MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sdm660-common: sepolicy: Update sepolicy for 4.19

Browse source
This commit is contained in:
OdSazib 2021-06-27 22:45:59 +06:00
parent 3a1dcd4857
commit 0a263a5716
No known key found for this signature in database
GPG key ID: 41E22825A5BD3496
31 changed files with 53 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
sepolicy/private/system_app.te
View file

@ -1 +1,2 @@
hal_client_domain(system_app, hal_mlipay)
binder_call(system_app, storaged)

1
sepolicy/private/system_suspend.te
View file

@ -1,2 +1,3 @@
# To resolve arbitrary sysfs paths from /sys/class/wakeup/* symlinks.
allow system_suspend sysfs_type:dir r_dir_perms;
dontaudit system_suspend sysfs:file r_file_perms;

1
sepolicy/vendor/adsprpcd.te vendored Normal file
View file

@ -0,0 +1 @@
r_dir_file(adsprpcd, public_adsprpcd_file)

1
sepolicy/vendor/bluetooth.te vendored Normal file
View file

@ -0,0 +1 @@
get_prop(bluetooth, vendor_bluetooth_prop)

3
sepolicy/vendor/cameraserver.te vendored Normal file
View file

@ -0,0 +1,3 @@
binder_call(cameraserver, mediacodec);
get_prop(cameraserver, vendor_persist_camera_prop)
get_prop(cameraserver, vendor_video_prop)

2
sepolicy/vendor/cdsprpcd.te vendored Normal file
View file

@ -0,0 +1,2 @@
r_dir_file(cdsprpcd, public_adsprpcd_file)
allow cdsprpcd xdsp_device:chr_file r_file_perms;

1
sepolicy/vendor/cnd.te vendored Normal file
View file

@ -0,0 +1 @@
add_hwservice(cnd, vendor_hal_slmadapter_hwservice)

3
sepolicy/vendor/file.te vendored
View file

@ -9,6 +9,9 @@ type sysfs_fpsinfo, sysfs_type, fs_type;
type sysfs_headphonegain, sysfs_type, fs_type;
type sysfs_micgain, sysfs_type, fs_type;
# HVDCP
type vendor_sysfs_hvdcp, fs_type, sysfs_type;
# Kcal
type kcal_dev, sysfs_type, fs_type;

6
sepolicy/vendor/file_contexts vendored
View file

@ -25,8 +25,9 @@
/dev/goodix_fp u:object_r:fingerprint_device:s0
# Firmware
/firmware u:object_r:firmware_file:s0
/bt_firmware u:object_r:bt_firmware_file:s0
/firmware(/.*)? u:object_r:firmware_file:s0
/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0
/persist(/.*)? u:object_r:persist_file:s0
# Hexagon DSP-side executable needed for Halide operation
# This is labeled as public_adsprpcd_file as it needs to be read by apps
@ -56,7 +57,6 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service\.mock u:object_r:hal_power_stats_default_exec:s0
# Root files
/persist(/.*)? u:object_r:mnt_vendor_file:s0
/proc/sys/fs/protected_regular u:object_r:proc:s0
# Service HALs

2
sepolicy/vendor/ftrace.te vendored
View file

@ -1,2 +0,0 @@
dontaudit hal_atrace_default debugfs_tracing_debug:file write;
dontaudit traced_probes debugfs_tracing_debug:file read;

2
sepolicy/vendor/genfs_contexts vendored
View file

@ -63,8 +63,6 @@ genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.q
genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:anlg-cdc@f000/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,pm660_rtc/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,usb-pdphy@1700/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qpnp,fg/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/diag/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_aac/wakeup u:object_r:sysfs_wakeup:s0

1
sepolicy/vendor/hal_audio_default.te vendored
View file

@ -1,4 +1,5 @@
allow hal_audio_default audio_socket:sock_file rw_file_perms;
allow hal_audio_default mnt_vendor_file:dir search;
allow hal_audio_default sysfs:dir r_dir_perms;
get_prop(hal_audio_default, dirac_prop)

1
sepolicy/vendor/hal_bootctrl_default.te vendored Normal file
View file

@ -0,0 +1 @@
allow hal_bootctl_default sysfs_dt_firmware_android:dir r_dir_perms;

1
sepolicy/vendor/hal_camera_default.te vendored
View file

@ -1,5 +1,6 @@
hal_client_domain(hal_camera_default, hal_configstore)
hal_client_domain(hal_camera_default, hal_graphics_allocator)
get_prop(hal_camera_default, vendor_camera_prop)
get_prop(hal_camera_default, vendor_video_prop)
allow hal_camera_default sysfs_kgsl:file r_file_perms;

1
sepolicy/vendor/hal_neuralnetworks_default.te vendored Normal file
View file

@ -0,0 +1 @@
r_dir_file(hal_neuralnetworks_default, public_adsprpcd_file)

1
sepolicy/vendor/hal_wifi_hostapd_default.te vendored Normal file
View file

@ -0,0 +1 @@
allow hal_wifi_hostapd_default wifi_vendor_data_file:dir write;

1
sepolicy/vendor/hvdcp.te vendored Normal file
View file

@ -0,0 +1 @@
allow hvdcp vendor_sysfs_hvdcp:file r_file_perms;

1
sepolicy/vendor/hwservice.te vendored
View file

@ -1 +1,2 @@
type hal_mlipay_hwservice, hwservice_manager_type;
type vendor_hal_slmadapter_hwservice, hwservice_manager_type, protected_hwservice;

