summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-05-21Sync QCOM sepolicy rulesChihYao Chien
1. init_qti_chg_policy sysfs_wakeup:dir read denied { read } for comm="find" name="wakeup8" dev="sysfs" ino=55134 scontext=u:r:init_qti_chg_policy:s0 tcontext=u:object_r:sysfs_wakeup:s0 tclass=dir permissive=0 init_qti_chg_policy sysfs_iio_devices:dir search denied { search } for comm="cat" name="devices" dev="sysfs" ino=42746 scontext=u:r:init_qti_chg_policy:s0 tcontext=u:object_r:sysfs_iio_devices:s0 tclass=dir permissive=0 2. cnd default_android_hwservice:hwservice_manager find denied { find } for interface=vendor.qti.hardware.mwqemadapter::IMwqemAdapter sid=u:r:cnd:s0 pid=1224 scontext=u:r:cnd:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0 3. rild default_android_hwservice:hwservice_manager find denied { find } for interface=vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo sid=u:r:rild:s0 pid=1424 scontext=u:r:rild:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0 4. sensors sensors_vendor_data_file:dir search denied { search } for name="sensors" dev="dm-6" ino=262 scontext=u:r:sensors:s0 tcontext=u:object_r:sensors_vendor_data_file:s0 tclass=dir permissive=0 5. qtelephony default_android_hwservice:hwservice_manager find denied { find } for interface=vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo sid=u:r:qtelephony:s0:c32,c257,c512,c768 pid=4377 scontext=u:r:qtelephony:s0:c32,c257,c512,c768 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0 6. hvdcp denied { write } for name="kmsg" dev="tmpfs" ino=26341 scontext=u:r:hvdcp:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0 Bug: 188064567 Change-Id: Ib5e59796a56d6cb39fa1d482599d93903431ab2a
2021-05-21Sync previous patch due to no SPU support on sm7150Wilson Sung
Bug: 185598142 Bug: 182255618 Change-Id: Idba839ead12334815e0fc989981050f128096cb9
2021-05-21Sync sepolicy from qcom-au091 for keymaster daemonChihYao Chien
init: Could not start service 'keymaster-4-1' as part of class 'early_hal': File /vendor/bin/hw/android.hardware.keymaster@4.1-service-qti(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined. reference to qcom/lito/platform/vendor/qcom/sepolicy_vndr:fefbf6b185221bb37b24ae8eea74862a97389650 cherry-pick from 6903a0fa10f95bec2d05608a20b2d6164177846d Bug: 185598142 Bug: 178358917 Change-Id: I77c6a6cda6b2772d4ff81a3bb6a0fc819cc47f49
2021-05-18Merge "sepolicy: Add "dontaudit" for audio metric ext hal in ↵Roger Fang
grilservice_app" into sc-dev
2021-05-14Merge "Add sepolicy rules" into sc-devTreeHugger Robot
2021-05-14allow pd_mapper to read dmesg am: 2f414056f5 am: e5295914cc am: 860b479e9fAdam Shih
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1708166 Change-Id: I6b238f58c7eb0d721437e7c6b9553e29d85e3d3f
2021-05-14allow pd_mapper to read dmesg am: 2f414056f5 am: e5295914ccAdam Shih
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1708166 Change-Id: I3b7ada3e74790b634277a886e3de044f3da1af15
2021-05-14allow pd_mapper to read dmesg am: 2f414056f5Adam Shih
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1708166 Change-Id: I0b5cc6aff0f15a636ba7e5bbc77356d2b789648c
2021-05-14allow pd_mapper to read dmesgandroid-s-beta-2android-s-beta-1Adam Shih
05-12 13:18:16.449 1095 1095 I auditd : type=1400 audit(0.0:7): avc: denied { getattr } for comm="pd-mapper" path="/dev/kmsg" dev="tmpfs" ino=17807 scontext=u:r:vendor_pd_mapper:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0 Bug: 177335164 Test: boot to home with no avc error Change-Id: Ia076cca5a5335063edc31990fca7a51fedf117b7
2021-05-07sepolicy: Add "dontaudit" for audio metric ext hal in grilservice_appGary Jian
Bug: 182526894 Test: manaul Change-Id: Id1fe4d70af39a8113c76cbb465a93ae71c27b156
2021-05-07Add sepolicy rulesChihYao Chien
1. com.qualcomm.qti.telephonyservice { read } for comm="elephonyservice" name="u:object_r:vendor_radio_prop:s0" dev="tmpfs" ino=25322 scontext=u:r:platform_app:s0:c512, c768 tcontext=u:object_r:vendor_radio_prop:s0 tclass=file permissive=0 app=com.qualcomm.qti.telephonyservice Ref: qcom/lito/device/qcom/sepolicy/+/2824781c (CRs-Fixed: 2809413) 2. vendor.qti.hardware.radio.ims.IImsRadio/default avc: denied { find } for pid=2718 uid=10252 name=vendor.qti.hardware.radio.ims.IImsRadio/default scontext=u:r:qtelephony:s0:c252,c256,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0 Bug: 185560630 Bug: 185954927 Change-Id: Ibe935872b7a35ccdc8c2eb8eaea942ec91527abf
2021-05-06Update avc error on ROM 7337292 am: 3caf844615 am: da07119037 am: e06116c114sukiliu
