Commits · LE.UM.7.4.1.1.c1-02500-sa525m-tele · CodeLinaro / le / meta-qti-auto-sepolicy

Feb 20, 2025
- Merge "Revert "meta-qti-auto-sepolicy: Fix FDE OTA avc denials on EMMC."" into... · fde3559a
  Linux Build Service Account authored 3 weeks ago
```
Merge "Revert "meta-qti-auto-sepolicy: Fix FDE OTA avc denials on EMMC."" into le-auto-sepolicy.lnx.2.1.c1
```
  3 tags
  
  fde3559a
Feb 19, 2025
- Revert "meta-qti-auto-sepolicy: Fix FDE OTA avc denials on EMMC." · dbc575e6
  Sunith Kumar Muralidharan authored 3 weeks ago
```
This reverts commit c32e0401.

Reason for revert: <compilation failing on PVM>

Change-Id: Ie052aab789cf68d03496390a0f81fcdbe23291d8
```
  dbc575e6
- Merge "meta-qti-auto-sepolicy: Fix FDE OTA avc denials on EMMC." into le-auto-sepolicy.lnx.2.1.c1 · c22398fc
  Linux Build Service Account authored 3 weeks ago
  
  c22398fc
Feb 18, 2025

meta-qti-auto-sepolicy: Fix FDE OTA avc denials on EMMC. · c32e0401

Karim Dinani authored 3 weeks ago

Adds rule to allow transition from recovery to fde domain while
running nad-fde-app during OTA.

Change-Id: I9b44c0fe63fdf65dc9577ee8d8ba3b49813425ec

c32e0401

Feb 17, 2025
- meta-qti-auto-sepolicy: QMS sepolicy · 664dbb3f
  jijuk authored 1 month ago
```
- Added sepolicy files for shell_exec_t
- Added sepolicy files for boot_kpi_values_t
- Added sepolicy files for proc_t

Change-Id: I00c50b2a1fb4de2195c2ebff0f8b535a357bd56b
```
  664dbb3f
- Merge "meta-qti-auto-sepolicy: allow access for satcom" into le-auto-sepolicy.lnx.2.1.c1 · 5866219e
  Linux Build Service Account authored 3 weeks ago
  
  5866219e
Feb 15, 2025
- Merge "le-auto-sepolicy.lnx.2.1 :- Removing sepolicy rules for... · 513a8b5d
  Linux Build Service Account authored 4 weeks ago
```
Merge "le-auto-sepolicy.lnx.2.1 :- Removing sepolicy rules for attestation_manager" into le-auto-sepolicy.lnx.2.1.c1
```
  513a8b5d
Feb 14, 2025

meta-qti-auto-sepolicy: allow access for satcom · f6946b8a

Umesh Seth authored 1 month ago

- allows to read/write Telux log files and read Telsdk configuration.

CRs-Fixed: 4055246

Change-Id: I92bc59d340d1ddef2a3275b9b7b2d0477faf623f

f6946b8a

Feb 11, 2025

le-auto-sepolicy.lnx.2.1 :- Removing sepolicy rules for · e8f1b2d3

nnimish authored 1 month ago

attestation_manager

Attestation_manager is merged with phone_home and now comes as a library
called libphmanager. So, sepolicy is not needed now.

Change-Id: I7878dd52919512148f60a4c03facf7b35597bbc7
Signed-off-by: nnimish <quic_nnimish@quicinc.com>
(cherry picked from commit f87d6f883d0f9c32c1aa3d75eedf7e7ee8e48c53)

e8f1b2d3

Feb 07, 2025

meta-qti-auto-sepolicy: Fix cryptsetup avc denials · 1354400e

Karim Dinani authored 1 month ago

Allows cryptsetup i.e. lvm_t domain to access ubiblock devices
to fetch encryption status.
Also, changes mls sensitivity levels for ubiblock devnodes.

Change-Id: Ie0d3021ce21606a3be76b817224c87a42167322b

1354400e

meta-qti-auto-sepolicy: Fix selinux denials for nad-fde-app on emmc · 3004da7b

Karim Dinani authored 1 month ago

Adds allow permissions for nad-fde-app and cryptsetup to
access relevant block files on emmc based targets.

