pa-fazil
/
android_device_qcom_common
mirror of https://github.com/fazilsheik96/android_device_qcom_common.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,227 Commits 20 Branches 0 Tags 11 MiB
Commit Graph

31 Commits

Author SHA1 Message Date
Adithya R 6b935d9a85 common: sepolicy: Allow mediaswcodec to access gpu_device 
Required by Adreno stack.

type=1400 audit(0.0:744): avc: denied { read write } for name="kgsl-3d0" dev="tmpfs" ino=1176 scontext=u:r:mediaswcodec:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0

Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
Change-Id: Ie04f15ee768d3c070e2c3a8499cd9d8b1e94e06d
 2023-01-15 12:59:48 +00:00
chrisl7 ee0ffca982 common: sepolicy: Fix AtCmdFwd related selinux denials 
Change-Id: I2c4c82fbc28bfa322eb7fdd737cc8eabb3ec74be
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
 2023-01-15 03:09:15 +00:00
Adam Shih da0634377e common: Add additional dontaudit lines 
Change-Id: Ic2e286d244360784a76673412662cabef02d313a
 2022-12-31 06:22:09 +00:00
Adithya R 212e7c739f common: sepolicy: Allow build.prop to set vendor.all.modules.ready 
Change-Id: Ia2edd8ff98fa5bbb507fabd32eb5cbd8e9f77cb7
 2022-12-30 10:28:52 +00:00
Abhay Singh Gill f19af84df4 common: sepolicy: Label QTI Supplicant AIDL HAL 
Change-Id: I390912933f6f27bd24401c8051d60081a817db37
 2022-12-23 17:19:08 +00:00
Sarthak Garg 790d9e712c common: sepolicy: sepolicy rules for accessing read_ahead_kb 
Adding sepolicy rule to fix avc denials while accessing
read_ahead_kb node for vold.

Change-Id: I078b00b07b31a813a2151595e24332cfa2361901
Signed-off-by: Sarthak Garg <sartgarg@codeaurora.org>

[1] - 10-29 19:13:47.873 W/binder:543_3(543): type=1400 audit(0.0:113): avc: denied { write } for name="read_ahead_kb" dev="sysfs" ino=74683 scontext=u:r:vold:s0 tcontext=u:object_r:vendor_sysfs_mmc_host:s0 tclass=file permissive=0

Change-Id: I8661014f083bddb48808335af5e8b2d2a751851c
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
 2022-12-16 10:06:23 +00:00
Qi Jin 4c0b6dad30 sepolicy: Add permission for QtiMapperExtension version 1.3 
Change-Id: I7591ad02c90aa4ff6aeb5aeaf2ea2b1c156cc3d0
 2022-12-16 07:35:19 +00:00
Omkar Chandorkar 23177c217d sepolicy: kona: label vendor_boot partition 
- devices like alioth ship with vendor_boot on kona

Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
Change-Id: Icc0ca6d1eaa2602e0ba927a85e1c639ae30c5a5f
 2022-11-09 06:45:09 +00:00
Jake Weinstein 2f16a29f0a perf: Set restricted cpuset to the same CPUs as system-background 
system-background should only include efficiency cores
and restricted should do the same in order to save
power while the screen is off. Copy system-background
CPUs instead of hardcoding to account for platforms
with varying numbers of efficiency cores.

Change-Id: I3a46190a2fa76eb1e9061a605c6a2e74006975de
 2022-11-09 03:38:48 +00:00
UtsavBalar1231 4ba8b00145 common: sepolicy: Allow Perf HAL to read cmdline 
Fixes [   30.378433] type=1400 audit(1667805344.191:499): avc: denied { read } for comm=41646170744C61756E636820566D name="cmdline" dev="proc" ino=80996 scontext=u:r:vendor_hal_perf_default:s0 tcontext=u:r:system_server:s0 tclass=file permissive=1

Change-Id: I8f1ddf532a1e4a99aca8fca63c53e34cc716ac99
 2022-11-09 03:38:37 +00:00
Jake Weinstein 5d67c870c3 common: sepolicy: Label ipebpsstriping170 for pinner 
Change-Id: I75ffd066ff6a5989bb6bd735278f63c7d9e57ea6
 2022-11-08 08:17:11 +00:00
Sandeep Singh d9f6752cbb common: sepolicy: Add permission for cnss-daemon to write in persist folder 
Add permission for cnss-daemon to create file in
/mnt/vendor/persist/wlan folder.

