NekoSakura/Android_Device_Mediatek_Sepolicy_Vndr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
98 Commits 2 Branches 0 Tags
Commit Graph

98 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
SamarV-121
173aae2fb1 sepolicy: bsp: non_plat: Grant all network permissions to ipsec_mon 
Change-Id: I01ffcf9cc31332f45f9a1d3120c6d2946d3dc650
 2023-01-02 23:49:48 +01:00
SamarV-121
6f21f83c67 sepolicy: basic: non_plat: Allow mediacodec to read vendor_mtk_hdr_video_prop 
Change-Id: I2d2f602a298f2967b798ac00ce73dac1ec84bb18
 2023-01-02 23:49:38 +01:00
SamarV-121
8a583e3348 sepolicy: basic: non_plat: Allow mediacodec to read some props 
W omx@1.0-service: type=1400 audit(0.0:117): avc: denied { open } for path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=12368 scontext=u:r:mediacodec:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
W libc    : Access denied finding property "ro.mtk_deinterlace_support"
W libc    : Access denied finding property "ro.mtk_crossmount_support"
W libc    : Access denied finding property "mtk.vendor.omx.core.log"

Change-Id: I14cbe8a4e6a7892b0b34d05c86b68281291d6579
 2023-01-02 23:49:27 +01:00
SamarV-121
224041dad4 sepolicy: basic: plat_private: Remove mapping files 
Change-Id: I4d89bae940f6a367e3cf47fa52283bda689150d6
 2023-01-02 23:49:22 +01:00
Matsvei Niaverau
f40f049d12 fixup! sepolicy: basic: non_plat: Add rules for MediaTek GPU HAL * Dropped in S sepolicy but we need it since we have blobs from R. 
Change-Id: I6a232495fcf9087cfbc8212806bb805d50cad091
 2023-01-02 23:49:16 +01:00
bengris32
812fea90fa sepolicy: basic: non_plat: Allow all unstrusted apps to read thermal info 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I84215736966a2e6637483f74b307442436b17c30
 2023-01-02 23:49:01 +01:00
bengris32
952e2e6368 sepolicy: basic: non_plat: Drop proc_cpu_alignment type 
* Moved into AOSP sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I531fed8839ed7c667e21fc4d370427f1094cd50e
 2023-01-02 23:48:55 +01:00
TheMalachite
e24c0688e9 sepolicy: bsp: Fix Netflix widevine L1 denies 
Change-Id: I9553462fea01deb7d953d0c885218d3490dcfee7
Reviewed-on: https://review.statixos.com/c/android_device_mediatek_sepolicy_vndr/+/7763
Reviewed-by: Vaisakh Murali <mvaisakh@statixos.com>
Tested-by: Vaisakh Murali <mvaisakh@statixos.com>
 2023-01-02 23:48:50 +01:00
bengris32
695d5c0359 sepolicy: basic: non_plat: Address Audio HAL tcp_socket neverallow 
* Due to system SEPolicy/audioserver changes in Android 13,
  mtk_hal_audio needs to be allowed to create and use TCP sockets.
Signed-off-by: bengris32 <bengris32@protonmail.ch>

Change-Id: I8d1d0034dfeb64ede815f7c7c7249ee034dd9528
 2023-01-02 23:48:40 +01:00
bengris32
0f2e6efe70 sepolicy: basic: non_plat: Drop proc_watermark_boost_factor type 
* Already defined in AOSP sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I816928df2d63b0076170478660c5892b6aa391d7
 2023-01-02 23:48:33 +01:00
bengris32
b2fd09835a sepolicy: basic: non_plat: Drop proc_watermark_scale_factor type 
* Defined in AOSP T sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I0de4eef26238c2414adcdfe658173a0cac2dfc82
 2023-01-02 23:48:24 +01:00
bengris32
a17351d505 sepolicy: basic: non_plat: Rename sysfs_gpu to sysfs_gpu_mtk 
* A duplicate type is already defined in AOSP sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I8721e4556aaabd1202a5b3c6b8bd44b6ce95ca43
 2023-01-02 23:48:15 +01:00
bengris32
13193b0c71 sepolicy: basic: non_plat: Drop sysfs_block type 
* The sysfs_block type was removed in the T sepolicy.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ib301a4b49d1a74013923fc6c56ade1a2a3c5c13d
 2023-01-02 23:48:05 +01:00
bengris32
3538c267c2 sepolicy: basic: non_plat: Add rules for MediaTek GPU HAL 
* Dropped in S sepolicy but we need it since we have
  blobs from R.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ifb8fa7d8e28b1d74c1bf3ea6b817afd3c84a90c6
 2023-01-02 23:47:59 +01:00
bengris32
9235669c21 sepolicy: bsp: non_plat: Label camera debuglog props 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I5c3c83f5d655426b1fce1fa43b3bcb7f009ee624
 2023-01-02 23:47:52 +01:00
Vaisakh Murali
aea3299924 sepolicy: Build with broken namespaces 
The userspace blobs that we have are proprietary. Rather than hex
editing each one of those blobs to match the allowed namespaces, it
is better to avoid the restriction as a whole.
This is needed until we have newer userspace blobs with proper
property namespaces allowed by the VTS.

