NekoSakura/Android_Device_Mediatek_Sepolicy_Vndr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
97 Commits 2 Branches 0 Tags
Commit Graph

97 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Giovanni Ricca
532b60ca02
sepolicy: Guard invalid labels 
* MTK devices with R vendor and older still depends on those labels

Change-Id: If2e78d5a22722b0038afbb6f9a651bc073b8f4c8
 2023-12-28 11:50:04 +01:00
Giovanni Ricca
6de1ec34cc
bsp: plat_private: Define mtk_hal_sf_service 
Change-Id: I1d3e52b574c09505a77161a5508f4960dad3250f
 2023-12-27 22:33:42 +00:00
Giovanni Ricca
c420b9b98e
bsp: non_plat: Remove duplicate labels 
Change-Id: I86f4700a6a2e123f7693eda5daf088011bd2c35a
 2023-12-27 22:31:18 +00:00
bengris32
a55780d6aa
bsp: plat_private: Allow radio to get system_mtk_vodata_prop 
Change-Id: Ie95160741a6e7a5c9955992a267163bf733c296f
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-12-25 12:14:15 +00:00
Felix
461b31145f
sepolicy: Use BOARD_VENDOR_SEPOLICY_DIRS 
BOARD_SEPOLICY_DIRS is deprecated.

Change-Id: I046282b2a2e8c541726fb29cb0044503322d4be9
 2023-12-22 16:31:24 +00:00
bengris32
88ca19b34a
basic: non_plat: Label MediaTek audio service 
Change-Id: Ibf4a8bcde2425d30eb809a35501723c9630fd343
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-12-21 17:02:20 +00:00
bengris32
c5509c7506
basic: non_plat: Label AIDL thermal service 
Change-Id: I19e9081bb7437ab05100ac21800a452d4f683ea7
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-12-19 22:41:31 +00:00
Sarthak Roy
2864204ce0 sepolicy: Drop duplicate declaration of mediaserver64/drmserver64 
Signed-off-by: Sarthak Roy <sarthakroy2002@gmail.com>
Change-Id: I0f0365395d1040febadd533898dce66d001ddcca
 2023-10-29 17:44:17 +00:00
SamarV-121
a58d7459e5 sepolicy: isolated_app -> isolated_app_all 
* neverallow

Change-Id: If7dbddf30472de3b7c04c2e4f9a27e03e6ada619
 2023-10-29 17:44:17 +00:00
Sarthak Roy
d0ef16e8db sepolicy: Drop fuseblk duplicate declaration 
* 30ae427ed0%5E%21/#F7

Signed-off-by: Sarthak Roy <sarthakroy2002@gmail.com>
Change-Id: I502237dc1712bcb8a542ad604d907bd3de363e63
 2023-10-29 17:44:11 +00:00
bengris32
f3e97c194d
basic: non_plat: Label AIDL ST NFC service 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-10-23 23:25:58 +01:00
bengris32
fd99152e17
basic: non_plat: Allow rebalance_interrupts to read affected_cpus 
Change-Id: I2bd9a7e71033a0cf91b93531c5fb41d302796397
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-09-05 13:18:58 +01:00
bengris32
011d637e43
basic: non_plat: Import pixel rebalance_interrupts rules 
Change-Id: Idb03fd0632995e52cc9b9f008bd46002a6cc1628
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-09-05 13:12:00 +01:00
bengris32
1313d51047
treewide: Completely drop mtk_hal_audio type 
* We can just use AOSP's hal_audio_default. This removes the
  need for a renamed audio service.

Change-Id: Id698bd318194c942ea117aefde7ff7864216e1e3
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-09-05 00:06:24 +01:00
bengris32
a75fe8033b
basic: non_plat: Label AIDL ConsumerIr service 
Change-Id: I8f60b1180234a2cc9239f291e89beb407d8cd830
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-09-04 23:59:45 +01:00
Woomymy
5deeb70766
basic: non_plat: Kang pixel thermal SEPolicy 
* From hardware/google/pixel-sepolicy/thermal

