summaryrefslogtreecommitdiff
path: root/vendor
AgeCommit message (Collapse)Author
2021-05-21Sync QCOM sepolicy rulesChihYao Chien
1. init_qti_chg_policy sysfs_wakeup:dir read denied { read } for comm="find" name="wakeup8" dev="sysfs" ino=55134 scontext=u:r:init_qti_chg_policy:s0 tcontext=u:object_r:sysfs_wakeup:s0 tclass=dir permissive=0 init_qti_chg_policy sysfs_iio_devices:dir search denied { search } for comm="cat" name="devices" dev="sysfs" ino=42746 scontext=u:r:init_qti_chg_policy:s0 tcontext=u:object_r:sysfs_iio_devices:s0 tclass=dir permissive=0 2. cnd default_android_hwservice:hwservice_manager find denied { find } for interface=vendor.qti.hardware.mwqemadapter::IMwqemAdapter sid=u:r:cnd:s0 pid=1224 scontext=u:r:cnd:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0 3. rild default_android_hwservice:hwservice_manager find denied { find } for interface=vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo sid=u:r:rild:s0 pid=1424 scontext=u:r:rild:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0 4. sensors sensors_vendor_data_file:dir search denied { search } for name="sensors" dev="dm-6" ino=262 scontext=u:r:sensors:s0 tcontext=u:object_r:sensors_vendor_data_file:s0 tclass=dir permissive=0 5. qtelephony default_android_hwservice:hwservice_manager find denied { find } for interface=vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo sid=u:r:qtelephony:s0:c32,c257,c512,c768 pid=4377 scontext=u:r:qtelephony:s0:c32,c257,c512,c768 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0 6. hvdcp denied { write } for name="kmsg" dev="tmpfs" ino=26341 scontext=u:r:hvdcp:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0 Bug: 188064567 Change-Id: Ib5e59796a56d6cb39fa1d482599d93903431ab2a
2021-05-21Sync previous patch due to no SPU support on sm7150Wilson Sung
Bug: 185598142 Bug: 182255618 Change-Id: Idba839ead12334815e0fc989981050f128096cb9
2021-05-21Sync sepolicy from qcom-au091 for keymaster daemonChihYao Chien
init: Could not start service 'keymaster-4-1' as part of class 'early_hal': File /vendor/bin/hw/android.hardware.keymaster@4.1-service-qti(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined. reference to qcom/lito/platform/vendor/qcom/sepolicy_vndr:fefbf6b185221bb37b24ae8eea74862a97389650 cherry-pick from 6903a0fa10f95bec2d05608a20b2d6164177846d Bug: 185598142 Bug: 178358917 Change-Id: I77c6a6cda6b2772d4ff81a3bb6a0fc819cc47f49
2021-05-18Merge "sepolicy: Add "dontaudit" for audio metric ext hal in ↵Roger Fang
grilservice_app" into sc-dev
2021-05-14Merge "Add sepolicy rules" into sc-devTreeHugger Robot
2021-05-14allow pd_mapper to read dmesg am: 2f414056f5 am: e5295914cc am: 860b479e9fAdam Shih
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1708166 Change-Id: I6b238f58c7eb0d721437e7c6b9553e29d85e3d3f
2021-05-14allow pd_mapper to read dmesgandroid-s-beta-2android-s-beta-1Adam Shih
05-12 13:18:16.449 1095 1095 I auditd : type=1400 audit(0.0:7): avc: denied { getattr } for comm="pd-mapper" path="/dev/kmsg" dev="tmpfs" ino=17807 scontext=u:r:vendor_pd_mapper:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0 Bug: 177335164 Test: boot to home with no avc error Change-Id: Ia076cca5a5335063edc31990fca7a51fedf117b7
2021-05-07sepolicy: Add "dontaudit" for audio metric ext hal in grilservice_appGary Jian
Bug: 182526894 Test: manaul Change-Id: Id1fe4d70af39a8113c76cbb465a93ae71c27b156
2021-05-07Add sepolicy rulesChihYao Chien