Change-Id: I11690dee5383e8555260a1c6bbfa266043ed395e
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
 2022-11-06 14:51:27 +00:00
UtsavBalar1231 39942ef559 common: sepolicy: Allow flipendo to find vendor_hal_perf 
This fixes ANDR-PERF-CLIENT-SYS not being accessed by flipendo
E SELinux : avc:  denied  { find } for interface=vendor.qti.hardware.perf::IPerf sid=u:r:flipendo:s0:c199,c256,c512,c768 pid=21903 scontext=u:r:flipendo:s0:c199,c256,c512,c768 tcontext=u:object_r:vendor_hal_perf_hwservice:s0 tclass=hwservice_manager permissive=0
E ANDR-PERF-CLIENT-SYS: IPerf:: Perf HAL Service 2.2 is not available.

Change-Id: I42a582864309f17e183e10baf04cbd01eba04913
Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com>
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
 2022-11-06 14:48:40 +00:00
Omkar Chandorkar 7a8a93d1a4 common: sepolicy: suppress harmless denials 
- for cleaner avc logs

Change-Id: I55f0317e38e6a2fc74739db9993f59e628d099c3
Co-authored-by: UtsavBalar1231 <utsavabalar1231@gmail.com>
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
 2022-11-05 17:33:25 +00:00
UtsavBalar1231 f50136a7a6 common: sepolicy: Allow init.qcom.usb.sh to create files in uvc.0 dir 
During the UVC conifguration initialiation qcom USB script tries to create multiple folder and symlinks
so allow qcom USB script to succesfully create them without any denials.

This fixes:
W init.qcom.usb.s: type=1400 audit(0.0:10): avc: denied { write } for name="uvc.0" dev="configfs" ino=27535 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W init.qcom.usb.s: type=1400 audit(0.0:11): avc: denied { write } for name="uvc.0" dev="configfs" ino=27535 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W mkdir   : type=1400 audit(0.0:12): avc: denied { write } for name="header" dev="configfs" ino=27537 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W ln      : type=1400 audit(0.0:13): avc: denied { write } for name="fs" dev="configfs" ino=27546 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W ln      : type=1400 audit(0.0:14): avc: denied { write } for name="ss" dev="configfs" ino=27547 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W mkdir   : type=1400 audit(0.0:15): avc: denied { write } for name="uncompressed" dev="configfs" ino=27550 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W mkdir   : type=1400 audit(0.0:16): avc: denied { write } for name="uncompressed" dev="configfs" ino=27550 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W mkdir   : type=1400 audit(0.0:17): avc: denied { write } for name="mjpeg" dev="configfs" ino=27551 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W mkdir   : type=1400 audit(0.0:18): avc: denied { write } for name="mjpeg" dev="configfs" ino=27551 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W mkdir   : type=1400 audit(0.0:19): avc: denied { write } for name="h264" dev="configfs" ino=27552 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W mkdir   : type=1400 audit(0.0:20): avc: denied { write } for name="h264" dev="configfs" ino=27552 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W mkdir   : type=1400 audit(0.0:21): avc: denied { write } for name="header" dev="configfs" ino=27549 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W ln      : type=1400 audit(0.0:22): avc: denied { write } for name="header" dev="configfs" ino=27549 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W ln      : type=1400 audit(0.0:23): avc: denied { write } for name="header" dev="configfs" ino=27549 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W ln      : type=1400 audit(0.0:24): avc: denied { write } for name="header" dev="configfs" ino=27549 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W ln      : type=1400 audit(0.0:25): avc: denied { write } for name="fs" dev="configfs" ino=27556 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W ln      : type=1400 audit(0.0:26): avc: denied { write } for name="hs" dev="configfs" ino=27557 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
W ln      : type=1400 audit(0.0:27): avc: denied { write } for name="ss" dev="configfs" ino=27558 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0

Change-Id: Ic092fe1d6ea0d42f0d4939ac3a4241ec0063697d
Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com>
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
 2022-11-05 17:33:25 +00:00
UtsavBalar1231 522391750b common: sepolicy: Allow init.qcom.post_boot.sh to set 
watermark_scale_factor

- addresses
W init.qcom.post_: type=1400 audit(0.0:42): avc: denied { write } for name="watermark_scale_factor" dev="proc" ino=52566 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:proc_watermark_scale_factor:s0 tclass=file permissive=0

Change-Id: Ib79c0208e758f03df5ce6652322802354836d6a5
Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com>
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
 2022-11-05 17:33:25 +00:00
UtsavBalar1231 24cc0790bc common: sepolicy: Allow init to modify read_ahead_kb and discard_max_bytes 
Change-Id: Ie5eee0883558a489c8cda2e4418f7a7144bf1ae1
Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com>
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
 2022-11-05 17:33:25 +00:00
kocolin 574d2193e2 common: sepolicy: Label libipebpsstriping for pinner 
Change-Id: I6806151eee833725e173903d03e9459839333565
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
 2022-11-05 17:33:25 +00:00
Jake Weinstein 4cf4a266c1 common: sepolicy: Remove blank msmsteppe policies 
Qualcomm removed them at
"removing some of the target dir from the component.", which
we reverted.

