diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc index 42a1450..e141e4f 100644 --- a/rootdir/etc/init.qcom.rc +++ b/rootdir/etc/init.qcom.rc @@ -350,7 +350,6 @@ on post-fs-data chown system system /sys/devices/platform/msm_sdcc.4/polling #Create the symlink to qcn wpa_supplicant folder for ar6000 wpa_supplicant - mkdir /data/system 0775 system system #symlink /data/misc/wifi/wpa_supplicant /data/system/wpa_supplicant #Create directories for Location services diff --git a/sepolicy/vendor/binderfs.te b/sepolicy/vendor/binderfs.te deleted file mode 100644 index 549c466..0000000 --- a/sepolicy/vendor/binderfs.te +++ /dev/null @@ -1,4 +0,0 @@ -# REVERT ME: make binderfs permissive -userdebug_or_eng(` - permissive binderfs; -') diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index d503fd0..6925cbf 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -8,10 +8,5 @@ type sysfs_system_sleep_stats, sysfs_type, fs_type; type sysfs_rpm, sysfs_type, fs_type; type sysfs_power_stats, sysfs_type, fs_type; type sysfs_tp, fs_type, sysfs_type; -#type sysfs_ssr, sysfs_type, fs_type; -#type sysfs_ssr_toggle, sysfs_type, fs_type; -#type sysfs_devfreq, sysfs_type, fs_type; -#type sysfs_kgsl, sysfs_type, fs_type; -#type sysfs_scsi_devices, sysfs_type, fs_type; -type debugfs_wlan, debugfs_type, fs_type; +type proc_sysctl_schedboost, proc_type, fs_type; type debugfs_sched_features, debugfs_type, fs_type; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index ebed4d5..d4d9328 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -7,8 +7,9 @@ /data/display(/.*)? u:object_r:display_data_file:s0 # Custom HALs -/vendor/bin/hw/android\.hardware\.light@2\.0-service u:object_r:hal_light_default_exec:s0 +/vendor/bin/hw/android\.hardware\.light@2\.0-service\.lenovo_kunlun2 u:object_r:hal_light_default_exec:s0 /vendor/bin/hw/android\.hardware\.power-service\.lenovo u:object_r:hal_power_default_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-fpcservice u:object_r:hal_fingerprint_default_exec:s0 # Touch /sys/class/touch/tp_dev/gesture_on u:object_r:sysfs_tp:s0 diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index 7ed9dbb..70ca531 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -20,8 +20,8 @@ genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys6/restart_level u:ob genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys7/restart_level u:object_r:sysfs_ssr_toggle:s0 genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys8/restart_level u:object_r:sysfs_ssr_toggle:s0 -genfscon debugfs /wlan0 u:object_r:debugfs_wlan:s0 genfscon debugfs /sched_features u:object_r:debugfs_sched_features:s0 +genfscon proc /sys/kernel/sched_boost u:object_r:proc_sysctl_schedboost:s0 genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/idle_state u:object_r:sysfs_graphics:s0 diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te index 8d42a02..43852af 100644 --- a/sepolicy/vendor/hal_audio_default.te +++ b/sepolicy/vendor/hal_audio_default.te @@ -1,14 +1,3 @@ -# Allow access to the HALs -hal_client_domain(hal_audio_default, hal_sensors) +allow hal_audio_default mnt_vendor_file:dir search; -# Allow binder communication with hal_sensors_default -binder_call(hal_audio_default, hal_sensors_default) - -# Allow hal_audio_default to find hal_sensors_hwservice -allow hal_audio_default hal_sensors_hwservice:hwservice_manager find; - -# Allow hal_audio_default to read audio_device -allow hal_audio_default audio_device:dir r_dir_perms; - -# Allow hal_audio_default to read files in mnt_vendor_file -r_dir_file(hal_audio_default, mnt_vendor_file) +set_prop(hal_audio_default, vendor_audio_prop) diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te new file mode 100644 index 0000000..0d42d21 --- /dev/null +++ b/sepolicy/vendor/hal_fingerprint_default.te @@ -0,0 +1 @@ +allow hal_fingerprint_default tee_device:chr_file rw_file_perms; diff --git a/sepolicy/vendor/hal_power_default.te b/sepolicy/vendor/hal_power_default.te index e189f49..61cd2c5 100644 --- a/sepolicy/vendor/hal_power_default.te +++ b/sepolicy/vendor/hal_power_default.te @@ -1,24 +1,27 @@ -allow hal_power_default debugfs_wlan:dir r_dir_perms; -allow hal_power_default debugfs_wlan:file r_file_perms; +allow hal_power_default input_device:dir r_dir_perms; +allow hal_power_default input_device:chr_file rw_file_perms; -allow hal_power_default sysfs_rpm:file r_file_perms; -allow hal_power_default sysfs_system_sleep_stats:file r_file_perms; +allow hal_power_default sysfs_graphics:dir search; +allow hal_power_default sysfs_graphics:file r_file_perms; -r_dir_file(hal_power_default, sysfs_tp) -allow hal_power_default sysfs_tp:file write; +allow hal_power_default sysfs_kgsl:lnk_file rw_file_perms; +allow hal_power_default sysfs_kgsl:file rw_file_perms; +allow