2
sepolicy/vendor/hwservice_contexts vendored
View file

@ -1,7 +1,9 @@
android.hardware.memtrack::IMemtrack u:object_r:hal_memtrack_hwservice:s0
com.fingerprints.extension::IFingerprintCalibration u:object_r:hal_fingerprint_hwservice:s0
com.fingerprints.extension::IFingerprintEngineering u:object_r:hal_fingerprint_hwservice:s0
com.fingerprints.extension::IFingerprintNavigation u:object_r:hal_fingerprint_hwservice:s0
com.fingerprints.extension::IFingerprintSenseTouch u:object_r:hal_fingerprint_hwservice:s0
com.fingerprints.extension::IFingerprintSensorTest u:object_r:hal_fingerprint_hwservice:s0
vendor.goodix.hardware.fingerprint::IGoodixBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0
vendor.qti.hardware.slmadapter::ISlmAdapter u:object_r:vendor_hal_slmadapter_hwservice:s0
vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0

5
sepolicy/vendor/init.te vendored
View file

@ -3,3 +3,8 @@ allow init socket_device:sock_file { unlink setattr create };
allow init sysfs_graphics:file { read open };
allow init sysfs_battery_supply:file setattr;
allow init vendor_default_prop:property_service set;
allow init {
bt_firmware_file
firmware_file
}:filesystem getattr;

1
sepolicy/vendor/mediaprovider.te vendored Normal file
View file

@ -0,0 +1 @@
binder_call(mediaprovider, gpuservice)

6
sepolicy/vendor/mutalex.te vendored Normal file
View file

@ -0,0 +1,6 @@
type vendor_mutualex, domain;
type vendor_mutualex_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_mutualex)
allow vendor_mutualex self:socket create_socket_perms_no_ioctl;

3
sepolicy/vendor/netmgrd.te vendored
View file

@ -1,2 +1,3 @@
set_prop(netmgrd, vendor_radio_prop)
set_prop(netmgrd, vendor_data_ko_prop)
set_prop(netmgrd, vendor_data_qmipriod_prop)
set_prop(netmgrd, vendor_radio_prop)

2
sepolicy/vendor/property.te vendored
View file

@ -1,6 +1,8 @@
type hal_fingerprint_prop, property_type;
type mlipay_prop, property_type;
vendor_restricted_prop(vendor_camera_prop);
# Dirac
type dirac_prop, property_type;

3
sepolicy/vendor/property_contexts vendored
View file

@ -51,9 +51,6 @@ vendor.powerhal.dalvik. u:object_r:vendor_power_prop:s0
# RIL
ro.build.software.version u:object_r:exported_radio_prop:s0
ro.product.mod_device u:object_r:exported_radio_prop:s0
persist.vendor.data.offload_ko_load u:object_r:vendor_radio_prop:s0
persist.vendor.data.shsusr_load u:object_r:vendor_radio_prop:s0
persist.vendor.data.qmipriod_load u:object_r:vendor_radio_prop:s0
# Thermal engine
vendor.thermal.config u:object_r:vendor_thermal_prop:s0

1
sepolicy/vendor/ssgtzd.te vendored Normal file
View file

@ -0,0 +1 @@
allow ssgtzd self:socket create_socket_perms_no_ioctl;

2
sepolicy/vendor/system_app.te vendored
View file

@ -10,5 +10,7 @@ allow system_app sysfs_fpsinfo:file rw_file_perms;
allow system_app sysfs_headphonegain:file rw_file_perms;
allow system_app sysfs_micgain:file rw_file_perms;
allow system_app sysfs_zram:dir search;
allow system_app sysfs_zram:file r_file_perms;
get_prop(system_app, system_prop);
set_prop(system_app, system_prop);

1
sepolicy/vendor/system_server.te vendored
View file

@ -1,5 +1,6 @@
get_prop(system_server, userspace_reboot_exported_prop)
allow system_server app_zygote:process getpgid;
allow system_server blkio_dev:dir search;
allow system_server sysfs_battery_supply:file rw_file_perms;

3
sepolicy/vendor/thermal-engine.te vendored
View file

@ -2,7 +2,8 @@ allow thermal-engine thermal_data_file:dir rw_dir_perms;
allow thermal-engine thermal_data_file:file create_file_perms;
allow thermal-engine sysfs:dir r_dir_perms;
allow thermal-engine self:capability { chown fowner };
dontaudit thermal-engine self:capability dac_override;
set_prop(thermal-engine, vendor_thermal_prop);
r_dir_file(thermal-engine, sysfs_thermal)
dontaudit thermal-engine self:capability dac_override;

2
sepolicy/vendor/vendor_init.te vendored
View file

@ -5,6 +5,8 @@ allow vendor_init {
tombstone_data_file
}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
allow vendor_init tee_device:chr_file getattr;
set_prop(vendor_init, camera_prop)
set_prop(vendor_init, vendor_freq_prop)
set_prop(vendor_init, vendor_power_prop)

6
sepolicy/vendor/wcnss_service.te vendored
View file

@ -1,3 +1,5 @@
allow wcnss_service sysfs:file { read open };
allow wcnss_service kmsg_device:chr_file w_file_perms;
allow wcnss_service proc_net:file r_file_perms;
allow wcnss_service sysfs:file r_file_perms;
allow wcnss_service sysfs_net:dir search;
allow wcnss_service vendor_shell_exec:file execute_no_trans;
allow wcnss_service vendor_shell_exec:file x_file_perms;