NekoSakura/Android_Device_Mediatek_Sepolicy_Vndr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
66 Commits 2 Branches 0 Tags
Commit Graph

52 Commits

Author SHA1 Message Date
SamarV-121
cd4658785d
sepolicy: Label thunderquake_engine nodes 
Change-Id: Iea2ff7e3539ea74df75fb9d4f1cb69197e60b39d
 2023-04-27 22:25:38 +05:30
SamarV-121
6c1dc1cc06
sepolicy: Allow init to create xcap sockets 
I auditd  : type=1400 audit(0.0:191): avc: denied { create } for comm="init" name="vendor.xcap" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0

Change-Id: I44fade622638a8ea64afcb6569515ca2c231c84c
 2023-04-27 14:43:59 +05:30
SamarV-121
8c706294c1
sepolicy: Add rules for xcap 
Change-Id: I19c1f971b08e8d08f9c44d33b8036a267eee1e99
 2023-04-27 14:43:54 +05:30
LinkBoi00
5800f20308
Revert "sepolicy: basic: non_plat: Allow mediacodec to read vendor_mtk_hdr_video_prop" 
We did not have necessary rules for vendor_init to set this
but apparently this rule is completely unnecessary anyways.
Labelling this under the vendor_default_prop domain is enough.

This reverts commit 6f21f83c672af237827e0335cd566c1ce4810735.

Change-Id: Ic053bfed210562c173d14f2399c155cba0e9a4f2
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
 2023-03-19 22:50:35 +02:00
LinkBoi00
062b82634e sepolicy: basic: non_plat: Allow audio HAL to read and write vendor_mtk_audio_prop 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I309a6f8e7609b07f1b089ef1bac9b469a3d9e6d4
 2023-03-08 12:56:22 +01:00
LinkBoi00
40db888e15 sepolicy: basic: non_plat: Label a few more audio properties 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I1f9d4c11e84054d34ef83784ffa243acb67c26cf
 2023-03-08 12:56:09 +01:00
LinkBoi00
80ca7b0e68 sepolicy: basic: non_plat: Allow rild to access NVRAM HAL 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: Ifdd22bc48d86270a30b9fbbc1b64e654fd4713fa
 2023-03-08 12:56:09 +01:00
LinkBoi00
4683bfcc08 sepolicy: basic: non_plat: Label microtrust SE service 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: Id31ce8ccb57c128ba4637e70d4abd466aeedb20f
 2023-03-08 12:56:09 +01:00
LinkBoi00
d62a4a891d
sepolicy: basic: non_plat: Label all versioned secure_element services 
Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I6d314bbc779f9e20157f1886a016758d00fb5e44
 2023-02-05 17:37:10 +02:00
LinkBoi00
6b4f51c3b5
sepolicy: basic: non_plat: Label proper location for libaiselector.so 
Some devices may move this library from the default location

Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>
Change-Id: I508cb911fa0264339ed4a29d514bf14966c9528c
 2023-02-05 17:36:26 +02:00
Zinadin Zidan
3c90852f99 sepolicy: basic: non_plat: Allow mtk fm app to access /dev/fm 
Signed-off-by: Zinadin Zidan <zidan44@pixelexperience.org>
Change-Id: Ie9f4593ae6d122505b39ba212cce939375c7f447
 2023-01-02 23:50:36 +01:00
Matsvei Niaverau
3de9a934ad sepolicy: basic: non_plat: Label all versions of MMS service 
Change-Id: Ibd41320e5152f7a96143e7967eac9d74e69f3564
 2023-01-02 23:50:27 +01:00
SamarV-121
a5ba3aa187 sepolicy: basic: non_plat: Allow mediacodec to read sysfs_boot_mode 
W omx@1.0-service: type=1400 audit(0.0:3382): avc: denied { read } for name="boot_mode" dev="sysfs" ino=7123 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs_boot_mode:s0 tclass=file permissive=0
E PQ      : [PQ][PQConfig] fail to open: /sys/class/BOOT/BOOT/boot/boot_mode

Change-Id: I1246c6e3290e39968f6fd309c37fcb639178fa14
 2023-01-02 23:50:20 +01:00
SamarV-121
b924fa4058 sepolicy: basic: non_plat: Add selinux rules for mtkcodecservice HAL 
Change-Id: Ia024bc02b07c45c17475005b4216baa50cee9c13
 2023-01-02 23:50:10 +01:00
SamarV-121
ca74f59339 sepolicy: basic: non_plat: Address vpud_native denials 
Change-Id: I4be2decf9e054e5313b7fcc7098f26248e708bbb
 2023-01-02 23:50:00 +01:00
SamarV-121
440f5f9ee7 sepolicy: basic: non_plat: Address mediaswcodec denials 
W oid.avc.decoder: type=1400 audit(0.0:642): avc: denied { connectto } for path="/dev/socket/logdr" scontext=u:r:mediaswcodec:s0 tcontext=u:r:logd:s0 tclass=unix_stream_socket permissive=0
I auditd  : type=1400 audit(0.0:1352): avc: denied { write } for comm="oid.avc.decoder" name="logdr" dev="tmpfs" ino=9467 scontext=u:r:mediaswcodec:s0 tcontext=u:object_r:logdr_socket:s0 tclass=sock_file permissive=0
crash log: https://pastebin.com/raw/Lhwhhbr0

