| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Add policies for energy-awareness service
Change-Id: I177a8acd4773eb0e8a567437ad3373c7420ebe99
|
|\ |
|
| |
| |
| |
| |
| |
| | |
added rule for getattr for dpmd
Change-Id: I23516a8f96751ef7556673d52fc23feb63f40489
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| | |
UICC properties has been changed to start with sys.usb_uicc instead of
usb_uicc to better align naming with android properties. Update the
sepolicy to reflect this change.
Change-Id: Ib0f3239c8a7cad5bb844b101e59080d7f7e62730
|
|/
|
|
|
|
| |
Allow sensor daemon to access execmem to supress denial for execmem.
Change-Id: I535996736e94eb6d323de28c38b1bb70b0fd3a05
|
|
|
|
|
|
|
|
| |
Update the sepolicy for RFS and RMTS to include all new
permissions required and add the tftp_server to the RFS
domain.
Change-Id: I1dc0c062ef21cf9eca1f365291ec7ff5733c7c8e
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
system apps need to access sensors settings file in persist partition
to enable or disable sensors in debug & eng builds.
Change-Id: I2cd7ddface6cf7f21cd8b0294c71740945977cd9
|
|/
|
|
|
|
| |
pm-proxy is now supported by sepolicy.
Change-Id: Ia70138aa1f499cab781997b8c3f132cc781a29dd
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
sensor daemon needs net_bind_service capability to work
on top of QMI.
Change-Id: Iaa6b3ab80774353f6cf2f5a42f4bfea0590bf14b
|
|/
|
|
|
|
|
| |
add rule for DPM data file for db file
and removed duplicate rules
Change-Id: Ieed4f0b1cf19df06c04528245a0c6b799518542a
|
|
|
|
| |
Change-Id: I905d8d78a759bb02c11f25cb275f642f46181eef
|
|
|
|
|
|
| |
Adding policy for QTI.
Change-Id: I78b2a2a2bf25b90810256a15bd757e3848dd83b5
|
|
|
|
|
|
| |
add rule for dhcp to connect to cnd socket.
Change-Id: Ib5572269fd692e01ee5d6521b1c9c6bf72b52cc0
|
|
|
|
|
|
|
|
|
|
|
| |
Playready stores license under /data/data/app_ms. All TZ apps including
Playready would create their own directory under /data/misc/qsee.
To get test apps working with older dir structure, userdebug mode
build would have permision to create directory under /data/data.
Test apps based on newer targets must move to new structure.
Also add policies for secureUI.
Change-Id: Ibc4412ca9e8e065d54263bb46333bd223dfb553d
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
qcomsysd needs to search the block device directory since it needs
to access certain raw partitions. The permission to do this is now
present.
Change-Id: I2af98df0cd5315d31dfe2b695c76b84d51017031
|
|\| |
|
| |
| |
| |
| |
| |
| | |
Add policy file for MMI application.
Change-Id: I0d6f264797c2423255026788aad8653e90567c1f
|
|\| |
|
| |
| |
| |
| |
| |
| | |
Adding policy for SSR ssr,netmgrd and atfwd
Change-Id: I952b7f8d5eca0246788f320dac0199132a8803f8
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add mediaserver policy allowing it to use qdsp_device
CRs-fixed: 749419
Change-Id: I38980bd6edb828a2b8ffe87b0357741742741dfb
|
|\| |
|
| |
| |
| |
| |
| |
| | |
Adding context for Digital Pen.
Change-Id: I34eee1069fb01fc0c71815550359165911af69f6
|
|\| |
|
| |
| |
| |
| |
| |
| | |
Addressing few bootup denial from IMS
Change-Id: Ie5f258d63a32e2715e6212e6ce31540882d7e9d5
|
|\| |
|
| |
| |
| |
| |
| |
| |
| | |
Adding context for rfs_access and adding few more
policies
Change-Id: Ic8df22f19adc27af32c618ac3e6da657e93c73bb
|
|\| |
|
| |
| |
| |
| |
| |
| |
| | |
Adding context for imscmservice, Also addressing few ims related
denial logs
Change-Id: I3e17e57221dc531729ce897590857dbd773d2bbd
|
|\| |
|
| |
| |
| |
| |
| |
| | |
Changing wcnss service context from wpa to wcnss
Change-Id: Ia5c4c0c8fdf3c073e47e44a4b4e29ae886c87a1f
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow system app to access Bluetooth sockets so that
OBEX based transactions goes though without any issue
Remove wpa based rule as it is not needed
Change-Id: Ife28e6e6e75421b890b2fe6b69b2908110867e3b
CRs-fixed: 752155
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add mediaserver policy to allow it to read/write system_app data file.
