Addtional: Removed firmware_file relabelfrom and mount rule
based on the review comment as we dont need this now .
Change-Id: I1a903ddfc0ad3fbd99a99e4f3397b9f059706141
fm_radio: Need access on /dev/radio node which include
read write and ioctl . For enabling/disable of fmradio
it need insmod persmission and set permission on property
controls .
bluetooth : added access to the /dev/smd and permission to
do set property on bt control .
Change-Id: Ie348484b42be14d96b4dcee22c9f7c6561a3bd80
the new datatype and secontext for the respective device node or
and files on the target .
secontext need for following are been added or updated
mpdecision,mm-pp-daemon,hvdcp/quickcharge,uart,fmraido
Removed some defination which are target specfic which should
going to target specfic folder.
Rules are not part of this change and for newly added bin's context
are commented and which will be enabled as the te file get added .
Change-Id: I0baa3cb872bd25d24ec33f4720ac8d5272587ebd
persist_file and wifi_data_file
This is needed for uevent to start and do a wcnss nvbin
download if it fails to do will make the wcnss to crash and reboot
the target (related to persist_file access) . wifi_data_file
access is needed for starting the wifi driver.
Change-Id: Id59ef6b0b013c1f61809c7e4bc0513e70407fd8e
Firmware partition is by default mounted as vfat with selabel as
sdcard_external , To explicitly reload the context based on the
context flag passed in mount option we need to have firmware_file
as contextmount_type .
Change-Id: Id5e35cad285f7835e45d9583e7f2f4f367631201
Seandroid codebase is restructured using this gerrit
All the sepolicies which are common acress all the
chipsets needs to be kept inside common folder. And
all the other policies which are specific to target,
should be kept inside the folder with the chipset name
i.e, all the policies specific to 8084 should be
inside apq8084 folder.
Change-Id: I14734e2d3b9d6a0846a2c99e942c8da9495fa6ab
Removing entry from /device/qcom/sepolicy/genfs_contexts
to avoid merge conflict with AOSP change as AOSP changes
will get higher priority
Change-Id: I1009ecc3572e2fe4251c20f9dad6eed81c930c5f
There are some policies which are already part of googles
core policies (Defined in external/sepolicy). We are
removing it form here. Also there are some spaces we are
removing them too. Aslo resolving some indentation issue
Change-Id: I0ab843d7e81ffcea80a09bbd04337aaa41de30a7
qmi_ping is a internal test app to QMI. Thermal engine
should NOT be using it. Hence revoking the permission.
Also this was causing compilation issue because qmi_ping
type declearation was guarded under userdebug flag, but
getting used outside.
Change-Id: Iafd900657aaee7d1996694223ba0a8eadc1f285e
Add security policies for the thermal-engine process
to access sysfs nodes, create, listen, and read from
network sockets.
Change-Id: I2907cb26a2f4e27a2ae229bce4de038412c92bae
Signed-off-by: Shiju Mathew <shijum@codeaurora.org>
Added the context for the various audio devices
to operate with other domains. We have also added
context for audiod.
Change-Id: Ibaa2beb2fc5ff4cc16481d8764b1d8c0bcfce16c
Added security policies needed for IPv6 tethering functionality
to perform operations on sockets. Also enabled qmuxd to operate
with smd devices
CRs-fixed: 590265
Change-Id: I32a9dd089abec3b33f2fdeca02e3e259492f8785
Adding required SEAndroid policies to enable rild_oem socket connection
from QcrilMsgTunnel app (radio UID group) as it is currently denied
by SEAndroid module.
Change-Id: Ie1a1d2fdd0fe85095d8e33c8c6d5d335c3dc2042
Allow domain transitions from shell, su and adbd for qmuxd and
netmgrd in case of engineering and user debug builds only
CRs-fixed: 590265
Change-Id: Ibaad1d0d547dca13fa17f7c909c6347e59a24d97
Confines qmi ping and test service tests as well as defines rules to grant
them appropriate access.
CRs-Fixed: 582040
Change-Id: I57c9a82d3efcd643a6d3ac26c4217cd51b1bb86b
HW based disk encryption wipes the data if user enters incorrect
password for a number of times. This requires that Vold has access
to cache file and recovery.
Change-Id: Ibb3069af6a15558202c02ae5454008bb8ecb62e9
Device encryption requries fsck to be run while attempting to
mount userdata partition. For encrypted device, it runs in VOLD
context. Hence, VOLD needs permission to complete the job.
Change-Id: I804153253d241050cfe5f35b3f5c129f9b91a3c6
HW based disk encryption depends upon qseecom and module request
operation from kernel. Adding permission for VOLD for smooth
functionality of HW based disk encryption.
Change-Id: If938f1be1067ac14d5d2f685902643c5d580d94e
