| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Change-Id: I3d3c1c2d0c04f8dc77037cbf47ce7b1452fe8c33
|
|\
| |
| |
| |
| |
| | |
https://source.codeaurora.org/quic/la/device/qcom/sepolicy into HEAD
"LA.UM.6.6.r1-07200-89xx.0"
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since ImageFv is now an upgradable A/B partition,
adding appropriate selabel to it. Even though this
partition is added to sdm845 presently, assigning the
label to all targets, so that OTA won't be broken
if/when ImageFv partition is added in other targets.
Change-Id: I188edb41aeb86945277d1ab4fabb885678c2a4ed
|
|\|
| |
| |
| |
| |
| |
| |
| | |
https://source.codeaurora.org/quic/la/device/qcom/sepolicy into HEAD
"LA.UM.6.6.r1-06700-89xx.0"
Change-Id: I43cd6b355e62d352f3fe4a4bd989e073d85709ff
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Declare context for emmc and give permission for RIDL2.0. RIDL2.0 needs to
be able to write to sysfs dload and dload_mode to enable emmc crashdumps
and mini crashdumps.
It also needs to be able to read/write to the rawdump device block to copy
the crashdump for post processing and mark it as read.
Initial support was for 8937, 8996, 8953, 8976, and 8998 for full dumps
and then support was added for sdm660/670 for minidumps.
This solution moves the target specific to common, which was needlessly
getting replicated for new targets.
Change-Id: I6a0a692a52c4a4a51716f844ea5361af2a2d12da
CRs-Fixed: 2195014
|
| |
| |
| |
| |
| |
| |
| | |
Add te file to allow amfsservice process to access
required resources.
Change-Id: I1a5bf6c58b6ef4c1eb523d1ab5e797ca1a8ee927
|
|\|
| |
| |
| |
| |
| |
| |
| | |
https://source.codeaurora.org/quic/la/device/qcom/sepolicy into HEAD
"LA.UM.6.4.r1-06900-8x98.0"
Change-Id: I29a3725d14986a130666cc9f30e2984d021b537e
|
| |
| |
| |
| | |
Change-Id: I0c4f01280d7c0bc2f8233a38831df6e3192dbb6b
|
| |
| |
| |
| | |
Change-Id: I42cf0e6b3d7b426bfdd2a26725eedfc6a6757a82
|
| |
| |
| |
| | |
Change-Id: Id67a05f8ed718cad5856613c2700f4ce1e404cf0
|
|\|
| |
| |
| |
| |
| |
| |
| | |
https://source.codeaurora.org/quic/la/device/qcom/sepolicy into HEAD
"LA.UM.6.4.r1-05700-8x98.0"
Change-Id: I03ae219ba55ca0e850890cb52c9c1b58521020c5
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add permissions required by upgrade engine to perform A/B
OTA upgrade process on all partitions successfully.
Enabled for msm8937, msm8953 and msm8996 targets
Change-Id: I3ec1cbd2872a567c96fc9d6011ef64bb39810928
|
|/
|
|
|
|
|
|
|
| |
Not all devices have a vendor partition so these labels blatantly get
ignored without labelling system/vendor on those devices.
Also move msm8998 gralloc and vulkan labels to msm8998/file_contexts
Change-Id: I244d667f6b3ddcf7eac71719a981dc25dc401873
|
|
|
|
| |
Change-Id: I0ab0e0f2f45d6c7380c258d83be805a612970962
|
|
|
|
|
|
|
| |
Tloc related polcies are moved to common.
Hence removing the ones in 8996
Change-Id: I4d1c1a9b93114e5c1ee35680373535feb41c4a06
|
|
|
|
|
|
| |
Change moves QVR service from vendor space into system space.
Change-Id: If58cb9d11f53b9cd8ed2262fbaeaf3d91a1ed39c
|
|
|
|
|
|
|
| |
New requirements have vendor binaries and data
in the vendor image instead of the system image.
Change-Id: Id797a497f04153d79548a79adfd2ceaaf7e74055
|
|\ |
|
| |
| |
| |
| | |
Change-Id: Idff3decb728b0e9f6ad0c660dc7ea62019988fbf
|
|/
|
|
|
|
|
|
| |
Remove all the policies related to perfd, as perfd daemon
does not exist on O.
Move data file used by perf_hal to /data/vendor/ partition.
Change-Id: Ic2e3d3906605fd3c862fdd85dc8ac1a1e7a75a60
|
|\ |
|
| |
| |
| |
| | |
Change-Id: Ic1818043bb87c44c1aabaac342536d3ba7f9f59d
|
|/
|
|
| |
Change-Id: I2243dc1df8db5410e8f59a397cd14eae1e73f1d0
|
|
|
|
|
|
|
| |
We now have one common policy file for the bootcontrol hal instead
of one per target.
Change-Id: Ic97c5e11694e254a0bf70a3cd3b45d63e0d9881a
|
|
|
|
|
|
|
| |
For split system/vendor configuration build, take
care of assigning contexts for pure vendor path too.