Signed-off-by: Vaisakh Murali <mvaisakh@statixos.com>
Change-Id: I2abc9821f28885a89cf8905a58475a68766d38d2
Reviewed-on: https://review.statixos.com/c/android_device_mediatek_sepolicy_vndr/+/6330
Reviewed-by: Vaisakh Murali <vaisakhmurali@gmail.com>
Tested-by: Vaisakh Murali <vaisakhmurali@gmail.com>
 2023-01-02 23:47:43 +01:00
bengris32
6f37ffbe81 sepolicy: bsp: non_plat: Label ril.cdma.inecmmode property 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I9dbbc28d5c3b047c1fce6e759e88c432f254242f
 2023-01-02 23:47:36 +01:00
bengris32
7dde2a48b4 sepolicy: basic: non_plat: Label MediaTek latch_unsignaled property 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ie217b7a61701452a4b49a74af8720d286e8b8266
 2023-01-02 23:47:27 +01:00
Vaisakh Murali
efb8514231 sepolicy: basic/non_plat: Allow nvram_daemon to search gsi_metadata 
Change-Id: Iec92c6e142e7c080876aa33ea90a20c76a49180e
 2023-01-02 23:47:19 +01:00
Zinadin Zidan
8b8dc4fb5f sepolicy: basic: non_plat: Allow nvram_daemon to search metadata files 
Signed-off-by: Zinadin Zidan <zidan44@pixelexperience.org>
Change-Id: Ib74216772112fb8613d4de3178a2777dc5dc7d7e
 2023-01-02 23:47:15 +01:00
bengris32
3afd698bbd sepolicy: basic: non_plat: Address nvram_daemon denials 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I86df292fa27eb3756deaf537085607c20c7f6a99
 2023-01-02 23:47:00 +01:00
bengris32
f5923e2c19 sepolicy: basic: non_plat: Label some misc MDP properties 
* Also define a new type for these miscellaneous properties.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ifa3dde2836771ca6c0de2fa9a4357f3787e2e61f
 2023-01-02 23:46:56 +01:00
bengris32
ee38ef4445 sepolicy: basic: non_plat: Label some dp logging properties 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I05d4cf0e33ff3b6f4b5a04552c6549ee90c60e4d
 2023-01-02 23:46:41 +01:00
bengris32
d79c75256b sepolicy: basic: non_plat: Label ro.vendor.globalpq.support property 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Id8bf17af4ec6848555bd964a17b128473ca5c3fc
 2023-01-02 23:46:36 +01:00
bengris32
02da8c9f4c sepolicy: basic: non_plat: Label another PQ prop prefix 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I4a6fef51827ead08284a3d29c4d5b49d2f1675f2
 2023-01-02 23:46:28 +01:00
bengris32
4444a0ec73 sepolicy: basic: non_plat: Label all versions of Bluetooth service 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I1665247d7b297f431bc31d6077e6cc75d060c253
 2023-01-02 23:46:15 +01:00
bengris32
367ef77f0d sepolicy: bsp: non_plat: Label ccci_fsd executable 
* This label was dropped in S sepolicy but the rules
  for it are still here.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I7e0aab508243629faa846249516c46c95fd246bf
 2023-01-02 23:46:05 +01:00
bengris32
ed9ea3b405 sepolicy: bsp: non_plat: Label MTK keyinstall interface 
* This was dropped in the S sepolicy, but we still need
  it since we're on R blobs.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ie0c2ea88b1a8aed96183cce856bbdb0b73c50f65
 2023-01-02 23:45:59 +01:00
bengris32
2e9c05d5e0 sepolicy: basic: non_plat: Seperate Core NFC data from vendor 
* Required to pass new SEPolicy tests.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I9d137c9e156692b798161afae7e61b604d839cda
 2023-01-02 23:45:51 +01:00
bengris32
05133df612 sepolicy: basic: non_plat: Label libpq_cust.so 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I6b200cfff7ceeb4922338fb75b4be663773941ee
 2023-01-02 23:45:38 +01:00
bengris32
2cdb5b6db5 sepolicy: basic: non_plat: Allow NFC HAL to create files 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I533fe5352a98e469d0baa063cb676191e674eb98
 2023-01-02 23:45:31 +01:00
bengris32
5aa558a7d6 sepolicy: basic: non_plat: Allow rild to set vendor_mtk_md_prop 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I0736d58a7cd93f09880507d0fecfb341cb8f9781
 2023-01-02 23:45:26 +01:00
bengris32
88370c7038 sepolicy: basic: non_plat: Label NFC data files 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ib73bd3960721a087f7d2626291d43c7c65aa2220
 2023-01-02 23:45:17 +01:00
bengris32
747c0bcfa5 sepolicy: basic: non_plat: Add SEPolicy rules for NFC HAL 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I9f10189eaedf02eb4ed8c0eaf354a65857de9bc8
 2023-01-02 23:45:04 +01:00
bengris32
023535373b sepolicy: basic: non_plat: Allow CameraHAL to set vendor_mtk_emcamera_prop 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ie11e1ebd3cead23d9e2a769d64f514f9c302b63b
 2023-01-02 23:44:56 +01:00
Zinadin Zidan
22ff9b52e1 sepolicy: basic: non_plat: Allow mtk gsm0710muxd to set ctl_stop_prop/ctl_start_prop 
Change-Id: I828caf2a784cd8cd51a5a13bca587f8fedd03220
 2023-01-02 23:44:50 +01:00
bengris32
a26d0b7757 sepolicy: basic: non_plat: Label SMS properties 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ide1537a7762f713b18b0e90fcf8ccd704dd17719
 2023-01-02 23:44:38 +01:00
bengris32
9f597c6ceb sepolicy: basic: non_plat: Allow ccci_mdinit to read bootmode 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ic7fde9763638697168b38f9c88639a83a2e06290
 2023-01-02 23:44:05 +01:00
bengris32
237af02add sepolicy: basic: non_plat: Address vendor_init denials 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I3eca9b66b08ad1b98c4480bd315eca885c3f6b2d
 2023-01-02 23:44:00 +01:00
Zinadin Zidan
6d1e3f3221 sepolicy: Rename mtk sepolicy repo for vendor use 
* Its only used for vendor builds.

