User/yerriswa/cic cloud mixins support #208
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Migrating sepolicy from device/intel/project-celadon/sepolicy to device/intel/sepolicy Tracked-On: OAM-83217 Signed-off-by: sgnanase <[email protected]>
Tracked-On: OAM-84134 Signed-off-by: Sun, Yi J <[email protected]> Signed-off-by: sheng wei <[email protected]>
clean sepolicy project
use service /vendor/bin/storageproxyd use service /vendor/bin/cp_ss Change-Id: Ibd31a673ce15c4155acc736100a52a06953d1894 Signed-off-by: sheng wei <[email protected]>
Change-Id: I9e59b735558497997540527ce178b30d0d3e1252 Signed-off-by: sheng wei <[email protected]> Tracked-On: OAM-84134 Reviewed-on: 675675
It is not necessary in Q as set_storage removed. Change-Id: I21882b84f93cd22bfea1d58afee6872b00939df5 Tracked-On: OAM-84188 Signed-off-by: Chen, ZhiminX <[email protected]> Reviewed-on: 675293 Reviewed-on: 675995
Enable storageproxyd service
Change-Id: Iefc43e7fd17b026b1a0a27a4c901288e6a542088 Tracked-On: OAM-84018 Signed-off-by: Li, Yingjie <[email protected]> Reviewed-on: 677250
- Thermal Daemon not working becuase of missing sepolicy. Change-Id: Ide356d24a647e9c364348af5bdab2e022452144b Tracked-On: OAM-84347 Signed-off-by: ashish3 <[email protected]> Reviewed-on: 677244
Change-Id: Ibcebbca47e0887587ef7650e1054697918646182 Tracked-On: OAM-84353 Signed-off-by: Zhang, GaofengX <[email protected]> Reviewed-on: 677247
Health HAL needs to support multi-platform because each platform has its own configuration. Health HAL will have different name in different platform. For example, [email protected]_peak This patch changes the selinux policy to support the generic health HAL name. Change-Id: I754977ae32f827f00e85d0856579519cecd6b151 Tracked-On: OAM-84554 Signed-off-by: Sun Xinx <[email protected]> Reviewed-on: 677287
Due to sepolicy missing, Apcoredump validte failure. This patch add coredump folder in sepolicy directory to give related permission to vendor init and netd for apcoredump integration. Change-Id: I3291038fc61e5d1f99550d2e68439b18d66811d6 Tracked-On: OAM-84783 Signed-off-by: Tian, Baofeng <[email protected]> Signed-off-by: Duan, YayongX <[email protected]> Reviewed-on: 677583
Change-Id: Ica79490270397f856e36beb3239fbd99f7f39b6e Tracked-On: OAM-84824 Signed-off-by: xiaojin2 <[email protected]> Signed-off-by: Zhi Jin <[email protected]> Reviewed-on: 677352
…wc3.ko in recovery mode. This patch enabled the sepolicy related changes to allow insmod for dwc3 related shared objects in recovery/userspace fastboot mode. Change-Id: Ie17fd026ae1837745672a3726e1f00a5259f37de Tracked-On: OAM-84712 Signed-off-by: Tanuj Tekriwal <[email protected]> Reviewed-on: 677715
Adding sepolicy for storage medium SATA and NVME Change-Id: I6545aed1e1bf4e77a65d173a741cf11a336c5aae Tracked-On: OAM-85114 Signed-off-by: tkaur <[email protected]> Reviewed-on: 678342
This patch adds required sepolicy changes for EVS app, manager and HAL driver. Test: EVS works even when sepolicy is enforced. Change-Id: I88ba658bfb0e88acc52bd575c98220c7838e5dae Tracked-On: OAM-85033 Signed-off-by: saranya <[email protected]> Reviewed-on: 677713
Change-Id: I3a4a1549245ec76406698fb73a8e1824742ca448 Tracked-On: OAM-85348 Signed-off-by: Chen Lin Z <[email protected]> Reviewed-on: 678326
Fix sepolicy issue of using Local System Update "u:r:update_engine:s0 tcontext=u:object_r:storage_file:s0 u:r:update_engine:s0 tcontext=u:object_r:sdcardfs:s0" Change-Id: Iab429d503fd1c78e6aeafc164e653f0f6cd0100c Tracked-On: OAM-85604 Signed-off-by: Xihua Chen <[email protected]> Signed-off-by: Gao,ZiyiX <[email protected]>
CTS reqiures feature DRM, so enable the default one. This is for sepolicy part. Change-Id: I3ae31256345bfef8e27aa70f5c3719854bbc1adf Tracked-On: OAM-84905 Signed-off-by: Yan, WalterX <[email protected]>
Change-Id: Icb1e2671020761cd4bd5cb01fc883c032d281dd6 Tracked-On: OAM-85175 Signed-off-by: Tong Bo <[email protected]>
Resolve build error:
neverallow on line 8 of system/sepolicy/public/vendor_toolbox.te
(or line 27338 of policy.conf) violated by allow postinstall
vendor_toolbox_exec:file { execute execute_no_trans };
neverallow on line 942 of system/sepolicy/public/domain.te
(or line 12340 of policy.conf) violated by allow postinstall
vendor_shell_exec:file { execute execute_no_trans };
Tracked-On: OAM-86848
Signed-off-by: Heng Luo <[email protected]>
Add sepolicy for below failure "avc: denied { set } for
property=service.adb.tcp.port pid=2245 uid=0 gid=0
scontext=u:r:vendor_init:s0 tcontext=u:object_r:shell_prop:
s0 tclass=property_service permissive=0