CRs-Fixed: 752520
Change-Id: I15f6fdf4b85916b7f90768839ae1d65e61d4c4e2
|
|\ \ \ |
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix the following denials
Allow communication with cnd sockets
[ 22.806091] type=1400 audit(1415054892.584:18): avc: denied { write }
for pid=1317 comm="netmgrd" name="cnd" dev="tmpfs" ino=8381
scontext=u:r:netmgrd:s0 tcontext=u:object_r:cnd_socket:s0 tclass=sock_file
[ 22.316132] type=1400 audit(1415053588.674:56): avc: denied
{ connectto } for pid=1321 comm="netmgrd" path="/dev/socket/cnd"
scontext=u:r:netmgrd:s0 tcontext=u:r:cnd:s0 tclass=unix_stream_socket
Allow operations on netlink xfrm sockets
[ 20.794160] type=1400 audit(1415053541.505:16): avc: denied
{ setopt } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket
[ 20.794450] type=1400 audit(1415053541.505:17): avc: denied
{ getattr } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket
[ 20.794528] type=1400 audit(1415053541.505:18): avc: denied
{ write } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket
[ 20.794602] type=1400 audit(1415053541.505:19): avc: denied
{ nlmsg_write } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket
[ 20.794688] type=1400 audit(1415053541.505:20): avc: denied
{ read } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket
Allow operations on netd and its resources
[ 20.827567] type=1400 audit(1415053541.545:21): avc: denied { read }
for pid=1166 comm="ip" name="rt_tables" dev="mmcblk0p13" ino=268
scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=file
[ 20.827802] type=1400 audit(1415053541.545:22): avc: denied { open }
for pid=1166 comm="ip" name="rt_tables" dev="mmcblk0p13" ino=268
scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=file
[ 20.827915] type=1400 audit(1415053541.545:23): avc: denied { getattr
}for pid=1166 comm="ip" path="/data/misc/net/rt_tables" dev="mmcblk0p13"
ino=268 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0
tclass=file
[ 21.480717] type=1400 audit(1415053542.195:24): avc: denied { getattr
} for pid=1259 comm="sh" path="/system/bin/ndc" dev="mmcblk0p12" ino=444
scontext=u:r:netmgrd:s0 tcontext=u:object_r:wpa_exec:s0 tclass=file
[ 21.481188] type=1400 audit(1415053542.195:25): avc: denied { execute
} for pid=1259 comm="sh" name="ndc" dev="mmcblk0p12" ino=444
scontext=u:r:netmgrd:s0 tcontext=u:object_r:wpa_exec:s0 tclass=file
[ 21.482377] type=1400 audit(1415053542.195:26): avc: denied { read
open } for pid=1260 comm="sh" name="ndc" dev="mmcblk0p12" ino=444
scontext=u:r:netmgrd:s0 tcontext=u:object_r:wpa_exec:s0 tclass=file
[ 21.482614] type=1400 audit(1415053542.195:27): avc: denied
{ execute_no_trans } for pid=1260 comm="sh" path="/system/bin/ndc"
dev="mmcblk0p12" ino=444 scontext=u:r:netmgrd:s0
tcontext=u:object_r:wpa_exec:s0 tclass=file
avc: denied { search } for pid=1168 comm="ip" name="net" dev="mmcblk0p34"
ino=210 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0
tclass=dir permissive=0
CRs-Fixed: 748457
Change-Id: Ie1044b498002602354b28f3c2e36bf1c9ee64e15
|
|\ \ \
| |/ /
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add allow policy for untrusted app to write into
PerfLock socket
Change-Id: Ib494148895b38e352635511643fa90266c8d2ae9
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added policy for lowi-server to access
netlink sockets
Change-Id: I8fd6687d2b2e7c4dcb5e05b6f0541b3a24807b23
CRs-fixed: 747721
|
| | |
| | |
| | |
| | |
| | |
| | | |
Using macro for location services
Change-Id: Ic70498c3463803a36718091d43837c2f93e6d34b
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Moving all wpa related issues to wpa.te and removing unnecessary
files
Change-Id: I610dbb0041ad89489fad2235f3d7cbb0c49edfb8
|
| | |
| | |
| | |
| | |
| | |
| | | |
Removing unused file gloabal_macro.te
Change-Id: If5bd3813b0918ca08bbcebc4339d873f4abb95a9
|
| | |
| | |
| | |
| | |
| | |
| | | |
Adding context for dun service
Change-Id: Ie20962700335058800ed0d42ed01c2f27e4f96de
|
| | |
| | |
| | |
| | |
| | |
| | | |
add rule for CNE data file for db file
Change-Id: I1dbc81f7be2bb4b4344336546622d351f5fa3e23
|
| | |
| | |
| | |
| | |
| | |
| | | |
Add policy for wbc services
Change-Id: I1ca863faeaac84382cc6e208fa4c869978d9b80a
|