Android_Device_Mediatek_Sepolicy_Vndr

NekoSakura/Android_Device_Mediatek_Sepolicy_Vndr

Author	SHA1	Message	Date
bengris32	011d637e43	basic: non_plat: Import pixel `rebalance_interrupts` rules Change-Id: Idb03fd0632995e52cc9b9f008bd46002a6cc1628 Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-09-05 13:12:00 +01:00
bengris32	1313d51047	treewide: Completely drop `mtk_hal_audio` type * We can just use AOSP's hal_audio_default. This removes the need for a renamed audio service. Change-Id: Id698bd318194c942ea117aefde7ff7864216e1e3 Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-09-05 00:06:24 +01:00
bengris32	a75fe8033b	basic: non_plat: Label AIDL ConsumerIr service Change-Id: I8f60b1180234a2cc9239f291e89beb407d8cd830 Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-09-04 23:59:45 +01:00
Woomymy	5deeb70766	basic: non_plat: Kang pixel thermal SEPolicy * From hardware/google/pixel-sepolicy/thermal [Woomymy]: Fix conflicts with mediatek common sepolicy Change-Id: Ida6d12314cc81d11df33111472b08c71e62a96b5 Signed-off-by: Woomymy <woomy@woomy.be>	2023-09-04 23:11:05 +01:00
bengris32	572ec1ab71	basic: non_plat: Label AIDL MediaTek USB service Change-Id: I88489daf72be4eff43126275be9985ef23deaeab Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-09-04 22:58:39 +01:00
SamarV-121	246b7d6cbf	basic: non_plat: Label MediaTek health AIDL Change-Id: I643ae8a4a0e87621105a91f08030b2a6b8845ef6	2023-08-29 12:20:09 +01:00
Woomymy	9817fe434d	basic: non_plat: Allow communication between mtk_hal_power and hal_power_default Change-Id: I1c9f879ca89702e32a912c4e4a147365b718ed22	2023-08-18 22:16:42 +01:00
bengris32	0f211dd090	basic: non_plat: Share PowerHAL property for libperf and mtkpower Change-Id: If1cb7ba044925cc0b15f144dfea1743f6c59ef84 Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-08-16 21:23:43 +01:00
Erfan Abdi	c322485915	sepolicy: bsp: private: Add support for T ims Change-Id: Ifbbbeb994d570f8f165c974bd5ef5a0adddd6ab0	2023-08-07 15:03:49 +01:00
bengris32	526d1f2d0e	sepolicy: basic: non_plat: Allow {vendor_}init to write to sysfs_devices_block * Init adjusts discard_max_bytes. Change-Id: I00b80a62aad8fe201d501f42127812158158b1fa Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-08-07 15:03:37 +01:00
bengris32	63f03be658	sepolicy: basic: non_plat: Allow vendor_init to adjust dirty_writeback_centisecs Change-Id: I46b3f5c61c9f85c0774d1ded05aaf77114139fce Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-08-07 15:03:36 +01:00
bengris32	d73d1700e3	sepolicy: basic: non_plat: Allow Sensors HAL to write to SCP log Change-Id: I51887fd93ed97e96de214383c20b6b905af2347e Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-08-07 15:03:36 +01:00
bengris32	e4dbda893d	sepolicy: basic: non_plat: Allow PQ HAL to use /dev/ion Change-Id: I096876eb593745a30806ebcb23b78100819ecb7b Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-08-07 15:03:36 +01:00
bengris32	16d912d4b2	sepolicy: basic: non_plat: Label 13000000.mali memtrack nodes Change-Id: I44dae5f9fceba3dd9e7fe0989aeaff1faf01c466 Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-08-07 15:03:36 +01:00
bengris32	7d3ebfc10b	sepolicy: basic: non_plat: Label /class/thermal sysfs Change-Id: Id41e9a73ac36f110ef2b083fc49e435b4aef11c0 Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-08-07 15:03:33 +01:00
nift4	baea66a53f	sepolicy_vndr: add sepolicy for power off alarm Change-Id: Id58c4819ccb51e42158c4af39cf9245f206f9fb9	2023-07-23 16:48:11 +02:00
SamarV-121	431046546e	sepolicy: Add rules for mediatek mali memtrack HAL Change-Id: I0591fea2c492ea2a5613b9af17bcc1384fd31b76	2023-05-08 00:44:05 +05:30
Vaisakh Murali	168dfe22c0	sepolicy: Initial sepolicy for power-libperfmgr Change-Id: Id2f47056b9e25e3663281b4cbe210e7715969d9d	2023-04-27 22:26:16 +05:30
bengris32	d3173a129b	sepolicy: Label stub mtkpower service Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I1d3d6be0cbd2bcc73e4654ec4b58f68473f9af7f	2023-04-27 22:25:50 +05:30
SamarV-121	cd4658785d	sepolicy: Label thunderquake_engine nodes Change-Id: Iea2ff7e3539ea74df75fb9d4f1cb69197e60b39d	2023-04-27 22:25:38 +05:30