Signed-off-by: Zinadin Zidan <zidan44@pixelexperience.org>
Change-Id: I834827bf29e96f3e86455413fa5ef8181db18c92
 2023-01-02 23:43:51 +01:00
bengris32
fa2ba87661 sepolicy: basic: Remove duplicated genfs rule for timed_output vibrator 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: If6f049147546adb1dac90252c2d89c6e298d2eef
 2023-01-02 23:43:44 +01:00
bengris32
ddc6294aa8 sepolicy: basic: debug: Insert newline at end of property_contexts 
* When the build system is appending all the rules into
  one big file, a missing newline at the end of any
  contexts file will cause build errors due to the
  way the build system appends the files together.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I78028c868cfbc0a86e0895c52280a0b0767ebd77
 2023-01-02 23:43:30 +01:00
bengris32
2fb0b35965 sepolicy: bsp: Remove duplicated genfs rule for fuseblk 
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I7a54766319ed1e0a00c96a0188eb028a4a4f5e74
 2023-01-02 23:43:24 +01:00
Sarthak Roy
5050bc495c sepolicy: BOARD_PLAT_* -> SYSTEM_EXT_* 
With AOSP 12, usage of BOARD_PLAT_* sepolicy directory specification
has been deprecated. The recommended macro is SYSTEM_EXT_* directory
specification. Switch to it.

Signed-off-by: Sarthak Roy <sarthakroy2002@gmail.com>
Change-Id: Iada4c8eb78d958998d63e859da0b18a099309c62
 2023-01-02 23:43:12 +01:00
bengris32
94e69231d7 sepolicy: Initial bringup 
* Rename BoardSEPolicyConfig.mk to SEPolicy.mk
* Drop useless OTA upgrade sepolicy
* Unconditionally include debug sepolicy

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I0c43f3c4783127aad1e5f653bf12b5286cba74ed
 2023-01-02 23:43:03 +01:00
Mashopy
820bdb82ff mtk-sepolicy: Add LICENSE file 2023-01-02 20:36:07 +01:00
TheMalachite
49214eec48 mtk-sepolicy: Import zirconia modem sepolicy rules 2022-08-14 15:08:06 +02:00
TheMalachite
961041ba3e mtk-sepolicy: Initial SEPolicy rules 2022-08-14 15:07:12 +02:00