Allowing the adb over network only for userdebug and eng
builds
Tracked-On: OAM-86782
Signed-off-by: Aiswarya Cyriac <[email protected]>
This module is only required for the OTA across pre-P to P or successors. No requirement of O->Q now. And it will cause to ATS failure due to sepolicy. Change-Id: Id4d2abf087d7fd4c324fc39bcf201693fb68cf63 Signed-off-by: Huang Yang <[email protected]> Tracked-On: OAM-86820
Tracked-On: OAM-86881 Signed-off-by: Fei Jiang <[email protected]>
dumpstate doesn't need to read/write the file type of sysfs, device and unlabeled. Disable the print statements related with these file types. Tracked-On: OAM-86940 Signed-off-by: ji, zhenlong z <[email protected]>
…rformancePoints Signed-off-by: kexx <[email protected]>
Tracked-On: https://jira.devtools.intel.com/browse/OAM-86928 Signed-off-by: kexx <[email protected]>
Tracked-On: OAM-88335 Signed-off-by: Tong Bo <[email protected]>
Add the required sepolicy rules for caas. caas can boot to UI with selinux in enforcing mode. Tracked-On: OAM-88545 Signed-off-by: ji, zhenlong z <[email protected]>
This is to help add sepolicy for video playback with Wechat Tracked-On: OAM-99611 Signed-off-by: ji, zhenlong z <[email protected]> Signed-off-by: Xihua Chen <[email protected]> Signed-off-by: Ren Chenglei <[email protected]>
Few usb related properties have been renamed. So renaming them in INTEL code as well. Signed-off-by: Tanuj Tekriwal <[email protected]>
There is no need to use Regular expression to denote the block devices' path, it's very inefficient. Signed-off-by: ji, zhenlong z <[email protected]>
vendor defined properties should start with vendor.** sys.display.size needs to be vendor.sys.display.size Tracked-On: OAM-99670 Signed-off-by: Tanuj Tekriwal <[email protected]>
Tracked-On: OAM-99217 Signed-off-by: Long, Hanyu <[email protected]>
Add keymaster3.0,keymaster4.0 and keymint sepolicy. Tracked-On: OAM-99223 Signed-off-by: yuxincui <[email protected]>
Add sepolicy for [email protected]. Tracked-On: OAM-100150 Signed-off-by: Chen, Tianmi <[email protected]>
This change is to add more policys for codec2.0 Tracked-On: OAM-100633 Signed-off-by: Chen, Tianmi <[email protected]>
Tracked-On: OAM-100728 Signed-off-by: danielphs <[email protected]>
Tracked-On: OAM-100923 Signed-off-by: HeYue <[email protected]> Signed-off-by: ji, zhenlong z <[email protected]>
Tracked-On: OAM-100724 Signed-off-by: ji, zhenlong z <[email protected]>
Need to add some sepolicy rules to recovery Tracked-On: OAM-101099 Signed-off-by: ji, zhenlong z <[email protected]>
Allow HAL to read property to load respective sound modules. Tracked-On: OAM-101401 Signed-off-by: pmandri <[email protected]>
Tracked-On: OAM-101153 Signed-off-by: RajaniRanjan <[email protected]>
Add Vulkan to vendor_ hwcomposer object Tracked-On: OAM-101217 Signed-off-by: wei, wushuangx <[email protected]>
Tracked-On: OAM-101826 Signed-off-by: gkdeepa [email protected]
Tracked-On: OAM-101728 Signed-off-by: HeYue <[email protected]>
Tracked-On: OAM-102294 Signed-off-by: lyintel <[email protected]>
Fix for AAFD folder not auto mounted at boot and suspend detection fails. A new context has been added for p9fs2 and replaced the same for logwrapper. Tracked-On: OAM-102731 Signed-off-by: Suresh, Prashanth <[email protected]>
…id_S" This reverts commit 73d7eb3. Tracked-On: OAM-103588 Signed-off-by: Senapati, Rasmiranjan <[email protected]> Signed-off-by: svenate <[email protected]>
patch creating neverallow failure is reverted projectceladon#119 Original JIRA: OAM-101745 Tracked-On: OAM-103588 Signed-off-by: Rajani Ranjan <[email protected]>
porting [email protected] for android T google api 2.0 for sensors support. Tracked-On: OAM-102321 Signed-off-by: RajaniRanjan <[email protected]> Signed-off-by: vilasrk <[email protected]>
Android storageproxyd service failed to launch due to metadata accessed denied by sepolicy on BM with Android T. Update sepolicy to allow TEE accessing metadata to address this issue. Tracked-On: OAM-104065 Signed-off-by: Zhong,Fangjian <[email protected]>
Google doesn't allow vendors to use debugfs in the user build from android 12, and they add checks in some CTS test cases. So the sepolicy rules related debugfs in celadon should be removed. Tracked-On: OAM-104124 Signed-off-by: jizhenlo <[email protected]>
Add a Apache 2.0 license for intel sepolicy rules. Tracked-On: OAM-104475 Signed-off-by: jizhenlo <[email protected]>
add sepolicy for rpc-services Tracked-On: OAM-103852 Signed-off-by: Yadong Qi <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding mixins support to cic_cloud