1. com.qualcomm.qti.telephonyservice { read } for comm="elephonyservice" name="u:object_r:vendor_radio_prop:s0" dev="tmpfs" ino=25322 scontext=u:r:platform_app:s0:c512, c768 tcontext=u:object_r:vendor_radio_prop:s0 tclass=file permissive=0 app=com.qualcomm.qti.telephonyservice Ref: qcom/lito/device/qcom/sepolicy/+/2824781c (CRs-Fixed: 2809413) 2. vendor.qti.hardware.radio.ims.IImsRadio/default avc: denied { find } for pid=2718 uid=10252 name=vendor.qti.hardware.radio.ims.IImsRadio/default scontext=u:r:qtelephony:s0:c252,c256,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0 Bug: 185560630 Bug: 185954927 Change-Id: Ibe935872b7a35ccdc8c2eb8eaea942ec91527abf
2021-05-04set sepolicy for testing_battery_profile am: 19a9599d90 am: 5cc5c6c609 am: ↵Jenny Ho
6f70792c2a Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1693485 Change-Id: Id80f617832a0bd72dffb21ef5a09966111a19ddc
2021-05-03set sepolicy for testing_battery_profileJenny Ho
need run /vendor/bin/sh before setprop Bug: 180511460 Signed-off-by: Jenny Ho <hsiufangho@google.com> Change-Id: Iade61f2c5b1aceb3e91986b8e2075cf471905f89
2021-04-23usb: Add sepolicy for extcon accessRay Chi
USB gadget hal will access extcon folder so that this patch will add new rule to allow USB gadget hal to access extcon. Bug: 185302867 Test: apply the rule and verify it Merged-In: I479a0ebdbd4993b0c6e05aebee5fc9dfda13bfb5 Change-Id: I0c8c49e40673b5d81cfaa9ee14a972ea048f7dc9
2021-04-23usb: Add sepolicy for extcon accessRay Chi
USB gadget hal will access extcon folder so that this patch will add new rule to allow USB gadget hal to access extcon. Bug: 185302867 Test: apply the rule and verify it Change-Id: I479a0ebdbd4993b0c6e05aebee5fc9dfda13bfb5
2021-04-21Merge "device_drop_monitor: updated sepolicy" am: 80766aac12 am: 3793f00d3b ↵Vova Sharaienko
am: 7fe645d950 Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1678366 Change-Id: Ic11f030a77003938de515a5e1304eb2494201275
2021-04-21Merge "device_drop_monitor: updated sepolicy"Vova Sharaienko
2021-04-20logger_app: Support to control more logs am: 8e027224c5 am: 369c1a65ed am: ↵SalmaxChang
7372a6ae6b Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1612097 Change-Id: I0cfdd80b4c07c2375add29e73c949ae6b3d754d2
2021-04-20logger_app: Support to control more logsSalmaxChang
avc: denied { set } for property=vendor.debug.ramdump.full pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:vendor_ramdump_prop:s0 tclass=property_service avc: denied { set } for property=persist.logd.logpersistd.count pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:logpersistd_logging_prop:s0 tclass=property_service avc: denied { set } for property=persist.logd.size pid=5081 uid=10280 gid=10280 scontext=u:r:logger_app:s0:c24,c257,c512,c768 tcontext=u:object_r:logd_prop:s0 tclass=property_service Bug: 177485581 Bug: 185859405 Change-Id: Ib300f4135e3ee5d927d18845e453cc95397d66f4
2021-04-17device_drop_monitor: updated sepolicyVova Sharaienko
This allows the device_drop_monitor to access AIDL Stats service Bug: 181892307 Test: Build, flash, boot & and logcat | grep "device_drop_monitor" Change-Id: Iba7d3aace001b3d7c36c1e02504802125df7fcf2
2021-04-15sunfish: fix grilservice contextjimsun
The app is no longer signed with the platform key. Bug: 162313924 Test: verify gril service function works normally Merged-In: Iec3d729e5614a7b8e6132d18a0bd11b10ba535da Change-Id: Iabc970e1cffd2762e9781729564eec83270c1d92
2021-04-15Stats: removed obsolete IStats HIDL sepolicies am: 09d98ccc81 am: 7bba65775d ↵Vova Sharaienko
am: 81fbe6f929 Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1673431 Change-Id: Ifc8f7794ad6d39777fd15416a548f33ef8a2f5c1
2021-04-14Stats: removed obsolete IStats HIDL sepoliciesVova Sharaienko
Bug: 181887265 Test: Test: Build, flash, and logcat for sepolicies messages Change-Id: I1ead381ee0c8fc6dbb27842498a4692605345ea1
2021-04-09sunfish: fix grilservice contextjimsun
