xiaomi-unicorn1/android_device_qcom_sepolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,645 Commits 50 Branches 0 Tags
unicorn-20.0
Commit Graph

3645 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Linux Build Service Account
f1d79bd2a0 Merge "Add listen service in service context to follow sepolicy" 2014-10-27 05:52:51 -07:00
Linux Build Service Account
c8519565e6 Merge "sepolicy: Allow system_app access to pps socket" 2014-10-27 05:52:50 -07:00
Linux Build Service Account
4c9b6cab3d Merge "Seandroid: Add group policy for IMS daemons" 2014-10-27 05:52:49 -07:00
Avijit Kanti Das
c58a6f792f Seandroid: Allow mm-pp-daemon to set system.prop 
Allowing mm-ppd to set system property

Change-Id: I8559aded3b70c560ff9eb531bd1762cfef90699f
 2014-10-26 18:19:25 -07:00
Linux Build Service Account
d8b7868c6d Merge "ANT: Add SE policy for ANT services." 2014-10-26 08:14:23 -07:00
Biswajit Paul
d8ab626d64 sepolicy: policy for bootup denials on 64 bit targets 
Add policy for bootup issues and other domains

Change-Id: I48dc57dcdc0c631e682072f93e2f8fd2751c7a43
 2014-10-25 22:46:58 +05:30
Tushar Janefalkar
87c1f926c6 SEAndroid: location policies 
Added location sepolicies for native processes
and location_app context for apks. Also introduced
policies for location features

CRs-fixed: 736188
Change-Id: Iae597a4e205fff8d7a6fc4a54b719b995472a60a
 2014-10-25 22:46:22 +05:30
Dinesh K Garg
e5bafbfe91 SeAndroid: Updated SEPolices for tee components 
Updated sepolicies for tee components

Change-Id: Id0f4798c2f0b9a59c71b20088d5e86182481b942
 2014-10-25 22:45:46 +05:30
Boxiang Pan
a6ca530007 CNE: add policy for cneservice 
Adding policy rule for cneservice

Change-Id: Id11e004f3f7e7957fd1f3205dd2b100030e5966b
 2014-10-25 22:45:17 +05:30
Ravi Kumar Siddojigari
72a1c583ba sepolicy : adding rild2 socket context 
rildi2 socket is used in dual-sim and triple-sim

Change-Id: I2ae12271b54b16d5c45f168a8e0e05ddb165733e
 2014-10-25 22:44:55 +05:30
Ramjee Singh
92739a23c3 Add listen service in service context to follow sepolicy 
Change-Id: I821c02cddd775285c28f43c97496fc83c8a5b34c
 2014-10-25 22:44:36 +05:30
Tatenda Chipeperekwa
6bc33ded91 sepolicy: Allow system_app access to pps socket 
Allow system_app access to connect to pps socket and to
write via that socket.

Change-Id: If9cce379fc731d0dc91717584f5191c24f6eff96
 2014-10-25 22:44:08 +05:30
Avijit Kanti Das
f2b7a74c74 Seandroid: Add group policy for IMS daemons 
Adding policy for imsdatadaemon, imsqmidaemon, imsrtpdaemon

Change-Id: I72d15fcec36b0c119a258679dcc2eeb61c8ceb7c
 2014-10-25 22:43:30 +05:30
Linux Build Service Account
ff2fb8e4e1 Merge "sepolicy: add file define for oem path" 2014-10-23 21:50:03 -07:00
Vadivel Thekkamalai
f84e6099b5 ANT: Add SE policy for ANT services. 
It adds policy and privileges for ANT services

