Android_Device_Mediatek_Sepolicy_Vndr

NekoSakura/Android_Device_Mediatek_Sepolicy_Vndr

Author	SHA1	Message	Date
bengris32	d73d1700e3	sepolicy: basic: non_plat: Allow Sensors HAL to write to SCP log Change-Id: I51887fd93ed97e96de214383c20b6b905af2347e Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-08-07 15:03:36 +01:00
bengris32	e4dbda893d	sepolicy: basic: non_plat: Allow PQ HAL to use /dev/ion Change-Id: I096876eb593745a30806ebcb23b78100819ecb7b Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-08-07 15:03:36 +01:00
bengris32	16d912d4b2	sepolicy: basic: non_plat: Label 13000000.mali memtrack nodes Change-Id: I44dae5f9fceba3dd9e7fe0989aeaff1faf01c466 Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-08-07 15:03:36 +01:00
bengris32	7d3ebfc10b	sepolicy: basic: non_plat: Label /class/thermal sysfs Change-Id: Id41e9a73ac36f110ef2b083fc49e435b4aef11c0 Signed-off-by: bengris32 <bengris32@protonmail.ch>	2023-08-07 15:03:33 +01:00
nift4	baea66a53f	sepolicy_vndr: add sepolicy for power off alarm Change-Id: Id58c4819ccb51e42158c4af39cf9245f206f9fb9	2023-07-23 16:48:11 +02:00
SamarV-121	431046546e	sepolicy: Add rules for mediatek mali memtrack HAL Change-Id: I0591fea2c492ea2a5613b9af17bcc1384fd31b76	2023-05-08 00:44:05 +05:30
Vaisakh Murali	168dfe22c0	sepolicy: Initial sepolicy for power-libperfmgr Change-Id: Id2f47056b9e25e3663281b4cbe210e7715969d9d	2023-04-27 22:26:16 +05:30
bengris32	d3173a129b	sepolicy: Label stub mtkpower service Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I1d3d6be0cbd2bcc73e4654ec4b58f68473f9af7f	2023-04-27 22:25:50 +05:30
SamarV-121	cd4658785d	sepolicy: Label thunderquake_engine nodes Change-Id: Iea2ff7e3539ea74df75fb9d4f1cb69197e60b39d	2023-04-27 22:25:38 +05:30
SamarV-121	6c1dc1cc06	sepolicy: Allow init to create xcap sockets I auditd : type=1400 audit(0.0:191): avc: denied { create } for comm="init" name="vendor.xcap" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0 Change-Id: I44fade622638a8ea64afcb6569515ca2c231c84c	2023-04-27 14:43:59 +05:30
SamarV-121	8c706294c1	sepolicy: Add rules for xcap Change-Id: I19c1f971b08e8d08f9c44d33b8036a267eee1e99	2023-04-27 14:43:54 +05:30
LinkBoi00	5800f20308	Revert "sepolicy: basic: non_plat: Allow mediacodec to read vendor_mtk_hdr_video_prop" We did not have necessary rules for vendor_init to set this but apparently this rule is completely unnecessary anyways. Labelling this under the vendor_default_prop domain is enough. This reverts commit 6f21f83c672af237827e0335cd566c1ce4810735. Change-Id: Ic053bfed210562c173d14f2399c155cba0e9a4f2 Signed-off-by: LinkBoi00 <linkdevel@protonmail.com>	2023-03-19 22:50:35 +02:00
LinkBoi00	062b82634e	sepolicy: basic: non_plat: Allow audio HAL to read and write vendor_mtk_audio_prop Signed-off-by: LinkBoi00 <linkdevel@protonmail.com> Change-Id: I309a6f8e7609b07f1b089ef1bac9b469a3d9e6d4	2023-03-08 12:56:22 +01:00
LinkBoi00	40db888e15	sepolicy: basic: non_plat: Label a few more audio properties Signed-off-by: LinkBoi00 <linkdevel@protonmail.com> Change-Id: I1f9d4c11e84054d34ef83784ffa243acb67c26cf	2023-03-08 12:56:09 +01:00
LinkBoi00	80ca7b0e68	sepolicy: basic: non_plat: Allow rild to access NVRAM HAL Signed-off-by: LinkBoi00 <linkdevel@protonmail.com> Change-Id: Ifdd22bc48d86270a30b9fbbc1b64e654fd4713fa	2023-03-08 12:56:09 +01:00
LinkBoi00	4683bfcc08	sepolicy: basic: non_plat: Label microtrust SE service Signed-off-by: LinkBoi00 <linkdevel@protonmail.com> Change-Id: Id31ce8ccb57c128ba4637e70d4abd466aeedb20f	2023-03-08 12:56:09 +01:00
LinkBoi00	d62a4a891d	sepolicy: basic: non_plat: Label all versioned secure_element services Signed-off-by: LinkBoi00 <linkdevel@protonmail.com> Change-Id: I6d314bbc779f9e20157f1886a016758d00fb5e44	2023-02-05 17:37:10 +02:00
LinkBoi00	6b4f51c3b5	sepolicy: basic: non_plat: Label proper location for libaiselector.so Some devices may move this library from the default location Signed-off-by: LinkBoi00 <linkdevel@protonmail.com> Change-Id: I508cb911fa0264339ed4a29d514bf14966c9528c	2023-02-05 17:36:26 +02:00