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1697125 Change-Id: I82f4d7bbc392705040683c090e7649637cfbe38e
2021-05-06Update avc error on ROM 7337292 am: 3caf844615 am: da07119037sukiliu
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1697125 Change-Id: Ibf190c63e8e46042a9ea482fdc815ace7f73a5de
2021-05-06Update avc error on ROM 7337292 am: 3caf844615sukiliu
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1697125 Change-Id: I55d869c12adadde26c3a7129bd10e37afb6dc406
2021-05-05Update avc error on ROM 7337292sukiliu
avc: denied { getattr } for path="/apex/apex-info-list.xml" dev="tmpfs" ino=39121 scontext=u:r:incidentd:s0 tcontext=u:object_r:apex_info_file:s0 tclass=file permissive=0 Bug: 187253611 Test: PtsSELinuxTestCases Change-Id: Ie403bd940646ad04895181af28966fc1edd3b0b9
2021-05-04set sepolicy for testing_battery_profile am: 19a9599d90 am: 5cc5c6c609 am: ↵Jenny Ho
6f70792c2a Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1693485 Change-Id: Id80f617832a0bd72dffb21ef5a09966111a19ddc
2021-05-04set sepolicy for testing_battery_profile am: 19a9599d90 am: 5cc5c6c609Jenny Ho
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1693485 Change-Id: I8361880a45ed6f7dd654759112d4f993b25f6839
2021-05-04set sepolicy for testing_battery_profile am: 19a9599d90Jenny Ho
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1693485 Change-Id: I7ecb2d25feedc8853a2ec2b46e6f6c89289c39d3
2021-05-03set sepolicy for testing_battery_profileJenny Ho
need run /vendor/bin/sh before setprop Bug: 180511460 Signed-off-by: Jenny Ho <hsiufangho@google.com> Change-Id: Iade61f2c5b1aceb3e91986b8e2075cf471905f89
2021-04-26[automerger skipped] usb: Add sepolicy for extcon access am: 7a7516e510 am: ↵Ray Chi
58afa846f0 am: dcb0444a65 -s ours am skip reason: skip tag Change-Id I479a0ebdbd4993b0c6e05aebee5fc9dfda13bfb5 with SHA-1 502152fb62 is already in history Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1686108 Change-Id: I36120f88a5a195f303720ae9295e3da8d1d44bf2
2021-04-26usb: Add sepolicy for extcon access am: 7a7516e510 am: 58afa846f0Ray Chi
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1686108 Change-Id: I23056f103cac17be30be92a44a89022bfb192a61
2021-04-26usb: Add sepolicy for extcon access am: 7a7516e510Ray Chi
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1686108 Change-Id: I9c706e68f4435f1ceeb77036b0eae2dad2a82209
2021-04-23usb: Add sepolicy for extcon accessRay Chi
USB gadget hal will access extcon folder so that this patch will add new rule to allow USB gadget hal to access extcon. Bug: 185302867 Test: apply the rule and verify it Merged-In: I479a0ebdbd4993b0c6e05aebee5fc9dfda13bfb5 Change-Id: I0c8c49e40673b5d81cfaa9ee14a972ea048f7dc9
2021-04-23usb: Add sepolicy for extcon accessRay Chi
USB gadget hal will access extcon folder so that this patch will add new rule to allow USB gadget hal to access extcon. Bug: 185302867 Test: apply the rule and verify it Change-Id: I479a0ebdbd4993b0c6e05aebee5fc9dfda13bfb5
2021-04-21Merge "device_drop_monitor: updated sepolicy" am: 80766aac12 am: 3793f00d3b ↵Vova Sharaienko
am: 7fe645d950 Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1678366 Change-Id: Ic11f030a77003938de515a5e1304eb2494201275
2021-04-21Merge "device_drop_monitor: updated sepolicy" am: 80766aac12 am: 3793f00d3bVova Sharaienko
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1678366 Change-Id: I777b74ba3f8011b63cf1d526305b80bd4c23b285
2021-04-21Merge "device_drop_monitor: updated sepolicy" am: 80766aac12Vova Sharaienko
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1678366 Change-Id: Icc28ccac225f99cc438a4f2413ffa1961f2ff9eb
2021-04-21Merge "device_drop_monitor: updated sepolicy"Vova Sharaienko
2021-04-20logger_app: Support to control more logs am: 8e027224c5 am: 369c1a65ed am: ↵SalmaxChang
7372a6ae6b Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1612097 Change-Id: I0cfdd80b4c07c2375add29e73c949ae6b3d754d2
2021-04-20logger_app: Support to control more logs am: 8e027224c5 am: 369c1a65edSalmaxChang
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1612097 Change-Id: Ib3608ff14f46b2df581313fb3d18db6b0715bf8b
2021-04-20logger_app: Support to control more logs am: 8e027224c5SalmaxChang
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1612097 Change-Id: I511a76a66d2ab453831ae646ca1cad05b4a257c3
2021-04-20logger_app: Support to control more logsSalmaxChang