The app is no longer signed with the platform key. Bug: 162313924 Test: verify gril service function works normally Change-Id: Iec3d729e5614a7b8e6132d18a0bd11b10ba535da
2021-04-07Merge "Move vendor_kernel_modules to public." into sc-devYabin Cui
2021-04-07uv_exposure_reporter: updated sepolicy am: 3d5fba65be am: e79949ecbb am: ↵Vova Sharaienko
19a990f686 Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1663041 Change-Id: Ia5148647da3a4feb506aad0dbbbd0f49701a4a87
2021-04-06Move vendor_kernel_modules to public.Yabin Cui
Bug: 166559473 Bug: 183135316 Test: build Change-Id: Ic072e046d3c0e448417574d4a6868e9f205c1ee6
2021-04-02uv_exposure_reporter: updated sepolicyVova Sharaienko
This allows the uv_exposure_reporter to access AIDL Stats service Bug: 181892307 Test: Build, flash, boot & and logcat | grep "uv_exposure_reporter" Change-Id: I5aaa2a815ec91e5503197e57508804813d4c2aa3
2021-03-25hal_health_default: updated sepolicy am: 9e3a68b03c am: c48f8f377e am: ↵Vova Sharaienko
210fbd738b Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1652891 Change-Id: I656addbf91e6d8e3e0fed8b8739056fcea8ac651
2021-03-25hal_health_default: updated sepolicyVova Sharaienko
This allows the hal_health_default to access AIDL Stats service Bug: 181351177 Test: Build, flash, boot & and logcat | grep "hal_health_default" Change-Id: I35fe6fbfa6d098a05286785449fa51223f14563a
2021-03-24Hardwareinfo: remove platform sign keyDenny cy Lee
Sign with default key Test: manually, connect to wifi, reboot and check logcat, no new error message after apply patch adb logcat |egrep "Hardware|System.err" Bug: 162295589 Signed-off-by: Denny cy Lee <dennycylee@google.com> Change-Id: Iafb8f978981a03020974804f121f04aec7bf334f Merged-in: Iafb8f978981a03020974804f121f04aec7bf334f
2021-03-24Merge "Add USB HAL V1.3 sepolicy" into sc-devAlbert Wang
2021-03-24Merge "Add se-policy for new GRIL service and RadioExt hal APIs" am: ↵Labib Rashid
11190af27c am: b4091a5216 am: 5a7fbe6185 Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1651607 Change-Id: I22d8ab4e87444bb967915d77424ad786b7c0fccd
2021-03-24Merge "Add se-policy for new GRIL service and RadioExt hal APIs"Labib Rashid
2021-03-23Add se-policy for new GRIL service and RadioExt hal APIsLabib Rashid
Added permission - IBluetoothHal access for GRIL service Bug: 172294179 Change-Id: I2a4af793332c21b0968b3aaf4e13434bdef3ee1e
2021-03-23Add USB HAL V1.3 sepolicyAlbert Wang
Bug: 161414036 Test: hal v1.3 bring up normally Signed-off-by: Albert Wang <albertccwang@google.com> Change-Id: I6e3edf0f6d1df390d7fa1c86d9ca9a5a99ff37bf
2021-03-23Commonize pixelstats uevent sepolicies into pixel-specific sepolicy folder ↵Stephane Lee
am: 3d19dc020a am: adf5639346 am: 4a28316c45 Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1646098 Change-Id: I898579173801492f7fdcd0124a8dc06c15a45125
2021-03-19Commonize pixelstats uevent sepolicies into pixel-specific sepolicy folderStephane Lee
Bug: 171793497 Test: Ensure there are no sepolicy violations for this device Change-Id: I979a149ad427bcbfc6a1faf89e26fe710ff7e166
2021-03-18Add rules for netmgrd's new propertyChihYao Chien
netmgrd vendor_default_prop:property_service set avc: denied { set } for property=persist.vendor.data.offload_ko_load pid=1213 uid=1001 gid=1001 scontext=u:r:netmgrd:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0 Bug: 175076226 Bug: 171353985 Bug: 183061600 Change-Id: Id7e03e22046eb9306f7b0bb6d7c7f56f44ffbbf7
2021-03-16moved sysfs_power_stats and sysfs_iio_devices to pixel commonBenjamin Schwartz
Bug: 182320246 Test: make selinux_policy Change-Id: I3ae70835bccde2735d4deefcbbe90b62e05f3cde
2021-03-05Merge "Camera: Uprev camera provider to 2.7" into sc-devTreeHugger Robot
