summaryrefslogtreecommitdiff
path: root/sepolicy
AgeCommit message (Collapse)Author
2021-04-19sdm660-common: sepolicy: Remove duplicate vendor_init ruleMichael Bestas
* It's already present in device/qcom/sepolicy-legacy-um * Fixes build after latest tag merge due to freq_prop -> vendor_freq_prop rename Change-Id: I54c7d76260041b7c383428449e149aa35d51c08f
2021-04-19sdm660-common: sepolicy: Add vendor prefix to qcom_ims_propMichael Bestas
* qcom_ims_prop -> vendor_qcom_ims_prop * Fixes build after device/qcom/sepolicy-legacy-um update Change-Id: I8d1b736deaaf54ce012cf3e42a4c927d43326631
2021-03-26sdm660-common: Fix some camera denialsSebastiano Barezzi
Change-Id: I172349433946883aa1035e91ab3ab703a96e7912
2020-12-21sdm660-common: sepolicy: Allow camera HAL read vendor_video_propMichael Bestas
Change-Id: I47490bfa19bfb6162d161ba0c5e9f48556ab6eff
2020-12-21sdm660-common: sepolicy: camera hal is hal_graphics_allocator_clientSteven Moreland
Before it had permissions to use hal_graphics_allocator_hwservice, but it didn't declare itself to be an allocator_client. Bug: 80319537 Test: boot + sanity Change-Id: I93a23cd3db270491e82b378507f3cb55063561e8
2020-12-21sdm660-common: sepolicy: camera HAL is a client of configstoreJeff Vander Stoep
Addresses: avc: denied { find } for interface=android.hardware.configstore::ISurfaceFlingerConfigs pid=817 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0 tclass=hwservice_manager permissive=0 Bug: 65454046 Test: camera app Change-Id: I84b92e5809b89b7f755322d485b92f5e7175a06a
2020-12-21sdm660-common: sepolicy: Resolve camera HAL denialsMichael Bestas
Change-Id: I589b8196c201baebd9c952a70043d317f2eb5d6b
2020-12-20sdm660-common: sepolicy: Address radio denialsLuK1337
Change-Id: If37262e6be3d31f51dcd482db04ce647ecd57e4d
2020-12-20sdm660-common: sepolicy: Label /persistLuK1337
Change-Id: I471c0d1fedb51eabc32b54ab35a9823db8efd034
2020-12-20sdm660-common: sepolicy: Use hal_attribute_lineage for mlipayMichael Bestas
Change-Id: I777042d5ade15bfa02724880f4bab4931e5772f5
2020-10-09sdm660-common: Move rtc contexts to device/qcom/sepolicyNolen Johnson
* In device/qcom/sepolicy-legacy-um now. Change-Id: I80b877d4b65a3d22cf7a61d70e08e48edeb627de
2020-05-10sdm660-common: Make fastrpc_shell_3 publicly availabledianlujitao
* Used by GCAM for DSP-accelerated HDR processing * Arguably we should label /vendor/dsp/cdsp/fastrpc_shell_3 to same_process_hal_file like Pixels, but the partition is prebuilt thus we're unable to relabel it. * Copy the file to writable tmpfs, setup attributes and bind mount back to workaround the limitation. Change-Id: Ide90e5c7307d413db5ece736e859559f06679545
2020-04-30sdm660-common: Label xiaomi ril propsdianlujitao
Change-Id: I14b172af1fac85448e4f632bfb128427d136376b
2020-04-30sdm660-common: sepolicy: Remove deprecated power HAL stats policiesMichael Bestas
Change-Id: If1b846c96c7c029afe73b9676e42b38cd2889dc8
2020-04-30sdm660-common: Move all props to properties.mkErfan Abdi
* Also add more, drop unused props Change-Id: I4cf605b6f6a5e5fcf05e84ceb30497bb7a29cfab
2020-04-30sdm660-common: sepolicy: Address some denialsDavide Garberi
Change-Id: Iaba642838e51a2c39c2961e30456148f9794f60e
2020-04-30sdm660-common: Address SELinux denials and clean updianlujitao
Change-Id: I997a268c9ce23eab80f1981293720e17d21bbb7a
2020-04-30sdm660-common: sepolicy: Label button backlight nodesdianlujitao
Change-Id: I594a07fc3e68f1b50f181c4b254811814990c599
2020-04-30sdm660-common: sepolicy: Clean up crappy rulesdianlujitao
Change-Id: I9d7312e6aaafdde2c0751f4887f05d8d5029ee04
2020-04-30sdm660-common: sepolicy: Label new TP nodedianlujitao
Change-Id: Id55db9b6614320650c8c61e698f71ddc9f04d086
2020-04-30sdm660-common: sepolicy: Drop unused sysfs_lightdianlujitao
Change-Id: I62bfac69bdcebaf7d484bbc39ea4e16f8beb8e6b
2020-04-30sdm660-common: sepolicy: Label IR dev node for jasondianlujitao
Change-Id: I7ba6af074485509a501f656587379fb0ba5b07d3
2020-04-30sdm660-common: sepolicy: Rework mlipay rulesdianlujitao
Change-Id: Ib3935dac1de548da5ba6902365b2bab969b3b3b1
2020-04-30sdm660-common: sepolicy: Label renamed white led nodeDavide Garberi
Change-Id: Ia7c3c47efb628f851dd377b2e09b6f8e150013e3
2020-04-30sdm660-common: Address thermal-engine denialsPIPIPIG233666
Change-Id: I7d824f1066638ec6e73ae80093737b380436ba80
2020-04-30sdm660-common: Address fp denialsPIPIPIG233666
Change-Id: Ie2abb5480d3442e5f64d532561ce657362f9f081
2020-04-30sdm660-common: sepolicy: Fix neverallowsDavide Garberi