avc: denied { set } for property=vendor.debug.ramdump.full pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:vendor_ramdump_prop:s0 tclass=property_service avc: denied { set } for property=persist.logd.logpersistd.count pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:logpersistd_logging_prop:s0 tclass=property_service avc: denied { set } for property=persist.logd.size pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:logd_prop:s0 tclass=property_service Bug: 177485581 Bug: 185859405 Change-Id: Ib300f4135e3ee5d927d18845e453cc95397d66f4
2021-04-17device_drop_monitor: updated sepolicyVova Sharaienko
This allows the device_drop_monitor to access AIDL Stats service Bug: 181892307 Test: Build, flash, boot & and logcat | grep "device_drop_monitor" Change-Id: Iba7d3aace001b3d7c36c1e02504802125df7fcf2
2021-04-15[automerger skipped] sunfish: fix grilservice context am: 8c67d10230 am: ↵jimsun
41e5aa5c47 am: 5cd737b96d -s ours am skip reason: skip tag Change-Id Iec3d729e5614a7b8e6132d18a0bd11b10ba535da with SHA-1 5536b59781 is already in history Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1639781 Change-Id: Iae19450643e0debd9e50eb67de295caca732c4a8
2021-04-15sunfish: fix grilservice context am: 8c67d10230 am: 41e5aa5c47jimsun
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1639781 Change-Id: Ia0c7a670fa42754b73eecefed42a0f083d141c31
2021-04-15sunfish: fix grilservice context am: 8c67d10230jimsun
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1639781 Change-Id: I7cfca4b0c323fac0d960ee4467c4a817e726ba37
2021-04-15sunfish: fix grilservice contextjimsun
The app is no longer signed with the platform key. Bug: 162313924 Test: verify gril service function works normally Merged-In: Iec3d729e5614a7b8e6132d18a0bd11b10ba535da Change-Id: Iabc970e1cffd2762e9781729564eec83270c1d92
2021-04-15Merge "remove obsolete dumpstate entries" am: d4a96459ac am: 64defb4414 am: ↵Treehugger Robot
44c9ce862a Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1675549 Change-Id: I822d69efc7eec5f7e595be8e0391cd85e3e0e001
2021-04-15Merge "remove obsolete dumpstate entries" am: d4a96459ac am: 64defb4414Treehugger Robot
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1675549 Change-Id: Ifdb41538ebcb14769d3f4ff92d4792f12da82628
2021-04-15Merge "remove obsolete dumpstate entries" am: d4a96459acTreehugger Robot
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1675549 Change-Id: Icfb09554b58a62e64331cb099b9c767005d18033
2021-04-15Merge "remove obsolete dumpstate entries"Treehugger Robot
2021-04-15Support the dump of nfc service in incident reports am: 3c40bbdf59 am: ↵Adam Shih
c649fc94f1 am: 51dcedc475 Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1675548 Change-Id: Ibfca706fb112403b2749eab168db16ec15dde941
2021-04-15Support the dump of nfc service in incident reports am: 3c40bbdf59 am: ↵Adam Shih
c649fc94f1 Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1675548 Change-Id: Ic14701d8554ba3dfcd42e01e997db3db428c5440
2021-04-15remove obsolete dumpstate entriesAdam Shih
Bug: 178985646 Test: do bugreport and see no related errors Change-Id: I6048083953648aed7a8be6f0f0998bef7c9c7b65
2021-04-15Support the dump of nfc service in incident reports am: 3c40bbdf59Adam Shih
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1675548 Change-Id: Ida1ff3fcbf5cfbe8f37b361c3966d69ed51568c8
2021-04-15Support the dump of nfc service in incident reportsAdam Shih
Bug: 177389412 Bug: 177624172 Bug: 177780408 Bug: 178757209 Bug: 178757537 Bug: 178757649 Test: $ make selinux_policy Push SELinux modules Run the following commands and ensure incidentd denials are gone. $ adb shell incident 3052 $ incident_report 3052 $ adb bugreport bugreport.zip Change-Id: If80115382186b37e1e3ce20aa3ff6491bfe0b6cf
2021-04-15Stats: removed obsolete IStats HIDL sepolicies am: 09d98ccc81 am: 7bba65775d ↵Vova Sharaienko
am: 81fbe6f929 Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1673431 Change-Id: Ifc8f7794ad6d39777fd15416a548f33ef8a2f5c1
2021-04-15Stats: removed obsolete IStats HIDL sepolicies am: 09d98ccc81 am: 7bba65775dVova Sharaienko
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1673431 Change-Id: If86691bdb7a9076428e7f7727e810dc3741b2592
2021-04-15Stats: removed obsolete IStats HIDL sepolicies am: 09d98ccc81Vova Sharaienko
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1673431 Change-Id: Ib3255de2ff459ee9f49aef6852906af8f31da95a
2021-04-14Stats: removed obsolete IStats HIDL sepoliciesVova Sharaienko
Bug: 181887265 Test: Test: Build, flash, and logcat for sepolicies messages Change-Id: I1ead381ee0c8fc6dbb27842498a4692605345ea1
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 04:33:13 +0000