e
|
| |
| |
| |
| |
| |
| | |
Add policies for energy-awareness service
Change-Id: I177a8acd4773eb0e8a567437ad3373c7420ebe99
|
|/
|
|
|
|
|
| |
Display APT test apps require access to "/data/display-test/media/*"
location for test automation.
Change-Id: If8b17594d129df119707d8212187c3c0e48ddb8e
|
|
|
|
| |
Change-Id: I905d8d78a759bb02c11f25cb275f642f46181eef
|
|
|
|
|
|
| |
add rule for dhcp to connect to cnd socket.
Change-Id: Ib5572269fd692e01ee5d6521b1c9c6bf72b52cc0
|
|
|
|
|
|
|
|
|
|
|
| |
Playready stores license under /data/data/app_ms. All TZ apps including
Playready would create their own directory under /data/misc/qsee.
To get test apps working with older dir structure, userdebug mode
build would have permision to create directory under /data/data.
Test apps based on newer targets must move to new structure.
Also add policies for secureUI.
Change-Id: Ibc4412ca9e8e065d54263bb46333bd223dfb553d
|
|
|
|
|
|
| |
Add policy file for MMI application.
Change-Id: I0d6f264797c2423255026788aad8653e90567c1f
|
|
|
|
|
|
| |
Using macro for location services
Change-Id: Ic70498c3463803a36718091d43837c2f93e6d34b
|
|
|
|
|
|
|
| |
Moving all wpa related issues to wpa.te and removing unnecessary
files
Change-Id: I610dbb0041ad89489fad2235f3d7cbb0c49edfb8
|
|
|
|
|
|
| |
Removing unused file gloabal_macro.te
Change-Id: If5bd3813b0918ca08bbcebc4339d873f4abb95a9
|
|
|
|
|
|
| |
Adding wcnss domain and secontext needed for this domain.
Change-Id: I905a0e7b3e1672ead5980b81134c4d1a9b5164e5
|
|
|
|
|
|
| |
Adding policy for QTI.
Change-Id: Iea59e6add0540600effdbc117ef6dc7c88055218
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move port-bridge to confined domain and add policies for denials seen
on startup
Allow operations on sockets
[ 21.705807] type=1400 audit(1637.259:22): avc: denied { create } for
pid=993 comm="port-bridge" scontext=u:r:port-bridge:s0 tcontext=
u:r:port-bridge:s0 tclass=netlink_kobject_uevent_socket permissive=1
[ 21.707349] type=1400 audit(1637.259:23): avc: denied { bind } for
pid=993 comm="port-bridge" scontext=u:r:port-bridge:s0 tcontext=
u:r:port-bridge:s0 tclass=netlink_kobject_uevent_socket permissive=1
[ 26.487757] type=1400 audit(1642.049:33): avc: denied { read } for
pid=1681 comm="port-bridge" scontext=u:r:port-bridge:s0 tcontext=
u:r:port-bridge:s0 tclass=netlink_kobject_uevent_socket permissive=1
Allow capabilities
[ 26.487857] type=1400 audit(1642.049:34): avc: denied { dac_override }
for pid=1679 comm="port-bridge" capability=1 scontext=u:r:port-bridge:s0
tcontext=u:r:port-bridge:s0 tclass=capability permissive=1
Allow operations on mhi transport
[ 26.488010] type=1400 audit(1642.049:35): avc: denied { read write }
for pid=1679 comm="port-bridge" name="mhi_pipe_32" dev="tmpfs" ino=12840
scontext=u:r:port-bridge:s0 tcontext=u:object_r:mhi_device:s0
tclass=chr_file permissive=1
[ 26.488093] type=1400 audit(1642.049:36): avc: denied { open } for
pid=1679 comm="port-bridge" path="/dev/mhi_pipe_32" dev="tmpfs" ino=12840
scontext=u:r:port-bridge:s0 tcontext=u:object_r:mhi_device:s0
tclass=chr_file permissive=1
Allow operations on gadget serial device
