Commit Graph

12 Commits

Author SHA1 Message Date
Steve Kondik
e49dd26ace cm: Add SE policy for iop service
Change-Id: I14338a03c469cd71a6d5c7fecc71eb2290b2e6c4
2016-05-06 12:38:50 -07:00
myfluxi
e8df21c962 sepolicy: Add perfprofd with set_prop macro
Addresses:
avc: denied { write }
for pid=293 comm="perfprofd" name="property_service" dev="tmpfs" ino=9229 scontext=u:r:perfprofd:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0

Change-Id: I5a88722eda4d0751fd9a081c434d385ac1c785ef
2016-01-12 17:21:32 -08:00
Steve Kondik
e01646719a sepolicy: Allow adb pull of executables without root
* Because we aren't actually jerks, contrary to popular belief.

Change-Id: Ie39cce65ecc6a2861547865ff554b108b8b534fa
2015-11-29 05:28:14 -08:00
Diogo Ferreira
140305db6d sepolicy: qcom: Allow reading PSU sysfs by system_server
BatteryService queries the usb state to check whether the usb type
is HVDCP. This patch adds a rule to allow that.

For more context check BatteryService#Led#isHvdcpPresent.

Change-Id: Ifacf13dde4b1df81c92bf5d92196e504e61dd402
2015-11-27 05:25:43 -08:00
Steve Kondik
48149d05a1 sepolicy: Rule for CM's perfd extension
Manual apply and refactor of cm-12.1 patch:
e04329df88211264e7a9c8f1d6b87a16d8d5639b

Use the unix_socket_connect macro and switch to the new
perfd domain.

Change-Id: Ibb83220b32bad7805653140751c978e629f87ffb
2015-11-23 15:11:18 -08:00
Dan Pasanen
a90b69e921 sepolicy: add persist_block_device type
* This is likely defined in several device trees, but not all
  remove it from your device trees if we're going to write rules
  for it here.

Change-Id: I1dda04647d36db52525a3d57b485860dfe3eeb30
2015-11-17 08:38:43 -08:00
Steve Kondik
2c3b5d353e sepolicy: Remove some denials
* Allow apps to run the "df" command to look at disk usage.
 * Allow thermal engine to check/set battery limits.

Change-Id: I67c863a82a94007e7a5e8ccfde9c095b7277ab84
2015-11-16 19:46:00 -08:00
Steve Kondik
7d3eca93f4 sepolicy: Add policy for thermal engine changes
* Cyngn devices will need this.

Change-Id: I1e7528e92d0d4ed8c4029667d7ef3cf9081a6575
2015-11-14 23:58:46 +01:00
myfluxi
98df019cb4 sepolicy: qcom: Remove duplicate entry
We have this in qcom/sepolicy/common already.

Change-Id: Ibe6ada531f77d3ec00ff61081d21b3d36a1fe7a7
2015-11-10 17:28:12 +01:00
Ed Falk
95682234f1 sepolicy: allow vold to trim persist
Change-Id: I6441c00bfd173f1f3fd4c09a67c678c5bd4f8090
Issue-id: SYSTEMS-62
2015-09-30 14:04:23 -07:00
Steve Kondik
e2f23f0e91 cm: Fix a few denials
* Missed a few things when cleaning up devices.

Change-Id: Ib71afd696a564aeeaa80c34ca9744a39891f4b63
2015-09-19 22:49:20 -07:00
Steve Kondik
b5c2cf0408 cm: sepolicy: Create central place for QC-specific policy
* We have a number of policy items due to changes in our BSPs or for
   other things which interact with the QC sepolicy. Add a place
   for us to store this stuff so we don't need to copy it around to
   every device.

Change-Id: I155ca202694501d42b42e2bd703d74049d547df0
2015-09-15 15:31:38 -07:00