NekoSakura/Android_Device_Mediatek_Sepolicy_Vndr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
113 Commits 2 Branches 0 Tags
Commit Graph

91 Commits

Author SHA1 Message Date
bengris32
d2d073ce17 basic: non_plat: Label MediaTek USB Gadget HAL 
Change-Id: I0ddb15426453b880777235ae614d8b8b988dfac6
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2024-03-26 14:53:21 +01:00
Yifan Hong
18632d849e
basic: non_plat: Allow binder services to r/w su:tcp_socket 
Test: binderHostDeviceTest
Bug: 182914638
Change-Id: Ie3d3b575d256a84e2dd31dcfab3ba305f54d02a6
 2024-03-22 16:26:04 +00:00
Sarthak Roy
c148d3271a basic: Drop dtbo_block_device duplicate declaration 
* 1b2d9de08d%5E%21/#F2

Signed-off-by: Sarthak Roy <sarthakroy2002@gmail.com>
Change-Id: Ibaa813bd61be3080818c533f28dc74374bf1e90f
 2024-03-20 22:48:01 +05:30
bengris32
850b3d36fd
basic: non_plat: Unlabel preloader_raw block devices 
Change-Id: Ice2b087fc78ef9decba27f6b0fc2e20400ff09ff
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2024-03-01 15:12:56 +00:00
bengris32
d6e1e340cc
basic: plat_private: Label create_pl_dev 
Change-Id: Ia69ffe6264bef39554b708fa8bb3c70375431e2f
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2024-02-29 23:44:13 +00:00
bengris32
b2b0b1bb8f
basic: non_plat: Label PELT multiplier node 
Change-Id: If65e215fc819608bc9558a844884a3596a94c32b
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2024-02-28 21:03:15 +00:00
Matsvei Niaverau
1263da2195 basic: non_plat: Label AIDL MediaTek USB legacy service 
Change-Id: I0256c49668526104fa742592b15084a1076cf568
 2024-02-16 15:50:43 +01:00
bengris32
d22a2ab888
basic: non_plat: Address OSS USB gadget HAL denials 
Change-Id: Ie5ca5a229d145a84e940d9f29205cf3e9282531a
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2024-02-15 12:45:19 +00:00
Woomymy
ab2549b89a
basic: non_plat: Address init.insmod.sh denials 
Change-Id: I2b858d17db6b8edf07f34f12f38342ae519056c8
Signed-off-by: Woomymy <woomy@woomy.be>
 2024-02-15 12:02:05 +00:00
Adam Shih
40ea9e1bf7
basic: non_plat: Let GPU reload 
02-22 12:59:47.955    15    15 I mali 28000000.mali: reloading firmware
02-22 12:59:47.955    15    15 W mali 28000000.mali: loading /vendor/firmware/mali_csffw.bin failed with error -13
02-22 12:59:47.955    15    15 W mali 28000000.mali: Direct firmware load for mali_csffw.bin failed with error -2
02-22 12:59:47.955    15    15 E mali 28000000.mali: Failed to reload firmware image 'mali_csffw.bin'
02-22 12:59:47.920    15    15 W kworker/0:1: type=1400 audit(0.0:10): avc: denied { read } for name="mali_csffw.bin" dev="dm-4" ino=5689716 scontext=u:r:kernel:s0 tcontext=u:object_r:same_process_hal_file:s0 tclass=file permissive=0

Bug: 220801802
Test: device can resume after an hour of suspend.
Change-Id: Ib252d6b1ac50ba7578a2ebf8cd8745004c385378
 2024-02-12 21:13:18 +00:00
bengris32
02bdb90a6e
basic: non_plat: Allow vendor_init to set audio/pq properties 
Change-Id: I716b162f4fb25b19af07016af01d4003770b5628
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2024-02-07 22:54:27 +00:00
Giovanni Ricca
66e32b32e1
basic: Allow keymint to set soter props 
Change-Id: I1413f622d6d3d206b780e1ba996b65ab46a9a926
 2024-02-02 19:46:03 +01:00
Giovanni Ricca
508c45b356
basic: Allow mtk_hal_nvramagent access to dts nodes 
Change-Id: Ie890831b4a31d7595bd5bc0d3d48d8af35fb0afb
 2024-01-02 16:10:24 +01:00
Giovanni Ricca
532b60ca02
sepolicy: Guard invalid labels 
* MTK devices with R vendor and older still depends on those labels

