From 09cd80eeb5189ef3bb6d0315d3210400f9f8aeb3 Mon Sep 17 00:00:00 2001 From: Giammarco Senatore Date: Wed, 11 Aug 2021 22:34:30 +0200 Subject: [PATCH] sdm710-common: Go enforcing - major cleanup - sepolicy from xiaomi-sdm845-common - label both goodix and fpc - allystar GPS uart port and ontim nodes --- BoardConfigCommon.mk | 1 - rootdir/etc/init.target.rc | 8 +++--- sepolicy/vendor/adsprpcd.te | 1 + sepolicy/vendor/appdomain.te | 1 + sepolicy/vendor/cameraserver.te | 1 - sepolicy/vendor/device.te | 6 ++-- sepolicy/vendor/domain.te | 2 -- sepolicy/vendor/file.te | 20 +++++++------- sepolicy/vendor/file_contexts | 18 ++++++++---- sepolicy/vendor/genfs_contexts | 32 +++------------------- sepolicy/vendor/hal_bluetooth.te | 1 - sepolicy/vendor/hal_bluetooth_qti.te | 2 ++ sepolicy/vendor/hal_camera_default.te | 19 +++++++++---- sepolicy/vendor/hal_fingerprint_default.te | 14 ++++++++++ sepolicy/vendor/hal_gnss_default.te | 3 ++ sepolicy/vendor/hal_light.te | 1 - sepolicy/vendor/hal_sensors_default.te | 22 ++++----------- sepolicy/vendor/hal_usb.te | 2 -- sepolicy/vendor/hal_wifi.te | 1 - sepolicy/vendor/hal_wifi_default.te | 1 + sepolicy/vendor/hwservice_contexts | 9 +++++- sepolicy/vendor/iorap_prefetcherd.te | 2 -- sepolicy/vendor/kernel.te | 7 ----- sepolicy/vendor/platform_app.te | 1 - sepolicy/vendor/property.te | 8 ++++-- sepolicy/vendor/property_contexts | 5 ++++ sepolicy/vendor/qti_init_shell.te | 2 -- sepolicy/vendor/qtidataservices_app.te | 1 + sepolicy/vendor/remosaic_daemon.te | 8 ++++++ sepolicy/vendor/vndservice.te | 2 +- sepolicy/vendor/vndservice_contexts | 1 + 31 files changed, 105 insertions(+), 97 deletions(-) create mode 100644 sepolicy/vendor/adsprpcd.te create mode 100644 sepolicy/vendor/appdomain.te delete mode 100644 sepolicy/vendor/cameraserver.te delete mode 100644 sepolicy/vendor/domain.te delete mode 100644 sepolicy/vendor/hal_bluetooth.te create mode 100644 sepolicy/vendor/hal_bluetooth_qti.te create mode 100644 sepolicy/vendor/hal_gnss_default.te delete mode 100644 sepolicy/vendor/hal_light.te delete mode 100644 sepolicy/vendor/hal_usb.te delete mode 100644 sepolicy/vendor/hal_wifi.te create mode 100644 sepolicy/vendor/hal_wifi_default.te delete mode 100644 sepolicy/vendor/iorap_prefetcherd.te delete mode 100644 sepolicy/vendor/kernel.te delete mode 100644 sepolicy/vendor/platform_app.te delete mode 100644 sepolicy/vendor/qti_init_shell.te create mode 100644 sepolicy/vendor/qtidataservices_app.te create mode 100644 sepolicy/vendor/remosaic_daemon.te create mode 100644 sepolicy/vendor/vndservice_contexts diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index 615b90e..a136d19 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -31,7 +31,6 @@ TARGET_BOARD_PLATFORM := sdm710 # Kernel BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 earlycon=msm_geni_serial,0xA90000 androidboot.hardware=qcom androidboot.console=ttyMSM0 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 ehci-hcd.park=3 lpm_levels.sleep_disabled=1 service_locator.enable=1 androidboot.configfs=true androidboot.usbcontroller=a600000.dwc3 swiotlb=1 loop.max_part=7 -BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive BOARD_KERNEL_BASE := 0x00000000 BOARD_KERNEL_PAGESIZE := 4096 BOARD_KERNEL_TAGS_OFFSET := 0x00000100 diff --git a/rootdir/etc/init.target.rc