LenovoZ5s/device_lenovo_sdm710-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

kunlun2: Nuke neverallows

Browse source 
for real now
This commit is contained in:
Giammarco Senatore 2021-07-16 18:33:17 +02:00
parent dedb2fbbcc
commit dfbc4aeaba
No known key found for this signature in database
GPG key ID: 661348FC1E144F04
7 changed files with 1 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sepolicy/vendor/hal_bluetooth.te vendored
View file

@ -1 +1 @@
allow hal_bluetooth vendor_data_file:file r_file_perms; allow hal_bluetooth vendor_data_file:file r_file_perms;

2
sepolicy/vendor/hal_camera_default.te vendored
View file

@ -1,7 +1,5 @@
allow hal_camera_default sysfs:file read; allow hal_camera_default sysfs:file read;
allow hal_camera_default sdcardfs:dir { search }; allow hal_camera_default sdcardfs:dir { search };
allow hal_camera_default sdcardfs:file { rw_file_perms }; allow hal_camera_default sdcardfs:file { rw_file_perms };
allow hal_camera_default nfc_data_file: dir { search open};
allow hal_camera_default default_android_hwservice:hwservice_manager find;
allow hal_camera_default mnt_vendor_file:dir { add_name write }; allow hal_camera_default mnt_vendor_file:dir { add_name write };
allow hal_camera_default mnt_vendor_file:file { create getattr open read write }; allow hal_camera_default mnt_vendor_file:file { create getattr open read write };

1
sepolicy/vendor/hal_fingerprint.te vendored
View file

@ -1 +0,0 @@
get_prop(hal_fingerprint, default_prop)

4
sepolicy/vendor/hal_power_default.te vendored
View file

@ -1,9 +1,6 @@
allow hal_power_default debugfs_wlan:dir r_dir_perms; allow hal_power_default debugfs_wlan:dir r_dir_perms;
allow hal_power_default debugfs_wlan:file r_file_perms; allow hal_power_default debugfs_wlan:file r_file_perms;
allow hal_power_default sysfs_graphics:dir search;
allow hal_power_default sysfs_graphics:file r_file_perms;
allow hal_power_default sysfs_rpm:file r_file_perms; allow hal_power_default sysfs_rpm:file r_file_perms;
allow hal_power_default sysfs_system_sleep_stats:file r_file_perms; allow hal_power_default sysfs_system_sleep_stats:file r_file_perms;
@ -22,7 +19,6 @@ allow hal_power_default input_device:chr_file rw_file_perms;
# To get/set powerhal state property # To get/set powerhal state property
set_prop(hal_power_default, vendor_power_prop) set_prop(hal_power_default, vendor_power_prop)
allow hal_power_default system_prop:file r_file_perms;
# Rule for hal_power_default to access graphics composer process # Rule for hal_power_default to access graphics composer process
unix_socket_connect(hal_power_default, pps, hal_graphics_composer_default); unix_socket_connect(hal_power_default, pps, hal_graphics_composer_default);

1
sepolicy/vendor/hwservicemanager.te vendored
View file

@ -1 +0,0 @@
allow hwservicemanager init:binder transfer;

6
sepolicy/vendor/init.te vendored
View file

@ -4,10 +4,4 @@ allow init vendor_file:file mounton;
# Allow init to mount vendor configs # Allow init to mount vendor configs
allow init vendor_configs_file:dir mounton; allow init vendor_configs_file:dir mounton;
# Allow init to chown/chmod on pseudo files in /sys
allow init sysfs_type:file { open read setattr };
# Allow init create cgroups
allow init cgroup:file create;
permissive init; permissive init;

2
sepolicy/vendor/system_server.te vendored
View file

@ -1,2 +0,0 @@
allow system_server default_android_hwservice:hwservice_manager find;
allow system_server init:binder call;