aboutsummaryrefslogtreecommitdiff
path: root/sepolicy
Commit message (Collapse)AuthorAgeFilesLines
* veux: sepolicy: Grant perms to mount tracefs when CONFIG_DEBUG_FSUtsavBalar12312023-01-051-1/+3
| | | | | | | avc: denied { mounton } for pid=1 comm="init" path="/sys/kernel/tracing" dev="tracefs" ino=1 scontext=u:r:init:s0 tcontext=u:object_r:debugfs_tracing_debug:s0 tclass=dir permissive=0 Change-Id: Ia71539ff4b622d5130f2051e8ae490f3b7a4722b
* veux: sepolicy: Add more genfs contexts labelkleidione Freitas2023-01-051-0/+4
| | | | Signed-off-by: kleidione <kleidione@gmail.com>
* veux: sepolicy: Allow init to write discard_max_bytes on /data partitionUtsavBalar12312023-01-052-1/+4
|
* veux: sepolicy: Allow setting read_ahead_kb on /data partitionUtsavBalar12312023-01-053-1/+9
|
* veux: sepolicy: Add more sepolicy rule for hal default sensorkleidione Freitas2023-01-051-0/+2
| | | | | | - [ 7206.619148] type=1400 audit(1666291831.667:316): avc: denied { ioctl } for comm="sensors@2.1-ser" path="socket:[441443]" dev="sockfs" ino=441443 ioctlcmd=0xc502 scontext=u:r:hal_sensors_default:s0 tcontext=u:r:hal_sensors_default:s0 tclass=qipcrtr_socket permissive=0 Signed-off-by: kleidione <kleidione@gmail.com>
* veux: sepolicy: Label more sysfs wakeup nodeskleidione Freitas2023-01-051-1/+22
| | | | Signed-off-by: kleidione <kleidione@gmail.com>
* veux: Uprev fingerprint HAL to 2.3Arian2023-01-051-4/+8
|
* veux: Import XiaomiParts from sm8250kleidione Freitas2023-01-054-11/+32
| | | | | | | | | | | | | | | | | | Credits: https://github.com/xiaomi-sm8250-devs/android_device_xiaomi_sm8250-common - Adapte to pixelexperiece - Drop doze - Drop fod and pop camera - Add Clear speaker - Adapte SEPolicy credis: [Sebastiano Barezzi, Chenyang Zhong] Co-authored-by: Sebastiano Barezzi <barezzisebastiano@gmail.com> Co-authored-by: Adithya R <gh0strider.2k18.reborn@gmail.com> Co-authored-by: kubersharma001 <kubersharma001@gmail.com> Co-authored-by: TheScarastic <warabhishek@gmail.com> Co-authored-by: Joey <joey@lineageos.org> Signed-off-by: kleidione <kleidione@gmail.com>
* veux: sepolicy: Silence system_suspend denialsdaniml32023-01-051-0/+1
|
* veux: sepolicy: Allow system_app to access zram sysfs nodesIvan Vecera2023-01-051-0/+2
| | | | | 04-22 09:15:37.459 19569 19569 I auditd : type=1400 audit(0.0:570): avc: denied { search } for comm="pool-2-thread-1" name="zram0" dev="sysfs" ino=48559 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0 04-22 09:15:37.459 19569 19569 I auditd : type=1400 audit(0.0:571): avc: denied { search } for comm="pool-2-thread-1" name="zram0" dev="sysfs" ino=48559 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0
* veux: sepolicy: Allow apps and camera HAL access to secure ADSP domainAlbert I2023-01-052-0/+2
|
* veux: sepolicy: Allow neural networks HAL to read ADSP propertiesAlbert I2023-01-051-1/+3
| | | | Signed-off-by: Albert I <kras@raphielgang.org>
* veux: sepolicy: Make fastrpc_shell_3 publicly availabledianlujitao2023-01-058-0/+17
| | | | | | | | | | | | | | | | | | * Used by GCAM for DSP-accelerated HDR processing * Arguably we should label /vendor/dsp/cdsp/fastrpc_shell_3 to same_process_hal_file like Pixels, but the partition is prebuilt thus we're unable to relabel it. * Copy the file to writable tmpfs, setup attributes and bind mount back to workaround the limitation. [ghostrider-reborn]: Allow adsp/cdsprpcd and neuralnetworks HAL to access fastrpc_shell_3 [kras edit: 1. rename some contexts as per qva/kona 2. extend to allow camera HAL and VPP service to access it as well] Co-authored-by: Adithya R <gh0strider.2k18.reborn@gmail.com>
* veux: Merge common tree to veuxkleidione Freitas2022-11-0936-0/+418
- Ref: https://github.com/xiaomi-sm6375-devs/android_device_xiaomi_sm6375-common Signed-off-by: kleidione <kleidione@gmail.com>