[Woomymy]: Fix conflicts with mediatek common sepolicy
Change-Id: Ida6d12314cc81d11df33111472b08c71e62a96b5
Signed-off-by: Woomymy <woomy@woomy.be>
 2023-09-04 23:11:05 +01:00
bengris32
572ec1ab71
basic: non_plat: Label AIDL MediaTek USB service 
Change-Id: I88489daf72be4eff43126275be9985ef23deaeab
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-09-04 22:58:39 +01:00
SamarV-121
246b7d6cbf
basic: non_plat: Label MediaTek health AIDL 
Change-Id: I643ae8a4a0e87621105a91f08030b2a6b8845ef6
 2023-08-29 12:20:09 +01:00
Woomymy
9817fe434d
basic: non_plat: Allow communication between mtk_hal_power and hal_power_default 
Change-Id: I1c9f879ca89702e32a912c4e4a147365b718ed22
 2023-08-18 22:16:42 +01:00
bengris32
0f211dd090
basic: non_plat: Share PowerHAL property for libperf and mtkpower 
Change-Id: If1cb7ba044925cc0b15f144dfea1743f6c59ef84
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-16 21:23:43 +01:00
Erfan Abdi
c322485915
sepolicy: bsp: private: Add support for T ims 
Change-Id: Ifbbbeb994d570f8f165c974bd5ef5a0adddd6ab0
 2023-08-07 15:03:49 +01:00
bengris32
526d1f2d0e
sepolicy: basic: non_plat: Allow {vendor_}init to write to sysfs_devices_block 
* Init adjusts discard_max_bytes.

Change-Id: I00b80a62aad8fe201d501f42127812158158b1fa
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:37 +01:00
bengris32
63f03be658
sepolicy: basic: non_plat: Allow vendor_init to adjust dirty_writeback_centisecs 
Change-Id: I46b3f5c61c9f85c0774d1ded05aaf77114139fce
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:36 +01:00
bengris32
d73d1700e3
sepolicy: basic: non_plat: Allow Sensors HAL to write to SCP log 
Change-Id: I51887fd93ed97e96de214383c20b6b905af2347e
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:36 +01:00
bengris32
e4dbda893d
sepolicy: basic: non_plat: Allow PQ HAL to use /dev/ion 
Change-Id: I096876eb593745a30806ebcb23b78100819ecb7b
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:36 +01:00
bengris32
16d912d4b2
sepolicy: basic: non_plat: Label 13000000.mali memtrack nodes 
Change-Id: I44dae5f9fceba3dd9e7fe0989aeaff1faf01c466
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:36 +01:00
bengris32
7d3ebfc10b
sepolicy: basic: non_plat: Label /class/thermal sysfs 
Change-Id: Id41e9a73ac36f110ef2b083fc49e435b4aef11c0
Signed-off-by: bengris32 <bengris32@protonmail.ch>
 2023-08-07 15:03:33 +01:00
nift4
baea66a53f sepolicy_vndr: add sepolicy for power off alarm 
Change-Id: Id58c4819ccb51e42158c4af39cf9245f206f9fb9
 2023-07-23 16:48:11 +02:00
SamarV-121
431046546e
sepolicy: Add rules for mediatek mali memtrack HAL 
Change-Id: I0591fea2c492ea2a5613b9af17bcc1384fd31b76
 2023-05-08 00:44:05 +05:30
Vaisakh Murali
168dfe22c0
sepolicy: Initial sepolicy for power-libperfmgr 
Change-Id: Id2f47056b9e25e3663281b4cbe210e7715969d9d
 2023-04-27 22:26:16 +05:30
bengris32
d3173a129b
sepolicy: Label stub mtkpower service 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I1d3d6be0cbd2bcc73e4654ec4b58f68473f9af7f
 2023-04-27 22:25:50 +05:30
SamarV-121
cd4658785d
sepolicy: Label thunderquake_engine nodes 
Change-Id: Iea2ff7e3539ea74df75fb9d4f1cb69197e60b39d
 2023-04-27 22:25:38 +05:30
SamarV-121
6c1dc1cc06
sepolicy: Allow init to create xcap sockets 
I auditd  : type=1400 audit(0.0:191): avc: denied { create } for comm="init" name="vendor.xcap" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0

Change-Id: I44fade622638a8ea64afcb6569515ca2c231c84c
 2023-04-27 14:43:59 +05:30
SamarV-121
8c706294c1
sepolicy: Add rules for xcap 
Change-Id: I19c1f971b08e8d08f9c44d33b8036a267eee1e99
 2023-04-27 14:43:54 +05:30
SamarV-121
22b3052286
sepolicy: Allow init to create wfca_rds sockets 
I auditd  : type=1400 audit(0.0:196): avc: denied { create } for comm="init" name="wfca_rds" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0

Change-Id: I6205d0ac2e30e0558f1a1ba3b57283c433c8ac0b
 2023-04-27 14:43:49 +05:30
LinkBoi00
5800f20308
Revert "sepolicy: basic: non_plat: Allow mediacodec to read vendor_mtk_hdr_video_prop" 
We did not have necessary rules for vendor_init to set this
but apparently this rule is completely unnecessary anyways.
Labelling this under the vendor_default_prop domain is enough.