SamarV-121	6c1dc1cc06	sepolicy: Allow init to create xcap sockets I auditd : type=1400 audit(0.0:191): avc: denied { create } for comm="init" name="vendor.xcap" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0 Change-Id: I44fade622638a8ea64afcb6569515ca2c231c84c	2023-04-27 14:43:59 +05:30
SamarV-121	8c706294c1	sepolicy: Add rules for xcap Change-Id: I19c1f971b08e8d08f9c44d33b8036a267eee1e99	2023-04-27 14:43:54 +05:30
SamarV-121	22b3052286	sepolicy: Allow init to create wfca_rds sockets I auditd : type=1400 audit(0.0:196): avc: denied { create } for comm="init" name="wfca_rds" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0 Change-Id: I6205d0ac2e30e0558f1a1ba3b57283c433c8ac0b	2023-04-27 14:43:49 +05:30
LinkBoi00	5800f20308	Revert "sepolicy: basic: non_plat: Allow mediacodec to read vendor_mtk_hdr_video_prop" We did not have necessary rules for vendor_init to set this but apparently this rule is completely unnecessary anyways. Labelling this under the vendor_default_prop domain is enough. This reverts commit 6f21f83c672af237827e0335cd566c1ce4810735. Change-Id: Ic053bfed210562c173d14f2399c155cba0e9a4f2 Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>	2023-03-19 22:50:35 +02:00
LinkBoi00	062b82634e	sepolicy: basic: non_plat: Allow audio HAL to read and write vendor_mtk_audio_prop Signed-off-by: LinkBoi00 <linkdevel@protonmail.com> Change-Id: I309a6f8e7609b07f1b089ef1bac9b469a3d9e6d4	2023-03-08 12:56:22 +01:00
LinkBoi00	40db888e15	sepolicy: basic: non_plat: Label a few more audio properties Signed-off-by: LinkBoi00 <linkdevel@protonmail.com> Change-Id: I1f9d4c11e84054d34ef83784ffa243acb67c26cf	2023-03-08 12:56:09 +01:00
LinkBoi00	80ca7b0e68	sepolicy: basic: non_plat: Allow rild to access NVRAM HAL Signed-off-by: LinkBoi00 <linkdevel@protonmail.com> Change-Id: Ifdd22bc48d86270a30b9fbbc1b64e654fd4713fa	2023-03-08 12:56:09 +01:00
LinkBoi00	4683bfcc08	sepolicy: basic: non_plat: Label microtrust SE service Signed-off-by: LinkBoi00 <linkdevel@protonmail.com> Change-Id: Id31ce8ccb57c128ba4637e70d4abd466aeedb20f	2023-03-08 12:56:09 +01:00
LinkBoi00	dc84220dbd	sepolicy: bsp: plat_private: Fixup musb-hdrc cmode device typo Signed-off-by: LinkBoi00 <linkdevel@protonmail.com> Change-Id: I972c7af0d7ec2f0f85f317d4e0135045c82917a9	2023-02-11 13:15:56 +01:00
LinkBoi00	d62a4a891d	sepolicy: basic: non_plat: Label all versioned secure_element services Signed-off-by: LinkBoi00 <linkdevel@protonmail.com> Change-Id: I6d314bbc779f9e20157f1886a016758d00fb5e44	2023-02-05 17:37:10 +02:00
LinkBoi00	6b4f51c3b5	sepolicy: basic: non_plat: Label proper location for libaiselector.so Some devices may move this library from the default location Signed-off-by: LinkBoi00 <linkdevel@protonmail.com> Change-Id: I508cb911fa0264339ed4a29d514bf14966c9528c	2023-02-05 17:36:26 +02:00
Zinadin Zidan	3c90852f99	sepolicy: basic: non_plat: Allow mtk fm app to access /dev/fm Signed-off-by: Zinadin Zidan <zidan44@pixelexperience.org> Change-Id: Ie9f4593ae6d122505b39ba212cce939375c7f447	2023-01-02 23:50:36 +01:00
Matsvei Niaverau	3de9a934ad	sepolicy: basic: non_plat: Label all versions of MMS service Change-Id: Ibd41320e5152f7a96143e7967eac9d74e69f3564	2023-01-02 23:50:27 +01:00
SamarV-121	a5ba3aa187	sepolicy: basic: non_plat: Allow mediacodec to read sysfs_boot_mode W omx@1.0-service: type=1400 audit(0.0:3382): avc: denied { read } for name="boot_mode" dev="sysfs" ino=7123 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs_boot_mode:s0 tclass=file permissive=0 E PQ : [PQ][PQConfig] fail to open: /sys/class/BOOT/BOOT/boot/boot_mode Change-Id: I1246c6e3290e39968f6fd309c37fcb639178fa14	2023-01-02 23:50:20 +01:00
SamarV-121	b924fa4058	sepolicy: basic: non_plat: Add selinux rules for mtkcodecservice HAL Change-Id: Ia024bc02b07c45c17475005b4216baa50cee9c13	2023-01-02 23:50:10 +01:00
SamarV-121	ca74f59339	sepolicy: basic: non_plat: Address vpud_native denials Change-Id: I4be2decf9e054e5313b7fcc7098f26248e708bbb	2023-01-02 23:50:00 +01:00