Change-Id: I61b4acd4ca9c9a1bce1a351f652f6e4c2ca71dfd
|
|
|
|
|
|
|
| |
Services with domain_deprecated floods the messages with
avc:granted. Fix the denials instead of granting permission.
Change-Id: I10b8a63a7f1cc71780056f4160d8d7e292295edc
|
|
|
|
|
|
|
|
| |
All socket ioctls now has to be whitelisted.
Remove the ioctls calls from daemon to fix
compilation.
Change-Id: I999059df693ff3de1496e0bcb8a17114f4931b0b
|
|
|
|
|
|
|
|
| |
The VR service requires sensor access for compass data in order to
correct 3DOF drift.
Change-Id: Ia011f9625b7b2047ccd1da29516ae8610619588b
CRs-Fixed: 1075295
|
|
|
|
|
|
|
|
|
| |
init script will read GPU frequencies from sysfs node and copy
the values to a system property to allow 3rd party apps that
rely on these frequencies to still work.
CRs-Fixed: 1066935
Change-Id: I0bb0f5e8e060090b0bc470a7113b23ce8cc4a964
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Declare context for emmc and give permission for RIDL/LogKit. RIDL needs to
be able to write to sysfs dload to enable emmc crashdumps. It also needs to
be able to read/write to the rawdump device block to copy the crashdump for
post processing and mark it as read.
Initial support was for 8937. This adds support for 8996, 8953, 8976, and
msmcobalt. It also uses symbolic link add for both LogKit II and LogKit III.
CRs-Fixed: 1002379
Change-Id: Ic7df28c392fbc918654da871dfbeef50b72765db
|
|
|
|
|
|
|
|
| |
This change will add selinux rules to logdumpd module.
It allows logdumpd to read logd (to get logcat logs),
and write to 'logdump' partition.
Change-Id: I7be2cb1f663286dcb132c40d1109c28e09fda52d
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Map misc partition to the selabel - misc_block_device
instead of misc_partition.
Uncrypt module will now have access to misc partition.
CRs-Fixed: 1022226
Change-Id: Ida1b97914b279f790d46ee6df5d717bc972b1097
|
|/
|
|
|
|
|
|
| |
Add policy for VR service.
CRs-Fixed: 1026826
Change-Id: I5bfe220cc71545e67cead4f485e7d451ac1e8ab2
|
|
|
|
|
|
| |
Add support for inital set of selinux polices for N upgrade
Change-Id: I0bccc55db1d32866bb9b622f7c119c89d7e4348f
|
|
|
|
|
|
|
| |
mdm-helper can now handle booting up external modems connected over
PCIe.
Change-Id: I20be0aa976a0394b0a39c0bb26eef485617975da
|
|
|
|
|
|
|
| |
This change is required to make sure the secure camera daemon cannot
make anything it shouldn't.
Change-Id: I59378b4821fd6e94f0146462febf7e66bb078bbd
|
|
|
|
|
|
|
| |
Add SE policies for TLOC Daemon for msm8996.
Change-Id: I27c041bdca22bc6de026f95f00011900b894ca28
CRs-Fixed: 823360
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
Adding context to boot, recovery, cache and frp block device
Change-Id: Ib19d0a5fbff6f65cc45b42d8ebcb29df91e1beb7
CRs-fixed: 904364
|
|/
|
|
|
|
|
| |
Changing the context of /dev/block/mmcblk0 from mmc_block_device
to root_block_device
Change-Id: Ia80ebc7ba58b9feadaf910fb83a19197d7eb2da8
|
|
|
|
|
|
| |
Add MDTP and DIP block devices to the file_contexts.
Change-Id: I7d48733ef630e1e274b2dbf7fe82e04335269940
|
|
|
|
|
|
|
| |
Voice Print is a secure, client based user voice verification
service. Adding sepolicy for QVOP Service.
Change-Id: I4d630facd052acd3bc1576df31d908fdc80cb594
|
|
|
|
|
|
|
|
|
| |
Setting context to msadp to address boot-up denials.
avc: denied { read } for name="mmcblk0p31" dev="tmpfs"
ino=14593 scontext=u:r:ueventd:s0 tcontext=u:object_r:block_device:s0
tclass=blk_file permissive=1.
Change-Id: Ia2c5830222fcc3f70ebec50fb5b2a89f0e989b56
|
|
|
|
|
|
|
| |
Set file contexts for block device nodes that use eMMC
for boot storage device in addition to UFS-based ones.
Change-Id: I4a0ce2f62df1d7e597b70be689acf05bce5739b9
|
|
|
|
|
|
| |
Setting file context to modem and userdata block device
Change-Id: I0049851f1e6aa4d4a0ba5a4f42ba4f56613759a1
|
|
Replacing all the permissions with macros
Allow all domians except untrusted_app to access diag_device
Restrict untrusted_app to access diag_device
Change-Id: Ibad902746f25a23f10840fae3c0bac65b2ff74e0
|