Change-Id: I8a6258abb13755a51d9babd1074ea3893cd13f51
2020-04-30sdm660-common: sepolicy: Drop undefined typesDavide Garberi
Change-Id: I7e427c56a44931c99fc0e029b09bde69bacd4aa5
2020-04-30sdm660-common: sepolicy: Remove a duplicated typeDavide Garberi
Change-Id: Iff6632bfd67bf00dbf8980482b37b5a2c265f675
2020-04-30sdm660-common: sepolicy: add firmware labelsVolodymyr Zhdanov
* Q sepolicy doesn't have labels for these root folders anymore Change-Id: Ibc1f13968eb4de0868de149f1347ca07da1c581c
2020-04-30sdm660-common: sepolicy: Update fingerprint files contextsDavide Garberi
Change-Id: I648c03dab608d6989d69664d222ac1afff9231a8
2020-04-30sdm660-common: sepolicy: Remove fingerprint_data_fileDavide Garberi
* We can just use fingerprintd data file, which is already declared Change-Id: I1e7f176643142cd4326b45b3435040659b51d882
2020-04-30sdm660-common: sepolicy: Fix some hwservice fingerprint denialsDavide Garberi
avc: denied { find } for interface=com.fingerprints.extension::IFingerprintNavigation sid=u:r:system_server:s0 pid=1282 scontext=u:r:system_server:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager avc: denied { find } for interface=vendor.qti.hardware.perf::IPerf sid=u:r:hal_fingerprint_sdm660:s0 pid=845 scontext=u:r:hal_fingerprint_sdm660:s0 tcontext=u:object_r:hal_perf_hwservice:s0 tclass=hwservice_manager Change-Id: Id8a26ab1134d8ea4e7b0e712f19784180372ee8b
2020-04-30sdm660-common: biometrics: Address fingerprint denialsDavide Garberi
* Mostly just for goodix Change-Id: Ia8fb90fca742a220e31f206b344026c69e751bb0
2020-04-30sdm660-common: sepolicy: vendor_init: Use set_propDavide Garberi
Change-Id: Ica6c87d562f257e7395fab7a80dfc8f4e5b8553c
2020-04-30sdm660-common: sepolicy: Allow qti_init_shell to write to read_ahead_kbDavide Garberi
avc: denied { write } for pid=4565 comm="init.qcom.post_" name="read_ahead_kb" dev="sysfs" ino=52742 scontext=u:r:qti_init_shell:s0 tcontext=u:object_r:sysfs_dm:s0 tclass=file Change-Id: I3e5350eb67aa9a0e539d74c2ecbd7114e03ffdc5
2020-04-30sdm660-common: sepolicy: Silence hal_perf_default dac_* denialsdianlujitao
Change-Id: Icaefcf91ea08813bb84ce33effec44d037bd5145
2020-04-30sdm660-common: Update dt2w proc nodeDavide Garberi
* Commonized procfs node for all the variants of tulip, whyred and wayne/jasmine Change-Id: I234761530e5567ac6d46ad9fa912496046c3c4bd
2019-09-18sdm660-common: Convert to 660 common treeDavide Garberi
Change-Id: I903039730f4181f6a326f28e0ea212db68bdabcc
2019-09-01wayne-common: Add BOARD_PLAT_[PUBLIC|PRIVATE]_SEPOLICY_DIRDan Cashman
Move vendor policy to vendor and add a place for system extensions. Also add such an extension: a labeling of the qti.ims.ext service. Bug: 38151691 Bug: 62041272 Test: Policy binary identical before and after, except plat_service_contexts has new service added. Change-Id: I1493c4c8876c4446a1de46b39942098bf49c79f8
2019-09-01wayne-common: Address denials for PIsaac Chen
Signed-off-by: Isaac Chen <tingyi364@gmail.com> Change-Id: I6759914e91c1cc437304d74328e970daeb3d25e3
2019-09-01wayne-common: Access mlipay hal via a binder servicedianlujitao
* Untrusted apps are no longer allowed to directly access hwbinder on Pie, implement a system service as a middleware between mlipay hal and untrusted apps. * Xiaomi uses similar solution for MIUI on Pie. Change-Id: Ie52376b1f7bcd84d219fe73bceb4bdd6cc2b9980
2019-08-13wayne-common: rootdir: Remove sensors init shell scriptBruno Martins
Change-Id: Ice50a9c83a708d7f8300978048cd00c71e88abc8
2018-12-29wayne-common: Support Alipay fingerprint paymentdianlujitao
* IFAA manager is based on OnePlusOSS, but adapted for Xiaomi's mlipay interface.Also hardcode model detection to pass Alipay check. * vendor.xiaomi.hardware.mtdservice@1.0.so is not actually used, thus patchelf to drop it rather than shipping a blob. * Modify libmlipay.so to allow load firmware from vendor Change-Id: Idf3d3a8d40245984767f4ef5f60f9fe584e69f21
2018-08-05wayne: sepolicy: Address IR denialsIsaac Chen
Signed-off-by: Isaac Chen <isaacchen@isaacchen.cn>
2018-07-31wayne: sepolicy: Address btnvtool denialIsaac Chen
Signed-off-by: Isaac Chen <isaacchen@isaacchen.cn>
2018-07-31wayne: sepolicy: Address camera denialsIsaac Chen
Signed-off-by: Isaac Chen <isaacchen@isaacchen.cn>
2018-07-31wayne: sepolicy: Add sepolicy for goodix scriptTheScarastic
Change-Id: Ic8b7dba6a5660c17f5db1c743e5d22f31ae1b1b3
2018-07-27wayne: sepolicy: Initial denialsIsaac Chen
Signed-off-by: Isaac Chen <isaacchen@isaacchen.cn>