pa-fazil
/
android_device_qcom_common
mirror of https://github.com/fazilsheik96/android_device_qcom_common.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,362 Commits 20 Branches 0 Tags 11 MiB
Commit Graph

107 Commits

Author SHA1 Message Date
Jprimero15 c82350882a common: sepolicy: legacy: allow qti_init_shell to write on watermark_scale_factor 
* https://github.com/AOSPA/android_device_qcom_common/blob/topaz/vendor/init/init.qcom.post_boot.sh#L824

Change-Id: I66139b318596d54dcb811620a2c4ecf8950b3b44
Signed-off-by: Jprimero15 <jprimero15@aospa.co>
 2023-06-02 13:46:16 +00:00
Jprimero15 ce7c22c056 common: sepolicy: legacy: define wcnss_persist_file 
Change-Id: I8068109c5abd85d390e9f93877186e991df0af9f
Signed-off-by: Jprimero15 <jprimero15@aospa.co>
 2023-05-31 08:19:25 +00:00
Jprimero15 384d73e77c common: sepolicy: legacy: define proc_boot_reason 
Change-Id: I24f29c536503fc45f12b036ec2a96eb2d413ea23
Signed-off-by: Jprimero15 <jprimero15@aospa.co>
 2023-05-31 08:19:25 +00:00
Ahmed Harhash 2751d5571c
sepolicy: vendor: kona: Remove duplicate wakeup entries 
Change-Id: I013f96dc9d2ec8dfef06f667fc9348e7d11ff3aa
 2023-05-29 05:02:25 +03:00
Jprimero15 6c657541a4 common: sepolicy: legacy: More init denial fixes 
Change-Id: Ia651fe66461e9ca7c915af3c3553c2f23fdaf8ec
Signed-off-by: Jprimero15 <jprimero15@aospa.co>
 2023-05-28 01:30:23 +00:00
Jprimero15 a296eb57a5 common: sepolicy: legacy: More WIFI HAL denial fixes 
Change-Id: I9f736317b8157838a65e3107d8c6aceb29a045a9
Signed-off-by: Jprimero15 <jprimero15@aospa.co>
 2023-05-28 01:30:04 +00:00
Jprimero15 d41d3eb369 common: sepolicy: legacy: Label QTI GNSS HAL 
Change-Id: I40207d672743bf367b21cd6f2453a1f8aee69993
Signed-off-by: Jprimero15 <jprimero155@gmail.com>
Signed-off-by: Jprimero15 <jprimero15@aospa.co>
 2023-05-28 01:29:52 +00:00
Jprimero15 83ca0e2869 common: sepolicy: legacy: allow qti_init_shell to read boot_reason 
[   15.742123] type=1400 audit(4539769.653:274): avc: denied { read } for comm="cat" name="boot_reason" dev="proc" ino=14760 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:proc_boot_reason:s0 tclass=file permissive=0

Signed-off-by: Jprimero15 <jprimero155@gmail.com>

Change-Id: I0014b14ae63a11123b827be4e3bcab16cfdb7484
Signed-off-by: Jprimero15 <jprimero15@aospa.co>
 2023-05-28 01:29:41 +00:00
Jprimero15 9db506c58d common: sepolicy: legacy: Label init.qti.chg_policy.sh 
* should not be limited to sdm710 and sdm845 because this is needed for charging component
* follow the format of other qti init shell labeling

Change-Id: Ie05fddd1dbf8e5789831f6ec5c7450607705b4f4
Signed-off-by: Jprimero15 <jprimero15@aospa.co>
 2023-05-27 06:51:41 +00:00
Jprimero15 ec0d26d4e2 common: sepolicy: legacy: Unlabel /sys/vm/dirty_ratio 
* labeled already on b6f0b6ffef

Change-Id: I8dd40a1dd589d3f20e62c66a4d3231ca57dbe815
Signed-off-by: Jprimero15 <jprimero15@aospa.co>
 2023-05-19 15:38:51 +08:00
Jprimero15 900ea29a5d common: sepolicy: legacy: allow vendor_init to write on watermark_scale_factor 
* [   34.822814] type=1400 audit(1684370886.288:56): avc: denied { write } for comm="init" name="watermark_scale_factor" dev="proc" ino=37383 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc_watermark_scale_factor:s0 tclass=file permissive=0

Change-Id: I9878d93608e60d45d611b3fe76120403cb05b875
Signed-off-by: Jprimero15 <jprimero15@aospa.co>
 2023-05-19 04:52:08 +00:00
Juhyung Park 1e233bbfc8 sepolicy: location: fix socket accesses 
These daemons need connecto vendor_location.