Change-Id: I7e5add150f88f8a71d19fc96d65406ce4985068a

3004da7b

meta-qti-auto-sepolicy: sepolicy changes for nad-fde-app · 98e5529e

Karim Dinani authored 1 month ago

1. Creates a unique selinux context type for nad-fde-app
   i.e. fde_app_t.
2. Since nad-fde-app calls crytpsetup, these changes also add
   selinux fixes for cryptsetup which runs in lvm_t domain.

Change-Id: I97b90e9ccedb165b94af4363e770ad135b7b06d6
(cherry picked from commit fa7be0aa1725ad09f453f7028715b5bc92039dcc)

98e5529e

Jan 28, 2025
- Merge "le-auto-sepolicy.lnx.2.1 :- Sepolicy change for mount_copybind" · 6e2023f0
  QCTECMDR Service authored 1 month ago
  
  6e2023f0
Jan 27, 2025
- Merge "meta-qti-auto-sepolicy: allow sdcard access" · 5f676bd0
  QCTECMDR Service authored 1 month ago
  
  5f676bd0
- le-auto-sepolicy.lnx.2.1 :- Sepolicy change for mount_copybind · 4ed177db
  nnimish authored 1 month ago
```
Added sepolicy rules to access phone_home.json file from phservice module

Change-Id: Ic6229619d40b607d22d4def862d580bdd98d0a99
```
  4ed177db
- meta-qti-auto-sepolicy: allow sdcard access · 1c08f460
  Rishi Gupta authored 2 months ago
```
Allow sdcard access for diag ODL feature
to save mask and log file on the sdcard.

CRs-Fixed: 4023254
Change-Id: I16adb441514ab498a0db463c7d126a691b84dac5
```
  1c08f460
Jan 23, 2025
- Merge "meta-qti-auto-sepolicy: lxc kill and restart gracefully handling rules" · 91e9232b
  QCTECMDR Service authored 1 month ago
  
  91e9232b
Jan 22, 2025

meta-qti-auto-sepolicy: lxc kill and restart gracefully handling rules · 9b464ae2

Nikhil Gautam authored 1 month ago

*This change will handle the kill & restart of lxc container if done
manully using systemd gracefully

*denials fixed comes during systemctl stop "container"

Change-Id: I2fdc874013b0f895b32a35d047cb3f0a480898e4

9b464ae2

Jan 20, 2025
- Merge "meta-qti-auto-sepolicy: AVC rules for fifo usage for qvirtmgr" · 2d399f98
  QCTECMDR Service authored 1 month ago
  
  2d399f98
- Merge "meta-qti-auto-sepolicy: Add two dontaudit for the BT Synergy" · 5df16796
  QCTECMDR Service authored 1 month ago
  
  5df16796
- meta-qti-auto-sepolicy: Add two dontaudit for the BT Synergy · ec091e54
  Kuichu Ni authored 2 months ago
```
Added two dontaudit rules

1. Ignore denial message that synergy_bt process to request dir search
   permission for sysctl_t.

2. Ignore denial message that synergy_bt process to request dir search
   permission for telaf_fw_t.

CRs-Fixed: 4016874
Change-Id: I2a7e8f89bc16ee88a398bb92a9cc33ab18132ff7
```
  ec091e54
Jan 16, 2025

meta-qti-auto-sepolicy: AVC rules for fifo usage for qvirtmgr · 4238b7c9

Deepak Dimri authored 2 months ago


Add rules for fifo usage for qvirtmgr.

Change-Id: I57b4a4ea140d06f07ebe02a59e9a206e417434bf
Signed-off-by: Deepak Dimri <quic_ddimri@quicinc.com>

4238b7c9

Jan 15, 2025

data: allow necessary socket operations for telux test app · e40f3f3b

Abhijeet Jagdale authored 2 months ago

- Allow necessary TCP socket operations for telux_power_refd and
  data_keep_alive_app

CRs-Fixed: 4002695
Change-Id: Ib8228f96c9d3da859cc7c2166ee1685f489b6e2e

e40f3f3b

Jan 09, 2025
- Merge "meta-qti-auto-sepolicy: provide permission to IPACM to read the... · 2c625992
  QCTECMDR Service authored 2 months ago
```
Merge "meta-qti-auto-sepolicy: provide permission to IPACM to read the /var/run/data/ipa partition size."
```
  2c625992
Jan 08, 2025
- Merge "meta-qti-auto-sepolicy : Sepolicies to mount phone_home files" · 91997a88
  QCTECMDR Service authored 2 months ago
  