[ 26.488203] type=1400 audit(1642.049:37): avc: denied { read write }
for pid=1679 comm="port-bridge" name="ttyGS0" dev="tmpfs" ino=10594
scontext=u:r:port-bridge:s0 tcontext=u:object_r:device:s0 tclass=chr_file
permissive=1
[ 26.488267] type=1400 audit(1642.049:38): avc: denied { open } for
pid=1679 comm="port-bridge" path="/dev/ttyGS0" dev="tmpfs" ino=10594
scontext=u:r:port-bridge:s0 tcontext=u:object_r:device:s0 tclass=chr_file
permissive=1
[ 26.488333] type=1400 audit(1642.049:39): avc: denied { ioctl } for
pid=1679 comm="port-bridge" path="/dev/ttyGS0" dev="tmpfs" ino=10594
scontext=u:r:port-bridge:s0 tcontext=u:object_r:device:s0 tclass=chr_file
permissive=1
Change-Id: I7744f75943ebbd4e88193e7d34c9bbd1bf3e4478
|
|
|
|
|
|
| |
Adding policy for ssr_diag and subsystem_ramdump
Change-Id: Ifcf04dd8db700b62dd81b4df82467ec785068405
|
|
|
|
|
|
|
|
|
| |
Added location sepolicies for native processes
and location_app context for apks. Also introduced
policies for location features
CRs-fixed: 736188
Change-Id: Iae597a4e205fff8d7a6fc4a54b719b995472a60a
|
|
|
|
|
|
| |
Updated sepolicies for tee components
Change-Id: Id0f4798c2f0b9a59c71b20088d5e86182481b942
|
|
|
|
|
|
| |
Adding policy for imsdatadaemon, imsqmidaemon, imsrtpdaemon
Change-Id: I72d15fcec36b0c119a258679dcc2eeb61c8ceb7c
|
|
|
|
|
|
|
|
|
| |
Add policies for perfd required for PerfLock.
Add system_server policy to allow it to use mpctl.
Add system_app policy to allow it to use mpctl.
Add mediaserver policy to allow it to use mpctl.
Change-Id: I084e097f0d33d473995fffd7c9da65a52d90b898
|
|
|
|
|
|
| |
Adding few more policies to address bootup denal log
Change-Id: If31bd6cf7e654f407698f4dae5421b382b5f3c14
|
|
|
|
|
|
| |
ssr_setup policy file is now part of the build.
Change-Id: I3bb94935d7d7adc506297b897cb1e793bce518ee
|
|
|
|
|
|
| |
Adding policy for DMPD service.
Change-Id: I4045c9bd4d9ed46a629b889a4ca663a7759579e9
|
|
|
|
|
|
| |
Add policies for IPA user space daemons: ipacm & ipacm-diag
Change-Id: Ib59f9e84074af4674ae1dba1628bb298cde88803
|
|
|
|
|
|
|
|
| |
The rfs_access is started as a service by init process. This change
moves rfs_access to its own domain and also adds relevant policies
to move it to confined domain
Change-Id: I1009fa600a587d4a9fdf53cc306f157b34b51908
|
|
|
|
|
|
|
| |
Enables pp-daemon to start at boot and adds the necessary selinux
policies for it's operation
Change-Id: I450bada4a8f5c5b49e59c2c179897d306a5e8791
|
|
|
|
|
|
| |
Add se policy for qlogd to enable logging.
Change-Id: Iaf3d1795d217f415e4cfb5e9adb44b094991b218
|
|
|
|
|
|
| |
Add type enforcement file for adsprpcd daemon.
Change-Id: Ifdbf5d0f69a70bbffa6f8dad1135939ca638c26b
|
|
|
|
|
|
| |
Add the sepolicy for vm_bms daemon.
Change-Id: Ied81fdb28ebcd599574894475b6e8d58295ce8fd
|
|
|
|
|
|
| |
warnings related usb_uicc_daemon are fixed
Change-Id: I1bdff7f349950ecea1cc6550a39b5589f0e8e789
|
|
|
|
|
|
| |
Adding policy to enable voice add data call
Change-Id: Iae2b204b041689814d49cf0f5d34701ff86ca7ea
|
|
|
|
|
|
|
|
| |
This policy is need to give charger_monitor access to uevent, sysfs
and wake_lock.
CRs-Fixed: 737037
Change-Id: I4a02426c763e1d4e96308e913c1eda913e062231
|