Change-Id: If2d407c03c112099b67bcd88d2ec4b31c0425642
 2022-10-30 02:31:07 +09:00
Jyotiraditya Panda 4bd3d38ceb sepolicy_vndr: lahaina: Fix rtc0 wakeup node label path. 
Fixes:

  W Binder:601_2: type=1400 audit(0.0:797): avc: denied { read } for name="wakeup15" dev="sysfs" ino=65223
    scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs_rtc:s0 tclass=dir permissive=0
  E android.system.suspend@1.0-service: Error opening kernel wakelock stats for: wakeup15: Permission denied

Change-Id: I7e3d90eab1b0a7ad73d810221bf1c7aca3936883
Signed-off-by: Jyotiraditya Panda <jyotiraditya@aospa.co>
 2022-10-29 11:58:28 +09:00
Jake Weinstein 9373746f3b common: sepolicy: Remove waipio policies 
These were added back at 'Revert "removing some of the target dir from the component."',
however, taro uses the taro directory.

Change-Id: Ide946d9db03f1f2ffbabab0203090238b18475f3
 2022-10-29 11:58:28 +09:00
Omkar Chandorkar 717123bb4d sepolicy_vndr: generic: allow tlocd to search for vendor_location_data_file 
Change-Id: I7a6e3679e8b3c216e034f0897218898539337e42
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
 2022-10-29 11:58:28 +09:00
Omkar Chandorkar 4e2cc088a4 sepolicy_vndr: generic: address ims denials for legacy stack 
Change-Id: Icd379fdefdeb8feabe7ec658cf8a4e8056b35e53
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
 2022-10-29 11:58:28 +09:00
Omkar Chandorkar 960bf8f349 Revert "Neural Networks: Remove NNHAL-1.3 configuration" 
This reverts commit b0b589b96c18ed37c77479ece367c6b34af7c56b.

Change-Id: Ifadb4bc83d580735ba9be940f0e77057f9e70e68
 2022-10-29 11:58:28 +09:00
Omkar Chandorkar 20d7c954dd sepolicy_vndr: generic: add poweropt sepolicy for kona 
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
Change-Id: I8477b7455b12dfa783d7e646b92726e6dc91361a
 2022-10-29 11:58:28 +09:00
Foxtrot47 09af1dabaf sepolicy_vndr: generic: Drop hbtp rule from msmnile 
Change-Id: Ib14ff840d752713da5cd1ca72e6516d5359beb6a
 2022-10-29 11:58:28 +09:00
chrisl7 df490c97ef sepolicy: vndr: Remove hal_rcsservice to all platform 
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
Change-Id: I140ee0b92bd1b47bb91e1c2df422e7e2b2676774
 2022-10-29 11:58:28 +09:00
MoetaYuko 3b251dd74c sepolicy: Fix genfscon for kona 
Change-Id: I4ed9e080904d7d2dbbb88a2da0aaffda37a0277b
 2022-10-29 11:58:28 +09:00
Omkar Chandorkar ae1f27b0b6 kona: fix compile 
Change-Id: I18270f41c2d53ce2b3628ab4bc843e8560557ba3
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
 2022-10-29 11:58:28 +09:00
Jake Weinstein 5a5b143fcd sepolicy: Add missing 8150-8350 policies from LA.UM.9.14 
Change-Id: Ibdecba5a310e3a2af4bb54f625986c8126d9669a
 2022-10-29 11:58:28 +09:00
Jake Weinstein dcca525fb8 Revert "removing some of the target dir from the component." 
This adds back SDM845, SM6125, SM8150, SM8250, SM8350,
and others.

This reverts commit 4346ce0d904984c5582d62cd9586a15abf2d62d5.

Change-Id: Idc0f96e28b4d47481d1281d34bf13859a45be1d8
 2022-10-29 05:03:45 +09:00