  91997a88
- meta-qti-auto-sepolicy : Sepolicies to mount phone_home files · 5e25ce44
  nnimish authored 2 months ago
```
Sepolicy rules to mount the phone_home.json file from edgehub & phone-home module.

Change-Id: I2570373824ba934b88a145fbcf4f15c36a100b77
Signed-off-by: nnimish <quic_nnimish@quicinc.com>
```
  5e25ce44
Jan 03, 2025
- location:fix edgnss-daemon avc denial with unreserved_port_t · b85b422c
  Hoss Zhou authored 2 months ago
```
Change-Id: I3533fc3d6e2f2e89e31164c383f8699abe7da6f3
CRs-Fixed: 4008143
```
  b85b422c
Jan 02, 2025
- Merge "meta-qti-auto-sepolicy: add rules for dlt accessing /dev/mqueue" · 3aeb3ac5
  QCTECMDR Service authored 2 months ago
  
  3aeb3ac5
- meta-qti-auto-sepolicy: provide permission to IPACM to read the /var/run/data/ipa partition · 60ac84f1
  Umed Singh Rana authored 3 months ago
```
size.

This change will provide access to IPACM to read the partition size
required by the changes to retain old IPACM logs in case of crash or restart.

Change-Id: Id3615c1bbdd72769d486cf713c37e11b8ea401c5
Signed-off-by: Umed Singh Rana <quic_urana@quicinc.com>
```
  60ac84f1
- Merge "meta-qti-auto-sepolicy: Fix access rules for early set time" · 0ff7e2a4
  QCTECMDR Service authored 2 months ago
  
  0ff7e2a4
Dec 31, 2024
- meta-qti-auto-sepolicy: add api access control for qmi wakeup · 100e0e7d
  Rishi Gupta authored 2 months ago
```
Add API access control rules for QMI wakeup reason feature
to prevent unprivileged application from getting process
details.

CRs-Fixed: 4014031
Change-Id: I084d8de7bedafaca2ac1472d982d217e3a00968d
```
  100e0e7d
- Merge "meta-qti-auto-sepolicy: add rules for diag odl" · d24e1e81
  QCTECMDR Service authored 2 months ago
  
  d24e1e81
- Merge "meta-qti-auto-sepolicy: Updating allow rules for telux console apps" · 2d864d6a
  QCTECMDR Service authored 2 months ago
  
  2d864d6a
Dec 28, 2024

meta-qti-auto-sepolicy: add rules for diag odl · 5f7448ae

Rishi Gupta authored 2 months ago

Diag ODL feature allows for collecting diag logs
on the device itself. This commit add rules for
telsdk console test application, telsdk interface
for this feature and telsdk api access control.

Change-Id: If2fab71c5fc4cab6c0d16ba4aabf601d3d629432
CRs-Fixed: 4002934

5f7448ae

Dec 27, 2024
- Merge "meta-qti-auto-sepolicy: Add cron module for sepolicy" · 209408d6
  QCTECMDR Service authored 2 months ago
  
  209408d6
- Merge "meta-qti-auto-sepolicy: Remove unconfined_domain rule" · 20603d40
  QCTECMDR Service authored 2 months ago
  
  20603d40
- Merge "Location: Add location specific context for LocIdlAPIService" · 9c8d46e1
  QCTECMDR Service authored 2 months ago
  
  9c8d46e1
Dec 26, 2024

meta-qti-auto-sepolicy: add rules for dlt accessing /dev/mqueue · 45c9d0d6

Zhihang YAN authored 2 months ago

Add rules for dlt to create/read/write socket file in /dev/mqueue

CRs-Fixed: 4005301
Change-Id: I8b28385d5797869e7a1ceabd941c866ad19cc438

45c9d0d6

Dec 24, 2024

meta-qti-auto-sepolicy: Add cron module for sepolicy · 850b4ba1

Abhinav Gupta authored 2 months ago


 * build cron policies from upstream

Change-Id: I7eb08a84c9ac3fa95a8cee377e74234028665b93
Signed-off-by: Abinaya P <quic_abinayap@quicinc.com>

850b4ba1

meta-qti-auto-sepolicy: Remove unconfined_domain rule · 00912597

jbhalani authored 3 months ago


Remove unconfined domain rule and Give minimal permissions to run lxc
and ecall over lxc without any denials.

CRs-Fixed: 3975192

Change-Id: I34ccfe08af9f83899da62238e0a7f3ca9aec3c09
Signed-off-by: jbhalani <quic_jbhalani@quicinc.com>

00912597