NekoSakura/Android_Device_Mediatek_Sepolicy_Vndr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78 Commits 2 Branches 0 Tags
Commit Graph

78 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
bengris32
0f211dd090
basic: non_plat: Share PowerHAL property for libperf and mtkpower 
Change-Id: If1cb7ba044925cc0b15f144dfea1743f6c59ef84
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-16 21:23:43 +01:00
Erfan Abdi
c322485915
sepolicy: bsp: private: Add support for T ims 
Change-Id: Ifbbbeb994d570f8f165c974bd5ef5a0adddd6ab0
 2023-08-07 15:03:49 +01:00
bengris32
526d1f2d0e
sepolicy: basic: non_plat: Allow {vendor_}init to write to sysfs_devices_block 
* Init adjusts discard_max_bytes.

Change-Id: I00b80a62aad8fe201d501f42127812158158b1fa
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:37 +01:00
bengris32
63f03be658
sepolicy: basic: non_plat: Allow vendor_init to adjust dirty_writeback_centisecs 
Change-Id: I46b3f5c61c9f85c0774d1ded05aaf77114139fce
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:36 +01:00
bengris32
d73d1700e3
sepolicy: basic: non_plat: Allow Sensors HAL to write to SCP log 
Change-Id: I51887fd93ed97e96de214383c20b6b905af2347e
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:36 +01:00
bengris32
e4dbda893d
sepolicy: basic: non_plat: Allow PQ HAL to use /dev/ion 
Change-Id: I096876eb593745a30806ebcb23b78100819ecb7b
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:36 +01:00
bengris32
16d912d4b2
sepolicy: basic: non_plat: Label 13000000.mali memtrack nodes 
Change-Id: I44dae5f9fceba3dd9e7fe0989aeaff1faf01c466
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:36 +01:00
bengris32
7d3ebfc10b
sepolicy: basic: non_plat: Label /class/thermal sysfs 
Change-Id: Id41e9a73ac36f110ef2b083fc49e435b4aef11c0
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:33 +01:00
nift4
baea66a53f sepolicy_vndr: add sepolicy for power off alarm 
Change-Id: Id58c4819ccb51e42158c4af39cf9245f206f9fb9
 2023-07-23 16:48:11 +02:00
SamarV-121
431046546e
sepolicy: Add rules for mediatek mali memtrack HAL 
Change-Id: I0591fea2c492ea2a5613b9af17bcc1384fd31b76
 2023-05-08 00:44:05 +05:30
Vaisakh Murali
168dfe22c0
sepolicy: Initial sepolicy for power-libperfmgr 
Change-Id: Id2f47056b9e25e3663281b4cbe210e7715969d9d
 2023-04-27 22:26:16 +05:30
bengris32
d3173a129b
sepolicy: Label stub mtkpower service 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I1d3d6be0cbd2bcc73e4654ec4b58f68473f9af7f
 2023-04-27 22:25:50 +05:30
SamarV-121
cd4658785d
sepolicy: Label thunderquake_engine nodes 
Change-Id: Iea2ff7e3539ea74df75fb9d4f1cb69197e60b39d
 2023-04-27 22:25:38 +05:30
SamarV-121
6c1dc1cc06
sepolicy: Allow init to create xcap sockets 
I auditd  : type=1400 audit(0.0:191): avc: denied { create } for comm="init" name="vendor.xcap" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0

Change-Id: I44fade622638a8ea64afcb6569515ca2c231c84c
 2023-04-27 14:43:59 +05:30
SamarV-121
8c706294c1
sepolicy: Add rules for xcap 
Change-Id: I19c1f971b08e8d08f9c44d33b8036a267eee1e99
 2023-04-27 14:43:54 +05:30
SamarV-121
22b3052286
sepolicy: Allow init to create wfca_rds sockets 
I auditd  : type=1400 audit(0.0:196): avc: denied { create } for comm="init" name="wfca_rds" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0

Change-Id: I6205d0ac2e30e0558f1a1ba3b57283c433c8ac0b
 2023-04-27 14:43:49 +05:30
LinkBoi00
5800f20308
Revert "sepolicy: basic: non_plat: Allow mediacodec to read vendor_mtk_hdr_video_prop" 
We did not have necessary rules for vendor_init to set this
but apparently this rule is completely unnecessary anyways.
Labelling this under the vendor_default_prop domain is enough.

This reverts commit 6f21f83c672af237827e0335cd566c1ce4810735.