Change-Id: If2e78d5a22722b0038afbb6f9a651bc073b8f4c8
 2023-12-28 11:50:04 +01:00
bengris32
88ca19b34a
basic: non_plat: Label MediaTek audio service 
Change-Id: Ibf4a8bcde2425d30eb809a35501723c9630fd343
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-12-21 17:02:20 +00:00
bengris32
c5509c7506
basic: non_plat: Label AIDL thermal service 
Change-Id: I19e9081bb7437ab05100ac21800a452d4f683ea7
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-12-19 22:41:31 +00:00
Sarthak Roy
2864204ce0 sepolicy: Drop duplicate declaration of mediaserver64/drmserver64 
Signed-off-by: Sarthak Roy <sarthakroy2002@gmail.com>
Change-Id: I0f0365395d1040febadd533898dce66d001ddcca
 2023-10-29 17:44:17 +00:00
SamarV-121
a58d7459e5 sepolicy: isolated_app -> isolated_app_all 
* neverallow

Change-Id: If7dbddf30472de3b7c04c2e4f9a27e03e6ada619
 2023-10-29 17:44:17 +00:00
Sarthak Roy
d0ef16e8db sepolicy: Drop fuseblk duplicate declaration 
* 30ae427ed0%5E%21/#F7

Signed-off-by: Sarthak Roy <sarthakroy2002@gmail.com>
Change-Id: I502237dc1712bcb8a542ad604d907bd3de363e63
 2023-10-29 17:44:11 +00:00
bengris32
f3e97c194d
basic: non_plat: Label AIDL ST NFC service 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-10-23 23:25:58 +01:00
bengris32
fd99152e17
basic: non_plat: Allow rebalance_interrupts to read affected_cpus 
Change-Id: I2bd9a7e71033a0cf91b93531c5fb41d302796397
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-09-05 13:18:58 +01:00
bengris32
011d637e43
basic: non_plat: Import pixel rebalance_interrupts rules 
Change-Id: Idb03fd0632995e52cc9b9f008bd46002a6cc1628
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-09-05 13:12:00 +01:00
bengris32
1313d51047
treewide: Completely drop mtk_hal_audio type 
* We can just use AOSP's hal_audio_default. This removes the
  need for a renamed audio service.

Change-Id: Id698bd318194c942ea117aefde7ff7864216e1e3
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-09-05 00:06:24 +01:00
bengris32
a75fe8033b
basic: non_plat: Label AIDL ConsumerIr service 
Change-Id: I8f60b1180234a2cc9239f291e89beb407d8cd830
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-09-04 23:59:45 +01:00
Woomymy
5deeb70766
basic: non_plat: Kang pixel thermal SEPolicy 
* From hardware/google/pixel-sepolicy/thermal

[Woomymy]: Fix conflicts with mediatek common sepolicy
Change-Id: Ida6d12314cc81d11df33111472b08c71e62a96b5
Signed-off-by: Woomymy <woomy@woomy.be>
 2023-09-04 23:11:05 +01:00
bengris32
572ec1ab71
basic: non_plat: Label AIDL MediaTek USB service 
Change-Id: I88489daf72be4eff43126275be9985ef23deaeab
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-09-04 22:58:39 +01:00
SamarV-121
246b7d6cbf
basic: non_plat: Label MediaTek health AIDL 
Change-Id: I643ae8a4a0e87621105a91f08030b2a6b8845ef6
 2023-08-29 12:20:09 +01:00
Woomymy
9817fe434d
basic: non_plat: Allow communication between mtk_hal_power and hal_power_default 
Change-Id: I1c9f879ca89702e32a912c4e4a147365b718ed22
 2023-08-18 22:16:42 +01:00
bengris32
0f211dd090
basic: non_plat: Share PowerHAL property for libperf and mtkpower 
Change-Id: If1cb7ba044925cc0b15f144dfea1743f6c59ef84
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-16 21:23:43 +01:00
bengris32
526d1f2d0e
sepolicy: basic: non_plat: Allow {vendor_}init to write to sysfs_devices_block 
* Init adjusts discard_max_bytes.