hal_power_default sysfs_devfreq:dir search; +allow hal_power_default sysfs_devfreq:file rw_file_perms; # To do powerhint on nodes defined in powerhint.json -allow hal_power_default sysfs_devfreq:dir search; -allow hal_power_default sysfs_devfreq:{ file lnk_file } rw_file_perms; -allow hal_power_default sysfs_kgsl:dir search; -allow hal_power_default sysfs_kgsl:{ file lnk_file } rw_file_perms; allow hal_power_default sysfs_msm_subsys:dir search; allow hal_power_default sysfs_msm_subsys:file rw_file_perms; allow hal_power_default sysfs_devices_system_cpu:file rw_file_perms; allow hal_power_default device_latency:chr_file rw_file_perms; +allow hal_power_default cgroup:dir search; +allow hal_power_default cgroup:file rw_file_perms; +allow hal_power_default debugfs_sched_features:file rw_file_perms; +allow hal_power_default proc_sysctl_schedboost:file rw_file_perms; -allow hal_power_default input_device:dir r_dir_perms; -allow hal_power_default input_device:chr_file rw_file_perms; +# Allow power hal to talk to mm-pp-daemon to control display lpm +allow hal_power_default mm-pp-daemon:unix_stream_socket connectto; +allow hal_power_default pps_socket:sock_file write; # To get/set powerhal state property set_prop(hal_power_default, vendor_power_prop) @@ -26,6 +29,5 @@ set_prop(hal_power_default, vendor_power_prop) # Rule for hal_power_default to access graphics composer process unix_socket_connect(hal_power_default, pps, hal_graphics_composer_default); -# Allow powerhal trigger dt2w node -allow hal_power_default proc_touchpanel:dir search; -allow hal_power_default proc_touchpanel:file r_file_perms; +r_dir_file(hal_power_default, sysfs_tp) +allow hal_power_default sysfs_tp:file write; diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te index cfbffe7..9a42435 100644 --- a/sepolicy/vendor/init.te +++ b/sepolicy/vendor/init.te @@ -1,7 +1,3 @@ -# Allow init to mount wlan kernel module -allow init vendor_file:file mounton; - -# Allow init to mount vendor configs -allow init vendor_configs_file:dir mounton; - -permissive init; +allow init self:netlink_route_socket rw_socket_perms_no_ioctl; +allow init self:rawip_socket create_socket_perms_no_ioctl; +allow init socket_device:sock_file { unlink setattr create }; diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te index f63437e..8ba3dcb 100644 --- a/sepolicy/vendor/property.te +++ b/sepolicy/vendor/property.te @@ -1,6 +1,3 @@ type vendor_camera_prop, property_type; -#type camera_prop, property_type; -#type vendor_display_prop, property_type; -#type vendor_audio_prop, property_type; type vendor_power_prop, property_type; type thermal_engine_prop, property_type; diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index 001058f..88cd761 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -1,17 +1,16 @@ -audio. u:object_r:vendor_audio_prop:s0 -persist.audio u:object_r:vendor_audio_prop:s0 -persist.speaker u:object_r:vendor_audio_prop:s0 +# Camera +camera. u:object_r:camera_prop:s0 +persist.camera. u:object_r:camera_prop:s0 +persist.vendor.camera. u:object_r:camera_prop:s0 +sys.camera. u:object_r:camera_prop:s0 -#Camera -persist.camera. u:object_r:camera_prop:s0 -ro.camera. u:object_r:camera_prop:s0 - -# Powerhal +# PowerHAL vendor.powerhal.state u:object_r:vendor_power_prop:s0 vendor.powerhal.audio u:object_r:vendor_power_prop:s0 vendor.powerhal.lpm u:object_r:vendor_power_prop:s0 vendor.powerhal.init u:object_r:vendor_power_prop:s0 vendor.powerhal.rendering u:object_r:vendor_power_prop:s0 +vendor.powerhal.dalvik. u:object_r:vendor_power_prop:s0 # Thermal persist.sys.thermal. u:object_r:thermal_engine_prop:s0 diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index c473ea2..40ad03d 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -1,16 +1,8 @@ -permissive vendor_init; - -#type qti_init_shell_exec, exec_type, vendor_file_type,file_type; - -# Allow vendor_init to set public_vendor_default_prop -set_prop(vendor_init, public_vendor_default_prop) -typeattribute vendor_init data_between_core_and_vendor_violators; +set_prop(vendor_init, vendor_power_prop) +set_prop(vendor_init, freq_prop) # Allow vendor_init to write to sysfs_ssr_toggl allow vendor_init sysfs_ssr_toggle:file w_file_perms; -# Allow vendor_init to check encryption status of system_data_file -allow vendor_init system_data_file:dir { ioctl open read setattr }; - -# Allow vendor_init to set vendor_camera_prop -set_prop(vendor_init, vendor_camera_prop) +# Allow vendor_init to enable/disable sched_boost +allow vendor_init proc_sysctl_schedboost:file rw_file_perms; diff --git a/sepolicy/vendor/vold.te b/sepolicy/vendor/vold.te new file mode 100644 index 0000000..4010486 --- /dev/null +++ b/sepolicy/vendor/vold.te @@ -0,0 +1 @@ +allow vold sysfs_mmc_host:file rw_file_perms;