This fixes the following errors:

05-18 17:37:02.904  1487  1487 I LOWI-9.0.0.89.d: [MessageQ_Client] connecting to server [/dev/socket/location/mq/location-mq-s]
05-18 17:37:02.904  1487  1487 E LOWI-9.0.0.89.d: [MessageQ_Client] connect error: 13, [Permission denied]
05-18 17:37:02.904  1487  1487 E LOWI-9.0.0.89.d: [MessageQ_Client] connect failed 3
05-18 17:37:02.904  1487  1487 W LOWI-9.0.0.89.d: [LOWIController] retry count 4
05-18 17:37:02.903  1487  1487 W lowi-server: type=1400 audit(0.0:66): avc: denied { connectto } for path="/dev/socket/location/mq/location-mq-s" scontext=u:r:vendor_location_lowi_server:s0 tcontext=u:r:vendor_location:s0 tclass=unix_stream_socket permissive=0 srawcon="" trawcon=""

Change-Id: Ia5e2a365648f47bc8e6a17baff6e7a580641ffb7
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
 2023-05-18 19:24:43 +09:00
Juhyung Park cd16ba98c6 sepolicy: vendor_qti_init_shell: allow R/W to UFS nodes 
This allows post_boot script to change values related to UFS,
such as clkscale_enable.

Change-Id: I8426971a108755a7f5ecfa87ad1e6bae6a7740ea
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
 2023-05-18 19:24:43 +09:00
Juhyung Park 4f238d4e15 sepolicy: vendor_qti_init_shell: allow R/W to swap nodes 
This allows post_boot script to change values related to swap.

Change-Id: I7a72d3d0bcd9b57ac9cb75e9d5f5993ac8802778
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
 2023-05-18 19:24:42 +09:00
Jprimero15 8ded1d1d3e common: sepolicy: legacy: allow surfaceflinger to search hal_graphics_composer_default 
* 05-17 11:51:43.193 W/binder:718_2(718): type=1400 audit(0.0:296): avc: denied { search } for name="667" dev="proc" ino=60796 scontext=u:r:surfaceflinger:s0 tcontext=u:r:hal_graphics_composer_default:s0 tclass=dir permissive=0

Change-Id: I4b0afddef711247963a98c0b9d48ac1d81a37138
Signed-off-by: Jprimero15 <jprimero15@aospa.co>
 2023-05-18 07:33:48 +00:00
Mashopy 994059496a sepolicy: vendor: kona: Remove duplicate entries 
Change-Id: Ib9ea4cd6a8b3d57c1c3727f34b3d610307587a33
 2023-05-14 19:46:22 +02:00
chrisl7 e27d9d435e sepolicy: Import missing SM8450 sepolicy definition from LA.VENDOR.1.0.r1-21200-WAIPIO.QSSI13.0 
Change-Id: I17b7efdd84e3f95fd1db796473a1cc2e926619ad
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
 2023-05-14 06:52:21 -04:00
Mashopy e6e1d5e363 sepolicy: common: Allow ueventd to search for vendor_persist_wcnss_service_file dir 
Change-Id: Iecc01d9a61f8f8ccb2646f3a58aeffc1f7b58ee6
 2023-05-11 02:09:31 +00:00
Mashopy 1cb09986ee sepolicy: kona: Fix some sysfs_wakeup node 
Found by SuspendSepolicyTests.sh

Change-Id: Ic9abc73025f93f2c40d69d92068c2ceabc085999
 2023-05-11 02:09:19 +00:00
chrisl7 db2202c52b sepolicy: qva: Fix vendor_qcc_trd_2 denials 
Change-Id: Id005c897cb2b1cc77d9aa9eef9304499f29f0070
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
 2023-04-17 10:36:08 +00:00
chrisl7 909a0dfee4 sepolicy: qva: Add missing hvdcp sepolicy definitions 
Change-Id: I1ddcb79c7d4de6276b65d21a14bed1689267c7a1
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
 2023-04-17 07:35:40 +00:00
Jake Weinstein 72c649838a common: sepolicy: lahaina: Remove qwesd policy 
This is in common sepolicy_vndr now.

