- Feb 20, 2025
-
-
Linux Build Service Account authored
Merge "Revert "meta-qti-auto-sepolicy: Fix FDE OTA avc denials on EMMC."" into le-auto-sepolicy.lnx.2.1.c1
-
- Feb 19, 2025
-
-
Sunith Kumar Muralidharan authored
This reverts commit c32e0401. Reason for revert: <compilation failing on PVM> Change-Id: Ie052aab789cf68d03496390a0f81fcdbe23291d8
-
Linux Build Service Account authored
-
- Feb 18, 2025
-
-
Karim Dinani authored
Adds rule to allow transition from recovery to fde domain while running nad-fde-app during OTA. Change-Id: I9b44c0fe63fdf65dc9577ee8d8ba3b49813425ec
-
- Feb 17, 2025
-
-
jijuk authored
- Added sepolicy files for shell_exec_t - Added sepolicy files for boot_kpi_values_t - Added sepolicy files for proc_t Change-Id: I00c50b2a1fb4de2195c2ebff0f8b535a357bd56b
-
Linux Build Service Account authored
-
- Feb 15, 2025
-
-
Linux Build Service Account authored
Merge "le-auto-sepolicy.lnx.2.1 :- Removing sepolicy rules for attestation_manager" into le-auto-sepolicy.lnx.2.1.c1
-
- Feb 14, 2025
-
-
Umesh Seth authored
- allows to read/write Telux log files and read Telsdk configuration. CRs-Fixed: 4055246 Change-Id: I92bc59d340d1ddef2a3275b9b7b2d0477faf623f
-
- Feb 11, 2025
-
-
nnimish authored
attestation_manager Attestation_manager is merged with phone_home and now comes as a library called libphmanager. So, sepolicy is not needed now. Change-Id: I7878dd52919512148f60a4c03facf7b35597bbc7 Signed-off-by:
nnimish <quic_nnimish@quicinc.com> (cherry picked from commit f87d6f883d0f9c32c1aa3d75eedf7e7ee8e48c53)
-
- Feb 07, 2025
-
-
Karim Dinani authored
Allows cryptsetup i.e. lvm_t domain to access ubiblock devices to fetch encryption status. Also, changes mls sensitivity levels for ubiblock devnodes. Change-Id: Ie0d3021ce21606a3be76b817224c87a42167322b
-
Karim Dinani authored
Adds allow permissions for nad-fde-app and cryptsetup to access relevant block files on emmc based targets. Change-Id: I7e5add150f88f8a71d19fc96d65406ce4985068a
-
Karim Dinani authored
1. Creates a unique selinux context type for nad-fde-app i.e. fde_app_t. 2. Since nad-fde-app calls crytpsetup, these changes also add selinux fixes for cryptsetup which runs in lvm_t domain. Change-Id: I97b90e9ccedb165b94af4363e770ad135b7b06d6 (cherry picked from commit fa7be0aa1725ad09f453f7028715b5bc92039dcc)
-
- Jan 28, 2025
-
-
QCTECMDR Service authored
-
- Jan 27, 2025
-
-
QCTECMDR Service authored
-
nnimish authored
Added sepolicy rules to access phone_home.json file from phservice module Change-Id: Ic6229619d40b607d22d4def862d580bdd98d0a99
-
Rishi Gupta authored
Allow sdcard access for diag ODL feature to save mask and log file on the sdcard. CRs-Fixed: 4023254 Change-Id: I16adb441514ab498a0db463c7d126a691b84dac5
-
- Jan 23, 2025
-
-
QCTECMDR Service authored
-
- Jan 22, 2025
-
-
Nikhil Gautam authored
*This change will handle the kill & restart of lxc container if done manully using systemd gracefully *denials fixed comes during systemctl stop "container" Change-Id: I2fdc874013b0f895b32a35d047cb3f0a480898e4
-
- Jan 20, 2025
-
-
QCTECMDR Service authored
-
QCTECMDR Service authored
-
Kuichu Ni authored
Added two dontaudit rules 1. Ignore denial message that synergy_bt process to request dir search permission for sysctl_t. 2. Ignore denial message that synergy_bt process to request dir search permission for telaf_fw_t. CRs-Fixed: 4016874 Change-Id: I2a7e8f89bc16ee88a398bb92a9cc33ab18132ff7
-
- Jan 16, 2025
-
-
Deepak Dimri authored
Add rules for fifo usage for qvirtmgr. Change-Id: I57b4a4ea140d06f07ebe02a59e9a206e417434bf Signed-off-by:
Deepak Dimri <quic_ddimri@quicinc.com>
-
- Jan 15, 2025
-
-
Abhijeet Jagdale authored
- Allow necessary TCP socket operations for telux_power_refd and data_keep_alive_app CRs-Fixed: 4002695 Change-Id: Ib8228f96c9d3da859cc7c2166ee1685f489b6e2e
-
- Jan 09, 2025
-
-
QCTECMDR Service authored
Merge "meta-qti-auto-sepolicy: provide permission to IPACM to read the /var/run/data/ipa partition size."
-
- Jan 08, 2025
-
-
QCTECMDR Service authored
-
nnimish authored
Sepolicy rules to mount the phone_home.json file from edgehub & phone-home module. Change-Id: I2570373824ba934b88a145fbcf4f15c36a100b77 Signed-off-by:
nnimish <quic_nnimish@quicinc.com>
-
- Jan 03, 2025
-
-
Hoss Zhou authored
Change-Id: I3533fc3d6e2f2e89e31164c383f8699abe7da6f3 CRs-Fixed: 4008143
-
- Jan 02, 2025
-
-
QCTECMDR Service authored
-
Umed Singh Rana authored
size. This change will provide access to IPACM to read the partition size required by the changes to retain old IPACM logs in case of crash or restart. Change-Id: Id3615c1bbdd72769d486cf713c37e11b8ea401c5 Signed-off-by:
Umed Singh Rana <quic_urana@quicinc.com>
-
QCTECMDR Service authored
-
- Dec 31, 2024
-
-
Rishi Gupta authored
Add API access control rules for QMI wakeup reason feature to prevent unprivileged application from getting process details. CRs-Fixed: 4014031 Change-Id: I084d8de7bedafaca2ac1472d982d217e3a00968d
-
QCTECMDR Service authored
-
QCTECMDR Service authored
-
- Dec 28, 2024
-
-
Rishi Gupta authored
Diag ODL feature allows for collecting diag logs on the device itself. This commit add rules for telsdk console test application, telsdk interface for this feature and telsdk api access control. Change-Id: If2fab71c5fc4cab6c0d16ba4aabf601d3d629432 CRs-Fixed: 4002934
-
- Dec 27, 2024
-
-
QCTECMDR Service authored
-
QCTECMDR Service authored
-
QCTECMDR Service authored
-
- Dec 26, 2024
-
-
Zhihang YAN authored
Add rules for dlt to create/read/write socket file in /dev/mqueue CRs-Fixed: 4005301 Change-Id: I8b28385d5797869e7a1ceabd941c866ad19cc438
-
- Dec 24, 2024
-
-
Abhinav Gupta authored
* build cron policies from upstream Change-Id: I7eb08a84c9ac3fa95a8cee377e74234028665b93 Signed-off-by:
Abinaya P <quic_abinayap@quicinc.com>
-
jbhalani authored
Remove unconfined domain rule and Give minimal permissions to run lxc and ecall over lxc without any denials. CRs-Fixed: 3975192 Change-Id: I34ccfe08af9f83899da62238e0a7f3ca9aec3c09 Signed-off-by:
jbhalani <quic_jbhalani@quicinc.com>
-