SamarV-121	440f5f9ee7	sepolicy: basic: non_plat: Address mediaswcodec denials W oid.avc.decoder: type=1400 audit(0.0:642): avc: denied { connectto } for path="/dev/socket/logdr" scontext=u:r:mediaswcodec:s0 tcontext=u:r:logd:s0 tclass=unix_stream_socket permissive=0 I auditd : type=1400 audit(0.0:1352): avc: denied { write } for comm="oid.avc.decoder" name="logdr" dev="tmpfs" ino=9467 scontext=u:r:mediaswcodec:s0 tcontext=u:object_r:logdr_socket:s0 tclass=sock_file permissive=0 crash log: https://pastebin.com/raw/Lhwhhbr0 Change-Id: Ia53ee584c82875e8bce032e0869ae58f60c52217	2023-01-02 23:49:54 +01:00
SamarV-121	173aae2fb1	sepolicy: bsp: non_plat: Grant all network permissions to ipsec_mon Change-Id: I01ffcf9cc31332f45f9a1d3120c6d2946d3dc650	2023-01-02 23:49:48 +01:00
SamarV-121	6f21f83c67	sepolicy: basic: non_plat: Allow mediacodec to read vendor_mtk_hdr_video_prop Change-Id: I2d2f602a298f2967b798ac00ce73dac1ec84bb18	2023-01-02 23:49:38 +01:00
SamarV-121	8a583e3348	sepolicy: basic: non_plat: Allow mediacodec to read some props W omx@1.0-service: type=1400 audit(0.0:117): avc: denied { open } for path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=12368 scontext=u:r:mediacodec:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 W libc : Access denied finding property "ro.mtk_deinterlace_support" W libc : Access denied finding property "ro.mtk_crossmount_support" W libc : Access denied finding property "mtk.vendor.omx.core.log" Change-Id: I14cbe8a4e6a7892b0b34d05c86b68281291d6579	2023-01-02 23:49:27 +01:00
SamarV-121	224041dad4	sepolicy: basic: plat_private: Remove mapping files Change-Id: I4d89bae940f6a367e3cf47fa52283bda689150d6	2023-01-02 23:49:22 +01:00
Matsvei Niaverau	f40f049d12	fixup! sepolicy: basic: non_plat: Add rules for MediaTek GPU HAL * Dropped in S sepolicy but we need it since we have blobs from R. Change-Id: I6a232495fcf9087cfbc8212806bb805d50cad091	2023-01-02 23:49:16 +01:00
bengris32	812fea90fa	sepolicy: basic: non_plat: Allow all unstrusted apps to read thermal info Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I84215736966a2e6637483f74b307442436b17c30	2023-01-02 23:49:01 +01:00
bengris32	952e2e6368	sepolicy: basic: non_plat: Drop proc_cpu_alignment type * Moved into AOSP sepolicy. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I531fed8839ed7c667e21fc4d370427f1094cd50e	2023-01-02 23:48:55 +01:00
TheMalachite	e24c0688e9	sepolicy: bsp: Fix Netflix widevine L1 denies Change-Id: I9553462fea01deb7d953d0c885218d3490dcfee7 Reviewed-on: https://review.statixos.com/c/android_device_mediatek_sepolicy_vndr/+/7763 Reviewed-by: Vaisakh Murali <mvaisakh@statixos.com> Tested-by: Vaisakh Murali <mvaisakh@statixos.com>	2023-01-02 23:48:50 +01:00
bengris32	695d5c0359	sepolicy: basic: non_plat: Address Audio HAL tcp_socket neverallow * Due to system SEPolicy/audioserver changes in Android 13, mtk_hal_audio needs to be allowed to create and use TCP sockets. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I8d1d0034dfeb64ede815f7c7c7249ee034dd9528	2023-01-02 23:48:40 +01:00
bengris32	0f2e6efe70	sepolicy: basic: non_plat: Drop proc_watermark_boost_factor type * Already defined in AOSP sepolicy. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I816928df2d63b0076170478660c5892b6aa391d7	2023-01-02 23:48:33 +01:00
bengris32	b2fd09835a	sepolicy: basic: non_plat: Drop proc_watermark_scale_factor type * Defined in AOSP T sepolicy. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I0de4eef26238c2414adcdfe658173a0cac2dfc82	2023-01-02 23:48:24 +01:00
bengris32	a17351d505	sepolicy: basic: non_plat: Rename sysfs_gpu to sysfs_gpu_mtk * A duplicate type is already defined in AOSP sepolicy. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I8721e4556aaabd1202a5b3c6b8bd44b6ce95ca43	2023-01-02 23:48:15 +01:00
bengris32	13193b0c71	sepolicy: basic: non_plat: Drop sysfs_block type * The sysfs_block type was removed in the T sepolicy. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: Ib301a4b49d1a74013923fc6c56ade1a2a3c5c13d	2023-01-02 23:48:05 +01:00

1 2

85 Commits