Change-Id: I58b8bd8bf7296751fbade8de8fb4eefab688a13e
 2023-03-14 01:16:51 -03:00
Jake Weinstein 2613ba50cd common: Remove eID policies from holi and lahaina 
These are no longer defined in LA.VENDOR.13.2.0
sepolicy_vndr. We don't use eID anyway, so
remove from common policies too.

Change-Id: Idcf15d1c7aa8c2fb2924bd2c81731d6b034ea84a
 2023-03-14 01:16:51 -03:00
chrisl7 c3ae3ca3de common: sepolicy: Import missing sepolicy rules from taro 
Change-Id: I2f6f49df4a9113e65c6250801775e452b22c4e90
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
 2023-03-14 01:16:51 -03:00
chrisl7 ce7ff0e820 common: sepolicy: Adapt sepolicy to LA.VENDOR.13.2.0.r1-13100-KAILUA.0 
[1] - Move partally bengal to sepolicy_vndr, keep 4.19 specifc nodes here
[2] - Keep kona here for now
[3] - Import msmsteppe from taro sepolicy_vndr
[4] - Use neuralnetworks on sepolicy_vndr

Change-Id: Icda5ebce28b97d45c8067f08be98d85313ab1474
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
 2023-03-14 01:16:51 -03:00
Jarl-Penguin 4882f293e8 common: sepolicy: legacy: Allow system_app to read fm_radio_device 
* This was moved to platform_app in c0d7a5ce1d593f6bc5cb8bef8a108e9ec04cd51d, but AOSP FM app is still system_app

Fixes:
I auditd  : type=1400 audit(0.0:74): avc: denied { read } for comm="android.fmradio" uid=1000 name="radio0" dev="tmpfs" ino=15585 scontext=u:r:system_app:s0 tcontext=u:object_r:fm_radio_device:s0 tclass=chr_file permissive=0

Signed-off-by: Jarl-Penguin <jarlpenguin@outlook.com>
Change-Id: I9f662803390697b9456d18a4186ee7d7d6ac2e50
Signed-off-by: Jprimero15 <jprimero155@gmail.com>
 2023-03-09 13:13:50 +00:00
Michael Bestas 2e8910f831 common: sepolicy: legacy: Label persist.vendor.camera.debug.logfile 
* Used in recent camera HALs

Change-Id: I81ac7c9bf262365a6baabde3fac5ce652c8e683c
Signed-off-by: Jprimero15 <jprimero155@gmail.com>
 2023-03-09 13:13:50 +00:00
Adithya R d88799f3aa sepolicy: Allow NNHAL full read access to {q,x}dsp_device 
Required on 5.4 and older platforms.

Change-Id: Ied9eea539b95e21dc1584d671cdfbc59ef73df33
 2023-03-07 04:35:15 +00:00
electimon 6e93bc0b99 common: sepolicy: Move AOSPA specific sepolicies to their own folders 
* With this, qcom common sepolicy compiles on AOSP based ROMs.

Change-Id: Ie5e2c5660305a859ebfb0ddbec8fd19be3ac11e4
Signed-off-by: electimon <electimon@gmail.com>
 2023-03-05 02:01:32 +08:00
chrisl7 7f06544cb0 vendor: telephony Enable singlereg.feature for all 4.14, 4.19 and 5.4 
[1] - It appears that Qualcomm has enabled this for all through IQtiRadio 2.7 in descending order, starting with 9.16, 9.15, 9.14...
      all our latest bsp are with IQtiRadio 2.7, so enable it

[2] - Fix IUceService logspam

Change-Id: I24bb664bda3559751b7e3757420be4d290765a59
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
 2023-02-27 00:00:00 +00:00
Omkar Chandorkar 181a629d1e sepolicy: address hub denials 
- fixes `02-05 18:56:02.829  6540  6540 W TcmReceiver: type=1400 audit(0.0:75): avc: denied { connectto } for path="/dev/socket/tcm" scontext=u:r:hub_app:s0:c512,c768 tcontext=u:r:vendor_dpmd:s0 tclass=unix_stream_socket permissive=0 app=co.aospa.hub`