Change-Id: Ic053bfed210562c173d14f2399c155cba0e9a4f2
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
 2023-03-19 22:50:35 +02:00
LinkBoi00
062b82634e sepolicy: basic: non_plat: Allow audio HAL to read and write vendor_mtk_audio_prop 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I309a6f8e7609b07f1b089ef1bac9b469a3d9e6d4
 2023-03-08 12:56:22 +01:00
LinkBoi00
40db888e15 sepolicy: basic: non_plat: Label a few more audio properties 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I1f9d4c11e84054d34ef83784ffa243acb67c26cf
 2023-03-08 12:56:09 +01:00
LinkBoi00
80ca7b0e68 sepolicy: basic: non_plat: Allow rild to access NVRAM HAL 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: Ifdd22bc48d86270a30b9fbbc1b64e654fd4713fa
 2023-03-08 12:56:09 +01:00
LinkBoi00
4683bfcc08 sepolicy: basic: non_plat: Label microtrust SE service 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: Id31ce8ccb57c128ba4637e70d4abd466aeedb20f
 2023-03-08 12:56:09 +01:00
LinkBoi00
dc84220dbd sepolicy: bsp: plat_private: Fixup musb-hdrc cmode device typo 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I972c7af0d7ec2f0f85f317d4e0135045c82917a9
 2023-02-11 13:15:56 +01:00
LinkBoi00
d62a4a891d
sepolicy: basic: non_plat: Label all versioned secure_element services 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I6d314bbc779f9e20157f1886a016758d00fb5e44
 2023-02-05 17:37:10 +02:00
LinkBoi00
6b4f51c3b5
sepolicy: basic: non_plat: Label proper location for libaiselector.so 
Some devices may move this library from the default location

Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I508cb911fa0264339ed4a29d514bf14966c9528c
 2023-02-05 17:36:26 +02:00
Zinadin Zidan
3c90852f99 sepolicy: basic: non_plat: Allow mtk fm app to access /dev/fm 
Signed-off-by: Zinadin Zidan <zidan44@pixelexperience.org>
Change-Id: Ie9f4593ae6d122505b39ba212cce939375c7f447
 2023-01-02 23:50:36 +01:00
Matsvei Niaverau
3de9a934ad sepolicy: basic: non_plat: Label all versions of MMS service 
Change-Id: Ibd41320e5152f7a96143e7967eac9d74e69f3564
 2023-01-02 23:50:27 +01:00
SamarV-121
a5ba3aa187 sepolicy: basic: non_plat: Allow mediacodec to read sysfs_boot_mode 
W omx@1.0-service: type=1400 audit(0.0:3382): avc: denied { read } for name="boot_mode" dev="sysfs" ino=7123 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs_boot_mode:s0 tclass=file permissive=0
E PQ      : [PQ][PQConfig] fail to open: /sys/class/BOOT/BOOT/boot/boot_mode

Change-Id: I1246c6e3290e39968f6fd309c37fcb639178fa14
 2023-01-02 23:50:20 +01:00
SamarV-121
b924fa4058 sepolicy: basic: non_plat: Add selinux rules for mtkcodecservice HAL 
Change-Id: Ia024bc02b07c45c17475005b4216baa50cee9c13
 2023-01-02 23:50:10 +01:00
SamarV-121
ca74f59339 sepolicy: basic: non_plat: Address vpud_native denials 
Change-Id: I4be2decf9e054e5313b7fcc7098f26248e708bbb
 2023-01-02 23:50:00 +01:00
SamarV-121
440f5f9ee7 sepolicy: basic: non_plat: Address mediaswcodec denials 
W oid.avc.decoder: type=1400 audit(0.0:642): avc: denied { connectto } for path="/dev/socket/logdr" scontext=u:r:mediaswcodec:s0 tcontext=u:r:logd:s0 tclass=unix_stream_socket permissive=0
I auditd  : type=1400 audit(0.0:1352): avc: denied { write } for comm="oid.avc.decoder" name="logdr" dev="tmpfs" ino=9467 scontext=u:r:mediaswcodec:s0 tcontext=u:object_r:logdr_socket:s0 tclass=sock_file permissive=0
crash log: https://pastebin.com/raw/Lhwhhbr0

Change-Id: Ia53ee584c82875e8bce032e0869ae58f60c52217
 2023-01-02 23:49:54 +01:00
SamarV-121
173aae2fb1 sepolicy: bsp: non_plat: Grant all network permissions to ipsec_mon 
Change-Id: I01ffcf9cc31332f45f9a1d3120c6d2946d3dc650
 2023-01-02 23:49:48 +01:00
SamarV-121
6f21f83c67 sepolicy: basic: non_plat: Allow mediacodec to read vendor_mtk_hdr_video_prop 
Change-Id: I2d2f602a298f2967b798ac00ce73dac1ec84bb18
 2023-01-02 23:49:38 +01:00
SamarV-121
8a583e3348 sepolicy: basic: non_plat: Allow mediacodec to read some props 
W omx@1.0-service: type=1400 audit(0.0:117): avc: denied { open } for path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=12368 scontext=u:r:mediacodec:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
W libc    : Access denied finding property "ro.mtk_deinterlace_support"
W libc    : Access denied finding property "ro.mtk_crossmount_support"
W libc    : Access denied finding property "mtk.vendor.omx.core.log"