b/rootdir/etc/init.target.rc index 71c05ec..74405fc 100644 --- a/rootdir/etc/init.target.rc +++ b/rootdir/etc/init.target.rc @@ -47,10 +47,6 @@ on init write /dev/stune/top-app/schedtune.colocate 1 write /sys/module/qpnp_rtc/parameters/poweron_alarm 1 - # touch gesture wake node permission - chown system /sys/class/touch/tp_dev/gesture_on - chown 0660 /sys/class/touch/tp_dev/gesture_on - on fs wait /dev/block/platform/soc/${ro.boot.bootdevice} symlink /dev/block/platform/soc/${ro.boot.bootdevice} /dev/block/bootdevice @@ -125,6 +121,10 @@ on boot setprop vendor.usb.qdss.inst.name "qdss" setprop sys.usb.configfs 1 + # touch gesture wake node permission + chown system system /sys/class/touch/tp_dev/gesture_on + chmod 0660 /sys/class/touch/tp_dev/gesture_on + service vendor.pd_mapper /vendor/bin/pd-mapper class core user system diff --git a/sepolicy/vendor/adsprpcd.te b/sepolicy/vendor/adsprpcd.te new file mode 100644 index 0000000..154488c --- /dev/null +++ b/sepolicy/vendor/adsprpcd.te @@ -0,0 +1 @@ +allow adsprpcd persist_file:lnk_file read; diff --git a/sepolicy/vendor/appdomain.te b/sepolicy/vendor/appdomain.te new file mode 100644 index 0000000..c95bf2b --- /dev/null +++ b/sepolicy/vendor/appdomain.te @@ -0,0 +1 @@ +get_prop(appdomain, camera_prop) diff --git a/sepolicy/vendor/cameraserver.te b/sepolicy/vendor/cameraserver.te deleted file mode 100644 index 5d87570..0000000 --- a/sepolicy/vendor/cameraserver.te +++ /dev/null @@ -1 +0,0 @@ -allow cameraserver camera_data_file:file { getattr open write }; diff --git a/sepolicy/vendor/device.te b/sepolicy/vendor/device.te index 0792042..2360194 100644 --- a/sepolicy/vendor/device.te +++ b/sepolicy/vendor/device.te @@ -1,3 +1,3 @@ -type oem_block_device, dev_type; -type param_block_device, dev_type; -type param_device, dev_type; +type fingerprint_device, dev_type; + +type gps_device, dev_type; diff --git a/sepolicy/vendor/domain.te b/sepolicy/vendor/domain.te deleted file mode 100644 index bae6bf0..0000000 --- a/sepolicy/vendor/domain.te +++ /dev/null @@ -1,2 +0,0 @@ -# Allow domain to get public_vendor_default_prop -get_prop(domain, public_vendor_default_prop) diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index 6925cbf..d1ad543 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -1,12 +1,12 @@ -type display_data_file, file_type, data_file_type, core_data_file_type; -type proc_touchpanel, fs_type, proc_type; -type sysfs_oem, sysfs_type, fs_type; - +type fingerprint_data_file, data_file_type, file_type; type thermal_data_file, data_file_type, file_type; -type sysfs_msm_subsys, sysfs_type, fs_type; -type sysfs_system_sleep_stats, sysfs_type, fs_type; -type sysfs_rpm, sysfs_type, fs_type; -type sysfs_power_stats, sysfs_type, fs_type; -type sysfs_tp, fs_type, sysfs_type; -type proc_sysctl_schedboost, proc_type, fs_type; + type debugfs_sched_features, debugfs_type, fs_type; +type proc_sysctl_schedboost, proc_type, fs_type; + +type sysfs_fingerprint, sysfs_type, fs_type; +type sysfs_gps, sysfs_type, fs_type; +type sysfs_msm_subsys, sysfs_type, fs_type; +type sysfs_rpm, sysfs_type, fs_type; +type sysfs_system_sleep_stats, sysfs_type, fs_type; +type sysfs_tp, fs_type, sysfs_type; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index bf774c3..7e01e27 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -1,16 +1,24 @@ +# Data files +/data/vendor/fpc(/.