Change-Id: I6cef7dbbef2bbe776b3eb26dc45772f1579b75b3
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
 2023-02-17 05:43:49 +00:00
Ahmed Harhash 1c9e2c17c2 common: sepolicy: kona: Drop qtr_sdk_use policy 
Change-Id: Iab055b6fd5c1c8343272d5286c71886ac61105a1
 2023-02-16 18:34:09 +00:00
Jake Weinstein 82fe1b8dff common: sepolicy: lahaina: Add more wakeup nodes 
Test: SuspendSepolicyTests.sh on Nothing Phone (1).

Change-Id: Ifd6de26fd53571e156a8f649350729063097b1e5
 2023-02-16 02:23:42 +00:00
Pavan Kumar M 8bb35d5a51 common: sepolicy: Add sepolicy rules to run imsdaemon on bengal 
Change-Id: I29a810f7daf1aa147261b08b4005ee6edb06267a
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
 2023-02-15 20:20:12 +00:00
Ashok Gandla cbf98010b6 common: sepolicy: QCS6125: support for vendor_boot and init_boot partion 
Included vendor_boot and init_boot partion for AB OTA

Change-Id: Iaaf1c6660a6691ed6a474ed6debdc4d239f7e52b
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
 2023-02-15 20:18:48 +00:00
chrisl7 6e32a4d4dd sepolicy: Update SM8150-8350 sepolicy 
[1] - From LA.UM.9.16.r1-12800-MANNAR.QSSI13.0

Change-Id: I1d78ebd7336b550792a797b3e243472288a73b73
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
 2023-02-15 20:18:20 +00:00
Kujou Yuko 01114b5c86 sepolicy: common: Don't audit storaged to read debugfs_mmc files 
* This sepolicy triggers a neverallow check on new platforms (e.g.
   taro).

Ref:
 1. https://git.codelinaro.org/clo/la/platform/system/sepolicy/-/blob/LA.QSSI.13.0.r1-09000.01-qssi.0/public/te_macros#L537-L547
 2. https://git.codelinaro.org/clo/la/platform/system/sepolicy/-/blob/LA.QSSI.13.0.r1-09000.01-qssi.0/private/domain.te#L588-L600

Change-Id: I453920dc5e2f4d1695c06e8ad2ba1540024dab4d
 2023-02-15 06:45:39 +00:00
Jprimero15 d6dabf22d9 common: sepolicy: legacy: Fix more pasr memory denials 
01-04 05:26:11.303 W/.pasr   (3079): type=1400 audit(0.0:179): avc: denied { read } for name="u:object_r:vendor_pasr_prop:s0" dev="tmpfs" ino=15696 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:vendor_pasr_prop:s0 tclass=file permissive=0 app=com.qti.pasrservice
01-04 05:26:20.209 E/SELinux (443): avc:  denied  { find } for interface=vendor.qti.memory.pasrmanager::IPasrManager sid=u:r:hal_pasrmanager_memory_qti:s0 pid=6570 scontext=u:r:hal_pasrmanager_memory_qti:s0 tcontext=u:object_r:hal_pasrmanager_memory_hwservice:s0 tclass=hwservice_manager permissive=0
01-04 08:16:59.438 E/SELinux (443): avc:  denied  { add } for interface=android.hidl.base::IBase sid=u:r:hal_pasrmanager_memory_qti:s0 pid=4636 scontext=u:r:hal_pasrmanager_memory_qti:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=0

Change-Id: I3633de8c2775e60f78c44a0cea3c9416f7506c9a
Signed-off-by: Jprimero15 <jprimero155@gmail.com>
 2023-02-08 07:41:32 +00:00
Sudarshan Rajagopalan 9bd6d99dc1 common: sepolicy: legacy: Add policy for new pasr hal 
Add sepolicy for vendor.qti.memory.pasrmanager.
 - define property contexts for pasr
 - include get_prop permission for vendor.pasr. properties