Change-Id: I14cbe8a4e6a7892b0b34d05c86b68281291d6579
 2023-01-02 23:49:27 +01:00
SamarV-121
224041dad4 sepolicy: basic: plat_private: Remove mapping files 
Change-Id: I4d89bae940f6a367e3cf47fa52283bda689150d6
 2023-01-02 23:49:22 +01:00
Matsvei Niaverau
f40f049d12 fixup! sepolicy: basic: non_plat: Add rules for MediaTek GPU HAL * Dropped in S sepolicy but we need it since we have blobs from R. 
Change-Id: I6a232495fcf9087cfbc8212806bb805d50cad091
 2023-01-02 23:49:16 +01:00
bengris32
812fea90fa sepolicy: basic: non_plat: Allow all unstrusted apps to read thermal info 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I84215736966a2e6637483f74b307442436b17c30
 2023-01-02 23:49:01 +01:00
bengris32
952e2e6368 sepolicy: basic: non_plat: Drop proc_cpu_alignment type 
* Moved into AOSP sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I531fed8839ed7c667e21fc4d370427f1094cd50e
 2023-01-02 23:48:55 +01:00
TheMalachite
e24c0688e9 sepolicy: bsp: Fix Netflix widevine L1 denies 
Change-Id: I9553462fea01deb7d953d0c885218d3490dcfee7
Reviewed-on: https://review.statixos.com/c/android_device_mediatek_sepolicy_vndr/+/7763
Reviewed-by: Vaisakh Murali <mvaisakh@statixos.com>
Tested-by: Vaisakh Murali <mvaisakh@statixos.com>
 2023-01-02 23:48:50 +01:00
bengris32
695d5c0359 sepolicy: basic: non_plat: Address Audio HAL tcp_socket neverallow 
* Due to system SEPolicy/audioserver changes in Android 13,
  mtk_hal_audio needs to be allowed to create and use TCP sockets.
Signed-off-by: bengris32 <bengris32@protonmail.ch>

Change-Id: I8d1d0034dfeb64ede815f7c7c7249ee034dd9528
 2023-01-02 23:48:40 +01:00
bengris32
0f2e6efe70 sepolicy: basic: non_plat: Drop proc_watermark_boost_factor type 
* Already defined in AOSP sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I816928df2d63b0076170478660c5892b6aa391d7
 2023-01-02 23:48:33 +01:00
bengris32
b2fd09835a sepolicy: basic: non_plat: Drop proc_watermark_scale_factor type 
* Defined in AOSP T sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I0de4eef26238c2414adcdfe658173a0cac2dfc82
 2023-01-02 23:48:24 +01:00
bengris32
a17351d505 sepolicy: basic: non_plat: Rename sysfs_gpu to sysfs_gpu_mtk 
* A duplicate type is already defined in AOSP sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I8721e4556aaabd1202a5b3c6b8bd44b6ce95ca43
 2023-01-02 23:48:15 +01:00
bengris32
13193b0c71 sepolicy: basic: non_plat: Drop sysfs_block type 
* The sysfs_block type was removed in the T sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ib301a4b49d1a74013923fc6c56ade1a2a3c5c13d
 2023-01-02 23:48:05 +01:00
bengris32
3538c267c2 sepolicy: basic: non_plat: Add rules for MediaTek GPU HAL 
* Dropped in S sepolicy but we need it since we have
  blobs from R.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ifb8fa7d8e28b1d74c1bf3ea6b817afd3c84a90c6
 2023-01-02 23:47:59 +01:00
bengris32
9235669c21 sepolicy: bsp: non_plat: Label camera debuglog props 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I5c3c83f5d655426b1fce1fa43b3bcb7f009ee624
 2023-01-02 23:47:52 +01:00
Vaisakh Murali
aea3299924 sepolicy: Build with broken namespaces 
The userspace blobs that we have are proprietary. Rather than hex
editing each one of those blobs to match the allowed namespaces, it
is better to avoid the restriction as a whole.
This is needed until we have newer userspace blobs with proper
property namespaces allowed by the VTS.

Signed-off-by: Vaisakh Murali <mvaisakh@statixos.com>
Change-Id: I2abc9821f28885a89cf8905a58475a68766d38d2
Reviewed-on: https://review.statixos.com/c/android_device_mediatek_sepolicy_vndr/+/6330
Reviewed-by: Vaisakh Murali <vaisakhmurali@gmail.com>
Tested-by: Vaisakh Murali <vaisakhmurali@gmail.com>
 2023-01-02 23:47:43 +01:00
bengris32
6f37ffbe81 sepolicy: bsp: non_plat: Label ril.cdma.inecmmode property 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I9dbbc28d5c3b047c1fce6e759e88c432f254242f
 2023-01-02 23:47:36 +01:00
bengris32
7dde2a48b4 sepolicy: basic: non_plat: Label MediaTek latch_unsignaled property 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ie217b7a61701452a4b49a74af8720d286e8b8266
 2023-01-02 23:47:27 +01:00
Vaisakh Murali
efb8514231 sepolicy: basic/non_plat: Allow nvram_daemon to search gsi_metadata 
Change-Id: Iec92c6e142e7c080876aa33ea90a20c76a49180e
 2023-01-02 23:47:19 +01:00
Zinadin Zidan
8b8dc4fb5f sepolicy: basic: non_plat: Allow nvram_daemon to search metadata files 
Signed-off-by: Zinadin Zidan <zidan44@pixelexperience.org>
Change-Id: Ib74216772112fb8613d4de3178a2777dc5dc7d7e
 2023-01-02 23:47:15 +01:00