Zinadin Zidan	3c90852f99	sepolicy: basic: non_plat: Allow mtk fm app to access /dev/fm Signed-off-by: Zinadin Zidan <zidan44@pixelexperience.org> Change-Id: Ie9f4593ae6d122505b39ba212cce939375c7f447	2023-01-02 23:50:36 +01:00
Matsvei Niaverau	3de9a934ad	sepolicy: basic: non_plat: Label all versions of MMS service Change-Id: Ibd41320e5152f7a96143e7967eac9d74e69f3564	2023-01-02 23:50:27 +01:00
SamarV-121	a5ba3aa187	sepolicy: basic: non_plat: Allow mediacodec to read sysfs_boot_mode W omx@1.0-service: type=1400 audit(0.0:3382): avc: denied { read } for name="boot_mode" dev="sysfs" ino=7123 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs_boot_mode:s0 tclass=file permissive=0 E PQ : [PQ][PQConfig] fail to open: /sys/class/BOOT/BOOT/boot/boot_mode Change-Id: I1246c6e3290e39968f6fd309c37fcb639178fa14	2023-01-02 23:50:20 +01:00
SamarV-121	b924fa4058	sepolicy: basic: non_plat: Add selinux rules for mtkcodecservice HAL Change-Id: Ia024bc02b07c45c17475005b4216baa50cee9c13	2023-01-02 23:50:10 +01:00
SamarV-121	ca74f59339	sepolicy: basic: non_plat: Address vpud_native denials Change-Id: I4be2decf9e054e5313b7fcc7098f26248e708bbb	2023-01-02 23:50:00 +01:00
SamarV-121	440f5f9ee7	sepolicy: basic: non_plat: Address mediaswcodec denials W oid.avc.decoder: type=1400 audit(0.0:642): avc: denied { connectto } for path="/dev/socket/logdr" scontext=u:r:mediaswcodec:s0 tcontext=u:r:logd:s0 tclass=unix_stream_socket permissive=0 I auditd : type=1400 audit(0.0:1352): avc: denied { write } for comm="oid.avc.decoder" name="logdr" dev="tmpfs" ino=9467 scontext=u:r:mediaswcodec:s0 tcontext=u:object_r:logdr_socket:s0 tclass=sock_file permissive=0 crash log: https://pastebin.com/raw/Lhwhhbr0 Change-Id: Ia53ee584c82875e8bce032e0869ae58f60c52217	2023-01-02 23:49:54 +01:00
SamarV-121	6f21f83c67	sepolicy: basic: non_plat: Allow mediacodec to read vendor_mtk_hdr_video_prop Change-Id: I2d2f602a298f2967b798ac00ce73dac1ec84bb18	2023-01-02 23:49:38 +01:00
SamarV-121	8a583e3348	sepolicy: basic: non_plat: Allow mediacodec to read some props W omx@1.0-service: type=1400 audit(0.0:117): avc: denied { open } for path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=12368 scontext=u:r:mediacodec:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 W libc : Access denied finding property "ro.mtk_deinterlace_support" W libc : Access denied finding property "ro.mtk_crossmount_support" W libc : Access denied finding property "mtk.vendor.omx.core.log" Change-Id: I14cbe8a4e6a7892b0b34d05c86b68281291d6579	2023-01-02 23:49:27 +01:00
Matsvei Niaverau	f40f049d12	fixup! sepolicy: basic: non_plat: Add rules for MediaTek GPU HAL * Dropped in S sepolicy but we need it since we have blobs from R. Change-Id: I6a232495fcf9087cfbc8212806bb805d50cad091	2023-01-02 23:49:16 +01:00
bengris32	812fea90fa	sepolicy: basic: non_plat: Allow all unstrusted apps to read thermal info Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I84215736966a2e6637483f74b307442436b17c30	2023-01-02 23:49:01 +01:00
bengris32	952e2e6368	sepolicy: basic: non_plat: Drop proc_cpu_alignment type * Moved into AOSP sepolicy. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I531fed8839ed7c667e21fc4d370427f1094cd50e	2023-01-02 23:48:55 +01:00
bengris32	695d5c0359	sepolicy: basic: non_plat: Address Audio HAL tcp_socket neverallow * Due to system SEPolicy/audioserver changes in Android 13, mtk_hal_audio needs to be allowed to create and use TCP sockets. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I8d1d0034dfeb64ede815f7c7c7249ee034dd9528	2023-01-02 23:48:40 +01:00
bengris32	0f2e6efe70	sepolicy: basic: non_plat: Drop proc_watermark_boost_factor type * Already defined in AOSP sepolicy. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I816928df2d63b0076170478660c5892b6aa391d7	2023-01-02 23:48:33 +01:00
bengris32	b2fd09835a	sepolicy: basic: non_plat: Drop proc_watermark_scale_factor type * Defined in AOSP T sepolicy. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I0de4eef26238c2414adcdfe658173a0cac2dfc82	2023-01-02 23:48:24 +01:00