Change-Id: Ia53ee584c82875e8bce032e0869ae58f60c52217
 2023-01-02 23:49:54 +01:00
SamarV-121
6f21f83c67 sepolicy: basic: non_plat: Allow mediacodec to read vendor_mtk_hdr_video_prop 
Change-Id: I2d2f602a298f2967b798ac00ce73dac1ec84bb18
 2023-01-02 23:49:38 +01:00
SamarV-121
8a583e3348 sepolicy: basic: non_plat: Allow mediacodec to read some props 
W omx@1.0-service: type=1400 audit(0.0:117): avc: denied { open } for path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=12368 scontext=u:r:mediacodec:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
W libc    : Access denied finding property "ro.mtk_deinterlace_support"
W libc    : Access denied finding property "ro.mtk_crossmount_support"
W libc    : Access denied finding property "mtk.vendor.omx.core.log"

Change-Id: I14cbe8a4e6a7892b0b34d05c86b68281291d6579
 2023-01-02 23:49:27 +01:00
SamarV-121
224041dad4 sepolicy: basic: plat_private: Remove mapping files 
Change-Id: I4d89bae940f6a367e3cf47fa52283bda689150d6
 2023-01-02 23:49:22 +01:00
Matsvei Niaverau
f40f049d12 fixup! sepolicy: basic: non_plat: Add rules for MediaTek GPU HAL * Dropped in S sepolicy but we need it since we have blobs from R. 
Change-Id: I6a232495fcf9087cfbc8212806bb805d50cad091
 2023-01-02 23:49:16 +01:00
bengris32
812fea90fa sepolicy: basic: non_plat: Allow all unstrusted apps to read thermal info 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I84215736966a2e6637483f74b307442436b17c30
 2023-01-02 23:49:01 +01:00
bengris32
952e2e6368 sepolicy: basic: non_plat: Drop proc_cpu_alignment type 
* Moved into AOSP sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I531fed8839ed7c667e21fc4d370427f1094cd50e
 2023-01-02 23:48:55 +01:00
bengris32
695d5c0359 sepolicy: basic: non_plat: Address Audio HAL tcp_socket neverallow 
* Due to system SEPolicy/audioserver changes in Android 13,
  mtk_hal_audio needs to be allowed to create and use TCP sockets.
Signed-off-by: bengris32 <bengris32@protonmail.ch>