*)? u:object_r:fingerprint_data_file:s0 +/data/vendor/goodix(/.*)? u:object_r:fingerprint_data_file:s0 + # Files in rootfs /bt_firmware(/.*)? u:object_r:bt_firmware_file:s0 /firmware(/.*)? u:object_r:firmware_file:s0 /persist(/.*)? u:object_r:persist_file:s0 -# Data files -/data/display(/.*)? u:object_r:display_data_file:s0 +# Fingerprint devices +/dev/goodix_fp u:object_r:fingerprint_device:s0 +/sys/devices/(platform)?/soc/soc:fpc1020(/.*)? u:object_r:sysfs_fingerprint:s0 -# Custom HALs +# HALs /vendor/bin/hw/android\.hardware\.light@2\.0-service\.lenovo_sdm710 u:object_r:hal_light_default_exec:s0 /vendor/bin/hw/android\.hardware\.power-service\.lenovo u:object_r:hal_power_default_exec:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-fpcservice u:object_r:hal_fingerprint_default_exec:s0 /vendor/bin/hw/android\.hardware\.atrace@1.0-service\.pixel u:object_r:hal_atrace_default_exec:s0 -# Touch -/sys/class/touch/tp_dev/gesture_on u:object_r:sysfs_tp:s0 +# Allystar GPS +/sys/ontim_bootinfo/gps_avdd_en u:object_r:sysfs_gps:s0 +/sys/ontim_bootinfo/gps_lna u:object_r:sysfs_gps:s0 +/sys/ontim_bootinfo/gps_reset u:object_r:sysfs_gps:s0 +/dev/ttyHS1 u:object_r:gps_device:s0 diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index 70ca531..3286f30 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -1,32 +1,8 @@ -# Display -genfscon proc /touchpanel u:object_r:proc_touchpanel:s0 -genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply u:object_r:sysfs_battery_supply:s0 -#genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/main u:object_r:sysfs_battery_supply:s0 - -# SSR -genfscon sysfs /devices/platform/soc/aae0000.qcom,venus/subsys0/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/aae0000.qcom,venus/subsys0/restart_level u:object_r:sysfs_ssr_toggle:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys1/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys1/restart_level u:object_r:sysfs_ssr_toggle:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys2/restart_level u:object_r:sysfs_ssr_toggle:s0 -genfscon sysfs /devices/platform/soc/17300000.qcom,lpass/subsys3/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/17300000.qcom,lpass/subsys3/restart_level u:object_r:sysfs_ssr_toggle:s0 -genfscon sysfs /devices/platform/soc/5c00000.qcom,ssc/subsys4/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/5c00000.qcom,ssc/subsys4/restart_level u:object_r:sysfs_ssr_toggle:s0 -genfscon sysfs /devices/platform/soc/8300000.qcom,turing/subsys5/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/8300000.qcom,turing/subsys5/restart_level u:object_r:sysfs_ssr_toggle:s0 -genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys6/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys6/restart_level u:object_r:sysfs_ssr_toggle:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys7/restart_level u:object_r:sysfs_ssr_toggle:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys8/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /power/rpmh_stats/master_stats u:object_r:sysfs_rpm:s0 +genfscon sysfs /power/system_sleep/stats u:object_r:sysfs_system_sleep_stats:s0 genfscon debugfs /sched_features u:object_r:debugfs_sched_features:s0 genfscon proc /sys/kernel/sched_boost u:object_r:proc_sysctl_schedboost:s0 -genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/idle_state u:object_r:sysfs_graphics:s0 - -#genfscon sysfs /class/devfreq u:object_r:sysfs_devfreq:s0 - -genfscon sysfs /power/rpmh_stats/master_stats u:object_r:sysfs_rpm:s0 -genfscon sysfs /power/system_sleep/stats u:object_r:sysfs_system_sleep_stats:s0 -genfscon sysfs /kernel/wlan/power_stats u:object_r:sysfs_power_stats:s0 +# DT2W +genfscon sysfs /devices/virtual/touch/tp_dev/gesture_on u:object_r:sysfs_tp:s0 diff --git a/sepolicy/vendor/hal_bluetooth.te b/sepolicy/vendor/hal_bluetooth.te deleted file mode 100644 index bfe39d8..0000000 --- a/sepolicy/vendor/hal_bluetooth.te +++ /dev/null @@ -1 +0,0 @@ -allow hal_bluetooth vendor_data_file:file r_file_perms; \ No newline at end of file diff --git a/sepolicy/vendor/hal_bluetooth_qti.te b/sepolicy/vendor/hal_bluetooth_qti.te new file mode 100644 index 0000000..5e2d1c4 --- /dev/null +++ b/sepolicy/vendor/hal_bluetooth_qti.te @@ -0,0 +1,2 @@ +allow hal_bluetooth_qti wifi_vendor_data_file:dir search; +allow hal_bluetooth_qti wifi_vendor_data_file:file r_file_perms; diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te index 9021107..5440c81 100644 --- a/sepolicy/vendor/hal_camera_default.te +++ b/sepolicy/vendor/hal_camera_default.te @@ -1,5 +1,14 @@ -allow hal_camera_default sysfs:file read; -allow hal_camera_default sdcardfs:dir { search }; -allow hal_camera_default sdcardfs:file { rw_file_perms }; -allow hal_camera_default mnt_vendor_file:dir { add_name write }; -allow hal_camera_default mnt_vendor_file:file { create getattr open read write }; +allow hal_camera_default gpu_device:chr_file rw_file_perms; + +allow hal_camera_default remosaic_daemon_service:service_manager find; + +allow hal_camera_default sysfs_kgsl:dir search; +allow hal_camera_default sysfs_kgsl:file r_file_perms; + +allow hal_camera_default sysfs_leds:dir r_dir_perms; +allow hal_camera_default sysfs_leds:file rw_file_perms; +allow hal_camera_default sysfs_leds:lnk_file read; + +userdebug_or_eng(` + get_prop(hal_camera_default, sensors_dbg_prop) +') diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te index 0d42d21..e357ce7 100644 --- a/sepolicy/vendor/hal_fingerprint_default.te +++ b/sepolicy/vendor/hal_fingerprint_default.te @@ -1 +1,15 @@ +allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms; +allow hal_fingerprint_default fingerprint_data_file:dir create_dir_perms; +allow hal_fingerprint_default fingerprint_data_file:file create_file_perms; +allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl; +allow hal_fingerprint_default sysfs_fingerprint:file rw_file_perms; +allow hal_fingerprint_default sysfs_fingerprint:dir r_dir_perms; + allow hal_fingerprint_default tee_device:chr_file rw_file_perms; +allow hal_fingerprint_default uhid_device:chr_file rw_file_perms; + +set_prop(hal_fingerprint_default, vendor_fp_prop) +hal_client_domain(hal_fingerprint_default, hal_perf) + +# Ignore all logging requests +dontaudit hal_fingerprint storage_file:dir search; diff --git a/sepolicy/vendor/hal_gnss_default.te b/sepolicy/vendor/hal_gnss_default.te new file mode 100644 index 0000000..3caa66a --- /dev/null +++ b/sepolicy/vendor/hal_gnss_default.te @@ -0,0 +1,3 @@ +allow hal_gnss_default gps_device:chr_file rw_file_perms; +allow hal_gnss_default location_data_file:dir search; +allow hal_gnss_default sysfs_gps:file