Change-Id: I94ff1a9c261496e3bffa072bb4efd24b46e8bb3c

Jprimero15 Edits:
* removed: type hal_pasrmanager_memory_hwservice, hwservice_manager_type; (duplicated from sepolicy-legacy)
* commented out: hal_attribute_hwservice(hal_pasrmanager_memory, hal_pasrmanager_memory_hwservice) (neverallow)
* applied commit: Attach vendor_property_type to properties
* changed /vendor/ to /(vendor|system/vendor)/

Change-Id: Id9f1f7756a15ba610ea2fcf64ff647527f725b0a
Signed-off-by: Jprimero15 <jprimero155@gmail.com>
 2023-02-05 05:55:38 +00:00
Jprimero15 4b3f799654 common: sepolicy: legacy: hal_perf -> vendor_hal_perf 
Change-Id: Iee50c1931b2865f0ddbc2aa89113cdc6deaea358
Signed-off-by: Jprimero15 <jprimero155@gmail.com>
 2023-02-05 03:14:38 +00:00
Jprimero15 45cd2b9b5f common: sepolicy: legacy: More denial fixes 
* add dontaudit while at it

Change-Id: Ibab56cd5ecc6959ec34e492a5b2f028650489e10
Signed-off-by: Jprimero15 <jprimero155@gmail.com>
 2023-02-05 03:14:30 +00:00
Michael Bestas 18f7f724fd common: sepolicy: legacy: Label persist.vendor.bluetooth. properties 
* As seen on non legacy

Change-Id: I06c8b554256565f536fc643e3a743272c841cdef
Signed-off-by: Jprimero15 <jprimero155@gmail.com>
 2023-01-25 10:53:53 +00:00
Chirayu Desai db5ad3323a common: sepolicy: legacy: Label persist/rfs recursively 
* restorecon_recursive silenty fails otherwise.

Change-Id: If31d9b55dc68f39ee6b43d784167e7233b8e07c8
Signed-off-by: Jprimero15 <jprimero155@gmail.com>
 2023-01-25 10:53:30 +00:00
Bruno Martins 24e89eed83 common: sepolicy: legacy: Allow mm-qcamerad to access v4L "name" node 
Change-Id: I42b329d782795feed776b09d5c12d89be9bac868
Signed-off-by: Jprimero15 <jprimero155@gmail.com>
 2023-01-25 10:52:59 +00:00
Bruno Martins f5ce19c896 common: sepolicy: legacy: Fix video4linux "name" node labeling 
Do u even regex, br0?

Change-Id: If907448d394f967268c9f72051bec5a47220087b
Signed-off-by: Jprimero15 <jprimero155@gmail.com>
 2023-01-25 10:52:37 +00:00
Bavyasritha Alahari 5c4dff9a3f common: sepolicy: legacy: remove legacy sysmon_app domain 
Remove unused sysmon_app domain from the legacy test
and corresponding rule in seapp_contexts.

Change-Id: I54390f9d186477e5ac52b363392db4efbe546664
 2023-01-25 10:50:35 +00:00
Michael Bestas 97e4802166 common: sepolicy: legacy: Label persist partition for all SoCs 
Change-Id: I8db3acb9a1b958ec59c7f14c6ee16ea466548cc7
Signed-off-by: Jprimero15 <jprimero155@gmail.com>
 2023-01-25 10:50:14 +00:00
Jake Weinstein 2b1d3d1de6 common: sepolicy: legacy: Add support for MSM8937/MSM8953/MSM8998/SDM660 
from LA.UM.9.6.4.r1-03900-89xx.QSSI13.0 and LA.UM.11.2.1.r1-02600-sdm660.0

Includes support for MSM8937/MSM8953/MSM8998/SDM660

Change-Id: Iaa111b2eebaf7ef755b57cea26d6c4ba0a4d5def
 2023-01-20 06:42:13 +00:00
Tobias Merkel 25050e82ef common: sepolicy: move hub_app rules to private 
Change-Id: I16b8c19d3753b9aa9236c924188400aaa476e1fc
 2023-01-20 06:20:10 +00:00
Jake Weinstein f815cf4635 common: sepolicy: Commonize system SEPolicy 
There's no reason for these to be separate since
all devices use the same QSSI system policy.

This also fixes inheriting of system policies
as the directory in the Makefile and
the actual directory did not match before.

Change-Id: I48b178f136b2a6ff0d0bb36264149b46ef3884c4
 2023-01-20 03:18:58 +00:00