2021-03-05Merge "hal_sensors_default: updated sepolicy" am: e01b297e48 am: e07efeb0dbVova Sharaienko
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1619804 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: Ieb651d7a6e1bddcaa11017f462bfc3ea8fd5c09b
2021-03-05Merge "hal_sensors_default: updated sepolicy"Vova Sharaienko
2021-03-04hal_sensors_default: updated sepolicyVova Sharaienko
This allows the hal_sensors_default implementation library libsensorsuez access AIDL Stats service via system servicemanager Bug: 178523659 Test: Build, flash, boot & and logcat | grep "hal_sensors_default" Change-Id: I73d9bafa450a8a1a6392d22990c7ccd240877b3a
2021-03-03[DO NOT MERGE] Syncronize pixel-sepolicy and set source of truthAdam Shih
Bug: 168011527 Test: built pass Change-Id: If5846bbc4e406d8dfac323142ad9324c5101aeba
2021-02-21Merge ab/7061308 into stage.temp_RQ2A.210305.007Xin Li
Bug: 180401296 Merged-In: I6de871f2a9107c4a8438139af720a86e3e760756 Change-Id: I646cf656401a6e71345c4faf7f89ab8d0d1b822b
2021-02-13Camera: Uprev camera provider to 2.7Shuzhen Wang
Test: Camera CTS Bug: 156254356 Change-Id: Idcca329bde0e1ce0498c73b16fd6c5f8abec52eb
2021-02-11Stats: new sepolicy for the AIDL service am: a189add191 am: ab4e00b7d4Vova Sharaienko
Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1582312 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: Ifb7fc9c4b773950fa88a6b59a844a99d7c414c1e
2021-02-10Stats: new sepolicy for the AIDL serviceandroid-s-preview-1Vova Sharaienko
This allows the statspixel_vendor communicate with new AIDL IStats service via ServiceManager Bug: 178859845 Test: Build, flash, and logcat -s "statspixel_vendor" Change-Id: Idab7581c33b41d28bf50c4d0024cf0b822feba4a
2021-02-05Merge "allow secure_ui_service_app app_api_service:service_manager find" am: ↵Treehugger Robot
24a2d63d05 am: 91b7eb79bb Original change: https://android-review.googlesource.com/c/device/google/sunfish-sepolicy/+/1575995 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I1c0044cf438efdb416e89e2e256fe0bfeec5f6ad
2021-02-05Merge "allow secure_ui_service_app app_api_service:service_manager find"Treehugger Robot
2021-02-04allow secure_ui_service_app app_api_service:service_manager findMaciej Żenczykowski
which obliviates the need for: allow secure_ui_service_app activity_service:service_manager find; allow secure_ui_service_app surfaceflinger_service:service_manager find; allow secure_ui_service_app telecom_service:service_manager find; allow secure_ui_service_app thermal_service:service_manager find; allow secure_ui_service_app trust_service:service_manager find; because they all are app_api_service's This should also fix: auditd : avc: denied { find } for pid=4625 uid=10140 name=tethering scontext=u:r:secure_ui_service_app:s0:c140,c256,c512,c768 tcontext=u:object_r:tethering_service:s0 tclass=service_manager which would require: allow secure_ui_service_app tethering_service:service_manager find; but again, tethering_service is a app_api_service See system/sepolicy/public/service.te: type activity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type surfaceflinger_service, app_api_service, ephemeral_app_api_service, service_manager_type; type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type thermal_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type trust_service, app_api_service, system_server_service, service_manager_type; Test: TreeHugger Bug: 179337939 Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I9bb9f2a580ac615a552f7bac97e478bf086243f6 Merged-In: I9bb9f2a580ac615a552f7bac97e478bf086243f6
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 05:47:42 +0000