Change-Id: I489f01bc87597997c0919ab8ee5f78c8cd7980a0
CRs-fixed: 736946
 2014-10-23 15:02:50 -07:00
Linux Build Service Account
3d492fdffd Merge "sepolicy: add policies for perfd" 2014-10-23 00:56:57 -07:00
Linux Build Service Account
8a5e7a4346 Merge "Seandroid: Addressing few more denial logs" 2014-10-23 00:56:55 -07:00
Linux Build Service Account
583f266b43 Merge "sePolicy : Policy file for ssr_setup" 2014-10-23 00:56:54 -07:00
Linux Build Service Account
6a1011e018 Merge "SEAndroidi: Add policy for for dpm" 2014-10-23 00:56:53 -07:00
Linux Build Service Account
e1073171ab Merge "seandroid: Add policies for IPA" 2014-10-23 00:56:53 -07:00
Linux Build Service Account
3f11a08931 Merge "SEAndroid: Add policy rules for rfs_access daemon" 2014-10-23 00:56:52 -07:00
Linux Build Service Account
8272e63e93 Merge "Seandroid: Enable PP daemon at boot" 2014-10-23 00:56:51 -07:00
Linux Build Service Account
1504128718 Merge "sepolicy: Add policies for qlogd" 2014-10-23 00:56:50 -07:00
Linux Build Service Account
09b6745993 Merge "SEAndroid: Add policy for adsprpcd daemon" 2014-10-23 00:56:50 -07:00
Linux Build Service Account
ab405050ee Merge "SePolicy: Define sepolicy for vm_bms" 2014-10-23 00:56:49 -07:00
Linux Build Service Account
b79f1fbc8c Merge "sepolicy: add sepolicy for USB UICC daemon" 2014-10-23 00:56:48 -07:00
Linux Build Service Account
0c009e3ea9 Merge "sepolicy: add mpctl related policies" 2014-10-23 00:56:48 -07:00
Vince Leung
358d6f3f4d sepolicy: add policies for perfd 
Add policies for perfd required for PerfLock.
Add system_server policy to allow it to use mpctl.
Add system_app policy to allow it to use mpctl.
Add mediaserver policy to allow it to use mpctl.

Change-Id: I084e097f0d33d473995fffd7c9da65a52d90b898
 2014-10-22 12:59:07 -07:00
Avijit Kanti Das
d01b3b310c Seandroid: Addressing few more denial logs 
Adding few more policies to address bootup denal log

Change-Id: If31bd6cf7e654f407698f4dae5421b382b5f3c14
 2014-10-22 12:59:07 -07:00
Ameya Thakur
37b34bc906 sePolicy : Policy file for ssr_setup 
ssr_setup policy file is now part of the build.

Change-Id: I3bb94935d7d7adc506297b897cb1e793bce518ee
 2014-10-22 12:59:07 -07:00
Susheel Yadagiri
d0927c690e SEAndroidi: Add policy for for dpm 
Adding policy for DMPD service.

Change-Id: I4045c9bd4d9ed46a629b889a4ca663a7759579e9
 2014-10-22 12:59:07 -07:00
Avijit Kanti Das
2b495d052f seandroid: Add policies for IPA 
Add policies for IPA user space daemons: ipacm & ipacm-diag

Change-Id: Ib59f9e84074af4674ae1dba1628bb298cde88803
 2014-10-22 12:59:07 -07:00
Nikhilesh Reddy
7851fba9fc SEAndroid: Add policy rules for rfs_access daemon 
The rfs_access is started as a service by init process. This change
moves rfs_access to its own domain and also adds relevant policies
to move it to confined domain

Change-Id: I1009fa600a587d4a9fdf53cc306f157b34b51908
 2014-10-22 12:59:07 -07:00
Avijit Kanti Das
808ae2fff7 Seandroid: Enable PP daemon at boot 
Enables pp-daemon to start at boot and adds the necessary selinux
policies for it's operation

Change-Id: I450bada4a8f5c5b49e59c2c179897d306a5e8791
 2014-10-22 12:59:06 -07:00
jinwu
f1e16bf2bb sepolicy: Add policies for qlogd 
Add se policy for qlogd to enable logging.

Change-Id: Iaf3d1795d217f415e4cfb5e9adb44b094991b218
 2014-10-22 12:59:06 -07:00
Avijit Kanti Das
282098df55 SEAndroid: Add policy for adsprpcd daemon 
Add type enforcement file for adsprpcd daemon.

Change-Id: Ifdbf5d0f69a70bbffa6f8dad1135939ca638c26b
 2014-10-22 12:59:06 -07:00
Jie Cheng
1e82023d89 SePolicy: Define sepolicy for vm_bms 
Add the sepolicy for vm_bms daemon.

Change-Id: Ied81fdb28ebcd599574894475b6e8d58295ce8fd
 2014-10-22 12:59:06 -07:00
Tarun Gupta
4f7527dde3 sepolicy: add sepolicy for USB UICC daemon 
warnings related usb_uicc_daemon are fixed

Change-Id: I1bdff7f349950ecea1cc6550a39b5589f0e8e789
 2014-10-22 12:59:06 -07:00
Vince Leung
06bd7d8af2 sepolicy: add mpctl related policies 
Add mpctl related policies into mpdecision.
Add system_server policy to allow it to use mpctl.
Add system_app policy to allow it to use mpctl.
Add mediaserver policy to allow it to use mpctl.