rw_file_perms; diff --git a/sepolicy/vendor/hal_light.te b/sepolicy/vendor/hal_light.te deleted file mode 100644 index 530ad70..0000000 --- a/sepolicy/vendor/hal_light.te +++ /dev/null @@ -1 +0,0 @@ -allow hal_light sysfs_oem:file getattr; diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te index 7c7e894..35f68b2 100644 --- a/sepolicy/vendor/hal_sensors_default.te +++ b/sepolicy/vendor/hal_sensors_default.te @@ -1,19 +1,7 @@ -# Allow binder communication with hal_audio_default -binder_call(hal_sensors_default, hal_audio_default) +allow hal_sensors_default mnt_vendor_file:file r_file_perms; -# Allow hal_sensors_default to find hal_graphics_mapper_hwservice -allow hal_sensors_default hal_graphics_mapper_hwservice:hwservice_manager find; - -# Allow hal_sensors_default to read files in mnt_vendor_file -r_dir_file(hal_sensors_default, mnt_vendor_file) - -# Allow hal_sensors_default to read files in sysfs_graphics -r_dir_file(hal_sensors_default, sysfs_graphics) - -# Allow hal_sensors_default to read and write to proc_touchpanel -allow hal_sensors_default proc_touchpanel:dir search; -allow hal_sensors_default proc_touchpanel:file rw_file_perms; - -# Allow hal_sensors_default to read graphics sysfs nodes -r_dir_file(hal_sensors_default, sysfs_graphics) +get_prop(hal_sensors_default, adsprpc_prop) +userdebug_or_eng(` + get_prop(hal_sensors_default, sensors_dbg_prop) +') diff --git a/sepolicy/vendor/hal_usb.te b/sepolicy/vendor/hal_usb.te deleted file mode 100644 index 91e851a..0000000 --- a/sepolicy/vendor/hal_usb.te +++ /dev/null @@ -1,2 +0,0 @@ -# Allow hal_usb to read and write to sysfs_oem -allow hal_usb sysfs_oem:file rw_file_perms; diff --git a/sepolicy/vendor/hal_wifi.te b/sepolicy/vendor/hal_wifi.te deleted file mode 100644 index 5573700..0000000 --- a/sepolicy/vendor/hal_wifi.te +++ /dev/null @@ -1 +0,0 @@ -allow hal_wifi proc_net:file w_file_perms; diff --git a/sepolicy/vendor/hal_wifi_default.te b/sepolicy/vendor/hal_wifi_default.te new file mode 100644 index 0000000..28039f8 --- /dev/null +++ b/sepolicy/vendor/hal_wifi_default.te @@ -0,0 +1 @@ +allow hal_wifi_default proc_net:file rw_file_perms; diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts index 8e793b3..07f335d 100644 --- a/sepolicy/vendor/hwservice_contexts +++ b/sepolicy/vendor/hwservice_contexts @@ -1 +1,8 @@ -vendor.display.color::IDisplayColor u:object_r:hal_display_color_hwservice:s0 +com.fingerprints.extension::IFingerprintEngineering u:object_r:hal_fingerprint_hwservice:s0 +com.fingerprints.extension::IFingerprintSensorTest u:object_r:hal_fingerprint_hwservice:s0 +com.fingerprints.extension::IFingerprintNavigation u:object_r:hal_fingerprint_hwservice:s0 +com.fingerprints.extension::IFingerprintCalibration u:object_r:hal_fingerprint_hwservice:s0 +com.fingerprints.extension::IFingerprintSenseTouch u:object_r:hal_fingerprint_hwservice:s0 +vendor.goodix.hardware.fingerprintextension::IGoodixBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0 +vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_hwservice:s0 +vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonExt u:object_r:hal_fingerprint_hwservice:s0 diff --git a/sepolicy/vendor/iorap_prefetcherd.te b/sepolicy/vendor/iorap_prefetcherd.te deleted file mode 100644 index f3be2b9..0000000 --- a/sepolicy/vendor/iorap_prefetcherd.te +++ /dev/null @@ -1,2 +0,0 @@ -r_dir_file(iorap_prefetcherd, media_rw_data_file) -r_dir_file(iorap_prefetcherd, radio_data_file) diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te deleted file mode 100644 index 9b63aba..0000000 --- a/sepolicy/vendor/kernel.te +++ /dev/null @@ -1,7 +0,0 @@ -allow kernel self:system syslog_read; - -# Allow kernel to read kmsg_device -allow kernel kmsg_device:chr_file r_file_perms; - -# Allow kernel to search in block_device -allow kernel block_device:dir search; diff --git a/sepolicy/vendor/platform_app.te b/sepolicy/vendor/platform_app.te deleted file mode 100644 index a9cd643..0000000 --- a/sepolicy/vendor/platform_app.te +++ /dev/null @@ -1 +0,0 @@ -allow platform_app sysfs_graphics:file r_file_perms; diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te index 8ba3dcb..0f4995d 100644 --- a/sepolicy/vendor/property.te +++ b/sepolicy/vendor/property.te @@ -1,3 +1,7 @@ -type vendor_camera_prop, property_type; -type vendor_power_prop, property_type; type thermal_engine_prop, property_type; + +type vendor_camera_prop, property_type; + +type vendor_fp_prop, property_type; + +type vendor_power_prop, property_type; diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index 88cd761..a2cf2e0 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -4,6 +4,11 @@ persist.camera. u:object_r:camera_prop:s0 persist.vendor.camera. u:object_r:camera_prop:s0 sys.camera. u:object_r:camera_prop:s0 +# Fingerprint +gf.debug.dump_bigdata_data u:object_r:vendor_fp_prop:s0 +vendor.fps_hal. u:object_r:vendor_fp_prop:s0 +persist.vendor.runin.fphwid u:object_r:vendor_fp_prop:s0 + # PowerHAL vendor.powerhal.state u:object_r:vendor_power_prop:s0 vendor.powerhal.audio u:object_r:vendor_power_prop:s0 diff --git a/sepolicy/vendor/qti_init_shell.te b/sepolicy/vendor/qti_init_shell.te deleted file mode 100644 index 8d04ccb..0000000 --- a/sepolicy/vendor/qti_init_shell.te +++ /dev/null @@ -1,2 +0,0 @@ -# Allow qti_init_shell to write to sysfs_scsi_host -allow qti_init_shell sysfs_scsi_host:file w_file_perms; diff --git a/sepolicy/vendor/qtidataservices_app.te b/sepolicy/vendor/qtidataservices_app.te new file mode 100644 index 0000000..3c0385f --- /dev/null +++ b/sepolicy/vendor/qtidataservices_app.te @@ -0,0 +1 @@ +allow qtidataservices_app self:socket create_socket_perms_no_ioctl; diff --git a/sepolicy/vendor/remosaic_daemon.te b/sepolicy/vendor/remosaic_daemon.te new file mode 100644 index 0000000..b70df91 --- /dev/null +++ b/sepolicy/vendor/remosaic_daemon.te @@ -0,0 +1,8 @@ +type remosaic_daemon, domain; +type remosaic_daemon_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(remosaic_daemon) + +vndbinder_use(remosaic_daemon) + +allow remosaic_daemon remosaic_daemon_service:service_manager add; diff --git a/sepolicy/vendor/vndservice.te b/sepolicy/vendor/vndservice.te index d844c2e..b6d0463 100644 --- a/sepolicy/vendor/vndservice.te +++ b/sepolicy/vendor/vndservice.te @@ -1 +1 @@ -type power_stats_service, vndservice_manager_type; +type remosaic_daemon_service, vndservice_manager_type; diff --git a/sepolicy/vendor/vndservice_contexts b/sepolicy/vendor/vndservice_contexts new file mode 100644 index 0000000..2110b4c --- /dev/null +++ b/sepolicy/vendor/vndservice_contexts @@ -0,0 +1 @@ +android.IRemosaicDaemon u:object_r:remosaic_daemon_service:s0