Change-Id: I8d1d0034dfeb64ede815f7c7c7249ee034dd9528
 2023-01-02 23:48:40 +01:00
bengris32
0f2e6efe70 sepolicy: basic: non_plat: Drop proc_watermark_boost_factor type 
* Already defined in AOSP sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I816928df2d63b0076170478660c5892b6aa391d7
 2023-01-02 23:48:33 +01:00
bengris32
b2fd09835a sepolicy: basic: non_plat: Drop proc_watermark_scale_factor type 
* Defined in AOSP T sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I0de4eef26238c2414adcdfe658173a0cac2dfc82
 2023-01-02 23:48:24 +01:00
bengris32
a17351d505 sepolicy: basic: non_plat: Rename sysfs_gpu to sysfs_gpu_mtk 
* A duplicate type is already defined in AOSP sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I8721e4556aaabd1202a5b3c6b8bd44b6ce95ca43
 2023-01-02 23:48:15 +01:00
bengris32
13193b0c71 sepolicy: basic: non_plat: Drop sysfs_block type 
* The sysfs_block type was removed in the T sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ib301a4b49d1a74013923fc6c56ade1a2a3c5c13d
 2023-01-02 23:48:05 +01:00
bengris32
3538c267c2 sepolicy: basic: non_plat: Add rules for MediaTek GPU HAL 
* Dropped in S sepolicy but we need it since we have
  blobs from R.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ifb8fa7d8e28b1d74c1bf3ea6b817afd3c84a90c6
 2023-01-02 23:47:59 +01:00
bengris32
7dde2a48b4 sepolicy: basic: non_plat: Label MediaTek latch_unsignaled property 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ie217b7a61701452a4b49a74af8720d286e8b8266
 2023-01-02 23:47:27 +01:00
Vaisakh Murali
efb8514231 sepolicy: basic/non_plat: Allow nvram_daemon to search gsi_metadata 
Change-Id: Iec92c6e142e7c080876aa33ea90a20c76a49180e
 2023-01-02 23:47:19 +01:00
Zinadin Zidan
8b8dc4fb5f sepolicy: basic: non_plat: Allow nvram_daemon to search metadata files 
Signed-off-by: Zinadin Zidan <zidan44@pixelexperience.org>
Change-Id: Ib74216772112fb8613d4de3178a2777dc5dc7d7e
 2023-01-02 23:47:15 +01:00
bengris32
3afd698bbd sepolicy: basic: non_plat: Address nvram_daemon denials 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I86df292fa27eb3756deaf537085607c20c7f6a99
 2023-01-02 23:47:00 +01:00
bengris32
f5923e2c19 sepolicy: basic: non_plat: Label some misc MDP properties 
* Also define a new type for these miscellaneous properties.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ifa3dde2836771ca6c0de2fa9a4357f3787e2e61f
 2023-01-02 23:46:56 +01:00
bengris32
ee38ef4445 sepolicy: basic: non_plat: Label some dp logging properties 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I05d4cf0e33ff3b6f4b5a04552c6549ee90c60e4d
 2023-01-02 23:46:41 +01:00
bengris32
d79c75256b sepolicy: basic: non_plat: Label ro.vendor.globalpq.support property 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Id8bf17af4ec6848555bd964a17b128473ca5c3fc
 2023-01-02 23:46:36 +01:00
bengris32
02da8c9f4c sepolicy: basic: non_plat: Label another PQ prop prefix 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I4a6fef51827ead08284a3d29c4d5b49d2f1675f2
 2023-01-02 23:46:28 +01:00
bengris32
4444a0ec73 sepolicy: basic: non_plat: Label all versions of Bluetooth service 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I1665247d7b297f431bc31d6077e6cc75d060c253
 2023-01-02 23:46:15 +01:00
bengris32
2e9c05d5e0 sepolicy: basic: non_plat: Seperate Core NFC data from vendor 
* Required to pass new SEPolicy tests.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I9d137c9e156692b798161afae7e61b604d839cda
 2023-01-02 23:45:51 +01:00
bengris32
05133df612 sepolicy: basic: non_plat: Label libpq_cust.so 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I6b200cfff7ceeb4922338fb75b4be663773941ee
 2023-01-02 23:45:38 +01:00
bengris32
2cdb5b6db5 sepolicy: basic: non_plat: Allow NFC HAL to create files 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I533fe5352a98e469d0baa063cb676191e674eb98
 2023-01-02 23:45:31 +01:00
bengris32
5aa558a7d6 sepolicy: basic: non_plat: Allow rild to set vendor_mtk_md_prop 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I0736d58a7cd93f09880507d0fecfb341cb8f9781
 2023-01-02 23:45:26 +01:00
bengris32
88370c7038 sepolicy: basic: non_plat: Label NFC data files 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ib73bd3960721a087f7d2626291d43c7c65aa2220
 2023-01-02 23:45:17 +01:00
bengris32
747c0bcfa5 sepolicy: basic: non_plat: Add SEPolicy rules for NFC HAL 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I9f10189eaedf02eb4ed8c0eaf354a65857de9bc8
 2023-01-02 23:45:04 +01:00
bengris32
023535373b sepolicy: basic: non_plat: Allow CameraHAL to set vendor_mtk_emcamera_prop 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ie11e1ebd3cead23d9e2a769d64f514f9c302b63b
 2023-01-02 23:44:56 +01:00
Zinadin Zidan
22ff9b52e1 sepolicy: basic: non_plat: Allow mtk gsm0710muxd to set ctl_stop_prop/ctl_start_prop 
Change-Id: I828caf2a784cd8cd51a5a13bca587f8fedd03220
 2023-01-02 23:44:50 +01:00
bengris32
a26d0b7757 sepolicy: basic: non_plat: Label SMS properties 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ide1537a7762f713b18b0e90fcf8ccd704dd17719
 2023-01-02 23:44:38 +01:00
bengris32
9f597c6ceb sepolicy: basic: non_plat: Allow ccci_mdinit to read bootmode 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ic7fde9763638697168b38f9c88639a83a2e06290
 2023-01-02 23:44:05 +01:00
bengris32
237af02add sepolicy: basic: non_plat: Address vendor_init denials 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I3eca9b66b08ad1b98c4480bd315eca885c3f6b2d
 2023-01-02 23:44:00 +01:00
bengris32
fa2ba87661 sepolicy: basic: Remove duplicated genfs rule for timed_output vibrator 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: If6f049147546adb1dac90252c2d89c6e298d2eef
 2023-01-02 23:43:44 +01:00
bengris32
ddc6294aa8 sepolicy: basic: debug: Insert newline at end of property_contexts 
* When the build system is appending all the rules into
  one big file, a missing newline at the end of any
  contexts file will cause build errors due to the
  way the build system appends the files together.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I78028c868cfbc0a86e0895c52280a0b0767ebd77
 2023-01-02 23:43:30 +01:00