Change-Id: I2e73cee528a87cefe58bd58aad16cda84f6cabf4
 2014-10-22 12:58:55 -07:00
Linux Build Service Account
51ab6fa97d Merge "Seandroid: Add policy to enable voice and data call" 2014-10-21 06:12:36 -07:00
Linux Build Service Account
12439fa56c Merge "qmuxd: fix denial related to capability" 2014-10-21 06:12:36 -07:00
Linux Build Service Account
9c182cffe3 Merge "netmgrd: fix denials observed during call bringup" 2014-10-21 06:12:35 -07:00
Linux Build Service Account
45a25bdfb9 Merge "Seandroid: Adding policy for mpdecision" 2014-10-21 06:12:34 -07:00
Linux Build Service Account
de253e880e Merge "SePolicy: Define sepolicy for charger_monitor." 2014-10-21 06:12:34 -07:00
Avijit Kanti Das
fe61c2d43b Seandroid: Add policy to enable voice and data call 
Adding policy to enable voice add data call

Change-Id: Iae2b204b041689814d49cf0f5d34701ff86ca7ea
 2014-10-20 11:36:45 -07:00
Subash Abhinov Kasiviswanathan
5280ce9b9b qmuxd: fix denial related to capability 
Fix the following denial

Allow qmuxd to have the CAP_BLOCK_SUSPEND capability

[   47.694567] type=1400 audit(1413464098.587:1914): avc: denied
{ block_suspend } for pid=1074 comm="qmuxd" capability=36
scontext=u:r:qmuxd:s0 tcontext=u:r:qmuxd:s0 tclass=capability2
permissive=0

CRs-Fixed: 740553
Change-Id: I39a1239f399b7d37709bac323594db2451e1b93c
 2014-10-20 11:36:17 -07:00
Subash Abhinov Kasiviswanathan
4e2e5af6d4 netmgrd: fix denials observed during call bringup 
Fix the following denials observed when trying to bringup a
data call.

Allow netmgrd to launch programs on shell

[  207.983674] type=1400 audit(1413464258.877:2646): avc: denied
{ execute } for pid=3153 comm="netmgrd" name="sh" dev="mmcblk0p14"
ino=492 scontext=u:r:netmgrd:s0 tcontext=u:object_r:shell_exec:s0
tclass=file permissive=0
[   30.392603] type=1400 audit(1878.399:627): avc: denied { read open }
for pid=1814 comm="netmgrd" path="/system/bin/sh" dev="mmcblk0p14"
ino=490 scontext=u:r:netmgrd:s0 tcontext=u:object_r:shell_exec:s0
tclass=file permissive=0

Allow netmgrd to configure the DNS and GW related android properties

[   64.911773] Boot completed avc:  denied  { set } for
property=net.rmnet_data0.dns1 scontext=u:r:netmgrd:s0
tcontext=u:object_r:net_radio_prop:s0 tclass=property_service
[  228.126745] avc:  denied  { set } for
property=net.rmnet_data0.dns2 scontext=u:r:netmgrd:s0
tcontext=u:object_r:net_radio_prop:s0 tclass=property_service
[  228.133928] avc:  denied  { set } for
property=net.rmnet_data0.gw scontext=u:r:netmgrd:s0
tcontext=u:object_r:net_radio_prop:s0 tclass=property_service

Allow netmgrd do determine target using esoc api's

[   30.354990] type=1400 audit(1878.369:625): avc: denied { search }
for pid=755 comm="netmgrd" name="esoc" dev="sysfs" ino=7642
scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_esoc:s0 tclass=dir
permissive=0

Allow netmgrd to set capabilities
[   30.401939] type=1400 audit(1878.409:669): avc: denied { setpcap }
for pid=755 comm="netmgrd" capability=8 scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=capability permissive=0

CRs-Fixed: 740553
Change-Id: I33655ee5602472e0232b9b2b8e7f3248266b9bbd
 2014-10-20 11:35:53 -07:00
Avijit Kanti Das
ddeea14a94 Seandroid: Adding policy for mpdecision 
Adding more policies for mpdecision

Change-Id: I5abb1c7487e739aac554a7735d387400bfcf7b37
 2014-10-20 11:35:36 -07:00
Jie Cheng
501917821f SePolicy: Define sepolicy for charger_monitor. 
This policy is need to give charger_monitor access to uevent, sysfs
and wake_lock.

CRs-Fixed: 737037
Change-Id: I4a02426c763e1d4e96308e913c1eda913e062231
 2014-10-20 11:34:14 -07:00
Linux Build Service Account
57b2cff4ad Merge "Seandroid: Associate WLAN utilities with their domains." 2014-10-18 15:31:31 -07:00