Change-Id: I00b80a62aad8fe201d501f42127812158158b1fa
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:37 +01:00
bengris32
63f03be658
sepolicy: basic: non_plat: Allow vendor_init to adjust dirty_writeback_centisecs 
Change-Id: I46b3f5c61c9f85c0774d1ded05aaf77114139fce
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:36 +01:00
bengris32
d73d1700e3
sepolicy: basic: non_plat: Allow Sensors HAL to write to SCP log 
Change-Id: I51887fd93ed97e96de214383c20b6b905af2347e
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:36 +01:00
bengris32
e4dbda893d
sepolicy: basic: non_plat: Allow PQ HAL to use /dev/ion 
Change-Id: I096876eb593745a30806ebcb23b78100819ecb7b
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:36 +01:00
bengris32
16d912d4b2
sepolicy: basic: non_plat: Label 13000000.mali memtrack nodes 
Change-Id: I44dae5f9fceba3dd9e7fe0989aeaff1faf01c466
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:36 +01:00
bengris32
7d3ebfc10b
sepolicy: basic: non_plat: Label /class/thermal sysfs 
Change-Id: Id41e9a73ac36f110ef2b083fc49e435b4aef11c0
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:33 +01:00
nift4
baea66a53f sepolicy_vndr: add sepolicy for power off alarm 
Change-Id: Id58c4819ccb51e42158c4af39cf9245f206f9fb9
 2023-07-23 16:48:11 +02:00
SamarV-121
431046546e
sepolicy: Add rules for mediatek mali memtrack HAL 
Change-Id: I0591fea2c492ea2a5613b9af17bcc1384fd31b76
 2023-05-08 00:44:05 +05:30
Vaisakh Murali
168dfe22c0
sepolicy: Initial sepolicy for power-libperfmgr 
Change-Id: Id2f47056b9e25e3663281b4cbe210e7715969d9d
 2023-04-27 22:26:16 +05:30
bengris32
d3173a129b
sepolicy: Label stub mtkpower service 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I1d3d6be0cbd2bcc73e4654ec4b58f68473f9af7f
 2023-04-27 22:25:50 +05:30
SamarV-121
cd4658785d
sepolicy: Label thunderquake_engine nodes 
Change-Id: Iea2ff7e3539ea74df75fb9d4f1cb69197e60b39d
 2023-04-27 22:25:38 +05:30
SamarV-121
6c1dc1cc06
sepolicy: Allow init to create xcap sockets 
I auditd  : type=1400 audit(0.0:191): avc: denied { create } for comm="init" name="vendor.xcap" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0

Change-Id: I44fade622638a8ea64afcb6569515ca2c231c84c
 2023-04-27 14:43:59 +05:30
SamarV-121
8c706294c1
sepolicy: Add rules for xcap 
Change-Id: I19c1f971b08e8d08f9c44d33b8036a267eee1e99
 2023-04-27 14:43:54 +05:30
LinkBoi00
5800f20308
Revert "sepolicy: basic: non_plat: Allow mediacodec to read vendor_mtk_hdr_video_prop" 
We did not have necessary rules for vendor_init to set this
but apparently this rule is completely unnecessary anyways.
Labelling this under the vendor_default_prop domain is enough.

This reverts commit 6f21f83c672af237827e0335cd566c1ce4810735.

Change-Id: Ic053bfed210562c173d14f2399c155cba0e9a4f2
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
 2023-03-19 22:50:35 +02:00
LinkBoi00
062b82634e sepolicy: basic: non_plat: Allow audio HAL to read and write vendor_mtk_audio_prop 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I309a6f8e7609b07f1b089ef1bac9b469a3d9e6d4
 2023-03-08 12:56:22 +01:00
LinkBoi00
40db888e15 sepolicy: basic: non_plat: Label a few more audio properties 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I1f9d4c11e84054d34ef83784ffa243acb67c26cf
 2023-03-08 12:56:09 +01:00
LinkBoi00
80ca7b0e68 sepolicy: basic: non_plat: Allow rild to access NVRAM HAL 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: Ifdd22bc48d86270a30b9fbbc1b64e654fd4713fa
 2023-03-08 12:56:09 +01:00
LinkBoi00
4683bfcc08 sepolicy: basic: non_plat: Label microtrust SE service 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: Id31ce8ccb57c128ba4637e70d4abd466aeedb20f
 2023-03-08 12:56:09 +01:00
LinkBoi00
d62a4a891d
sepolicy: basic: non_plat: Label all versioned secure_element services 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I6d314bbc779f9e20157f1886a016758d00fb5e44
 2023-02-05 17:37:10 +02:00
LinkBoi00
6b4f51c3b5
sepolicy: basic: non_plat: Label proper location for libaiselector.so 
Some devices may move this library from the default location

Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I508cb911fa0264339ed4a29d514bf14966c9528c
 2023-02-05 17:36:26 +02:00
Zinadin Zidan
3c90852f99 sepolicy: basic: non_plat: Allow mtk fm app to access /dev/fm 
Signed-off-by: Zinadin Zidan <zidan44@pixelexperience.org>
Change-Id: Ie9f4593ae6d122505b39ba212cce939375c7f447
 2023-01-02 23:50:36 +01:00