bengris32	a17351d505	sepolicy: basic: non_plat: Rename sysfs_gpu to sysfs_gpu_mtk * A duplicate type is already defined in AOSP sepolicy. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I8721e4556aaabd1202a5b3c6b8bd44b6ce95ca43	2023-01-02 23:48:15 +01:00
bengris32	13193b0c71	sepolicy: basic: non_plat: Drop sysfs_block type * The sysfs_block type was removed in the T sepolicy. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: Ib301a4b49d1a74013923fc6c56ade1a2a3c5c13d	2023-01-02 23:48:05 +01:00
bengris32	3538c267c2	sepolicy: basic: non_plat: Add rules for MediaTek GPU HAL * Dropped in S sepolicy but we need it since we have blobs from R. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: Ifb8fa7d8e28b1d74c1bf3ea6b817afd3c84a90c6	2023-01-02 23:47:59 +01:00
bengris32	7dde2a48b4	sepolicy: basic: non_plat: Label MediaTek latch_unsignaled property Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: Ie217b7a61701452a4b49a74af8720d286e8b8266	2023-01-02 23:47:27 +01:00
Vaisakh Murali	efb8514231	sepolicy: basic/non_plat: Allow nvram_daemon to search gsi_metadata Change-Id: Iec92c6e142e7c080876aa33ea90a20c76a49180e	2023-01-02 23:47:19 +01:00
Zinadin Zidan	8b8dc4fb5f	sepolicy: basic: non_plat: Allow nvram_daemon to search metadata files Signed-off-by: Zinadin Zidan <zidan44@pixelexperience.org> Change-Id: Ib74216772112fb8613d4de3178a2777dc5dc7d7e	2023-01-02 23:47:15 +01:00
bengris32	3afd698bbd	sepolicy: basic: non_plat: Address nvram_daemon denials Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I86df292fa27eb3756deaf537085607c20c7f6a99	2023-01-02 23:47:00 +01:00
bengris32	f5923e2c19	sepolicy: basic: non_plat: Label some misc MDP properties * Also define a new type for these miscellaneous properties. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: Ifa3dde2836771ca6c0de2fa9a4357f3787e2e61f	2023-01-02 23:46:56 +01:00
bengris32	ee38ef4445	sepolicy: basic: non_plat: Label some dp logging properties Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I05d4cf0e33ff3b6f4b5a04552c6549ee90c60e4d	2023-01-02 23:46:41 +01:00
bengris32	d79c75256b	sepolicy: basic: non_plat: Label `ro.vendor.globalpq.support` property Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: Id8bf17af4ec6848555bd964a17b128473ca5c3fc	2023-01-02 23:46:36 +01:00
bengris32	02da8c9f4c	sepolicy: basic: non_plat: Label another PQ prop prefix Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I4a6fef51827ead08284a3d29c4d5b49d2f1675f2	2023-01-02 23:46:28 +01:00
bengris32	4444a0ec73	sepolicy: basic: non_plat: Label all versions of Bluetooth service Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I1665247d7b297f431bc31d6077e6cc75d060c253	2023-01-02 23:46:15 +01:00
bengris32	2e9c05d5e0	sepolicy: basic: non_plat: Seperate Core NFC data from vendor * Required to pass new SEPolicy tests. Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I9d137c9e156692b798161afae7e61b604d839cda	2023-01-02 23:45:51 +01:00
bengris32	05133df612	sepolicy: basic: non_plat: Label libpq_cust.so Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I6b200cfff7ceeb4922338fb75b4be663773941ee	2023-01-02 23:45:38 +01:00
bengris32	2cdb5b6db5	sepolicy: basic: non_plat: Allow NFC HAL to create files Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I533fe5352a98e469d0baa063cb676191e674eb98	2023-01-02 23:45:31 +01:00
bengris32	5aa558a7d6	sepolicy: basic: non_plat: Allow rild to set vendor_mtk_md_prop Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I0736d58a7cd93f09880507d0fecfb341cb8f9781	2023-01-02 23:45:26 +01:00
bengris32	88370c7038	sepolicy: basic: non_plat: Label NFC data files Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: Ib73bd3960721a087f7d2626291d43c7c65aa2220	2023-01-02 23:45:17 +01:00
bengris32	747c0bcfa5	sepolicy: basic: non_plat: Add SEPolicy rules for NFC HAL Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: I9f10189eaedf02eb4ed8c0eaf354a65857de9bc8	2023-01-02 23:45:04 +01:00

1 2

58 Commits