This reverts commit 6f21f83c672af237827e0335cd566c1ce4810735.

Change-Id: Ic053bfed210562c173d14f2399c155cba0e9a4f2
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
 2023-03-19 22:50:35 +02:00
LinkBoi00
062b82634e sepolicy: basic: non_plat: Allow audio HAL to read and write vendor_mtk_audio_prop 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I309a6f8e7609b07f1b089ef1bac9b469a3d9e6d4
 2023-03-08 12:56:22 +01:00
LinkBoi00
40db888e15 sepolicy: basic: non_plat: Label a few more audio properties 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I1f9d4c11e84054d34ef83784ffa243acb67c26cf
 2023-03-08 12:56:09 +01:00
LinkBoi00
80ca7b0e68 sepolicy: basic: non_plat: Allow rild to access NVRAM HAL 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: Ifdd22bc48d86270a30b9fbbc1b64e654fd4713fa
 2023-03-08 12:56:09 +01:00
LinkBoi00
4683bfcc08 sepolicy: basic: non_plat: Label microtrust SE service 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: Id31ce8ccb57c128ba4637e70d4abd466aeedb20f
 2023-03-08 12:56:09 +01:00
LinkBoi00
dc84220dbd sepolicy: bsp: plat_private: Fixup musb-hdrc cmode device typo 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I972c7af0d7ec2f0f85f317d4e0135045c82917a9
 2023-02-11 13:15:56 +01:00
LinkBoi00
d62a4a891d
sepolicy: basic: non_plat: Label all versioned secure_element services 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I6d314bbc779f9e20157f1886a016758d00fb5e44
 2023-02-05 17:37:10 +02:00
LinkBoi00
6b4f51c3b5
sepolicy: basic: non_plat: Label proper location for libaiselector.so 
Some devices may move this library from the default location

Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I508cb911fa0264339ed4a29d514bf14966c9528c
 2023-02-05 17:36:26 +02:00
Zinadin Zidan
3c90852f99 sepolicy: basic: non_plat: Allow mtk fm app to access /dev/fm 
Signed-off-by: Zinadin Zidan <zidan44@pixelexperience.org>
Change-Id: Ie9f4593ae6d122505b39ba212cce939375c7f447
 2023-01-02 23:50:36 +01:00
Matsvei Niaverau
3de9a934ad sepolicy: basic: non_plat: Label all versions of MMS service 
Change-Id: Ibd41320e5152f7a96143e7967eac9d74e69f3564
 2023-01-02 23:50:27 +01:00
SamarV-121
a5ba3aa187 sepolicy: basic: non_plat: Allow mediacodec to read sysfs_boot_mode 
W omx@1.0-service: type=1400 audit(0.0:3382): avc: denied { read } for name="boot_mode" dev="sysfs" ino=7123 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs_boot_mode:s0 tclass=file permissive=0
E PQ      : [PQ][PQConfig] fail to open: /sys/class/BOOT/BOOT/boot/boot_mode

Change-Id: I1246c6e3290e39968f6fd309c37fcb639178fa14
 2023-01-02 23:50:20 +01:00
SamarV-121
b924fa4058 sepolicy: basic: non_plat: Add selinux rules for mtkcodecservice HAL 
Change-Id: Ia024bc02b07c45c17475005b4216baa50cee9c13
 2023-01-02 23:50:10 +01:00
SamarV-121
ca74f59339 sepolicy: basic: non_plat: Address vpud_native denials 
Change-Id: I4be2decf9e054e5313b7fcc7098f26248e708bbb
 2023-01-02 23:50:00 +01:00
SamarV-121
440f5f9ee7 sepolicy: basic: non_plat: Address mediaswcodec denials 
W oid.avc.decoder: type=1400 audit(0.0:642): avc: denied { connectto } for path="/dev/socket/logdr" scontext=u:r:mediaswcodec:s0 tcontext=u:r:logd:s0 tclass=unix_stream_socket permissive=0
I auditd  : type=1400 audit(0.0:1352): avc: denied { write } for comm="oid.avc.decoder" name="logdr" dev="tmpfs" ino=9467 scontext=u:r:mediaswcodec:s0 tcontext=u:object_r:logdr_socket:s0 tclass=sock_file permissive=0
crash log: https://pastebin.com/raw/Lhwhhbr0

Change-Id: Ia53ee584c82875e8bce032e0869ae58f60c52217
 2023-01-02 23:49:54 +01:00
SamarV-121
173aae2fb1 sepolicy: bsp: non_plat: Grant all network permissions to ipsec_mon 
Change-Id: I01ffcf9cc31332f45f9a1d3120c6d2946d3dc650
 2023-01-02 23:49:48 +01:00