sdm660-common: sepolicy: address multiple denials
Signed-off-by: pix106 <sbordenave@gmail.com>
This commit is contained in:
sabarop
pix106
parent
4de8dd15b3
commit
16db6a4456
7 changed files with 12 additions and 0 deletions
2
sepolicy/vendor/gmscore_app.te
vendored
2
sepolicy/vendor/gmscore_app.te
vendored
|
|
@ -6,3 +6,5 @@ allow gmscore_app adsprpcd_file:dir{ search };
|
|||
allow gmscore_app exported_camera_prop:file { read open getattr };
|
||||
allow gmscore_app traced_producer_socket:sock_file { write };
|
||||
allow gmscore_app traced:unix_stream_socket { connectto };
|
||||
allow gmscore_app zygote:unix_stream_socket getopt;
|
||||
|
||||
|
|
|
|||
1
sepolicy/vendor/hal_camera_default.te
vendored
1
sepolicy/vendor/hal_camera_default.te
vendored
|
|
@ -12,6 +12,7 @@ allow hal_camera_default diag_device:chr_file rw_file_perms;
|
|||
allow hal_camera_default mnt_vendor_file:dir search;
|
||||
allow hal_camera_default sysfs:file { getattr open read };
|
||||
allow hal_camera_default self:socket { read write };
|
||||
allow hal_camera_default vendor_default_prop:file read;
|
||||
|
||||
r_dir_file(hal_camera_default, sysfs_kgsl)
|
||||
|
||||
|
|
|
|||
3
sepolicy/vendor/property_contexts
vendored
3
sepolicy/vendor/property_contexts
vendored
|
|
@ -65,6 +65,9 @@ persist.service.folio_daemon u:object_r:system_prop:s0
|
|||
|
||||
# Hardware
|
||||
ro.hardware.chipname u:object_r:exported_default_prop:s0
|
||||
ro.board.variant u:object_r:exported_default_prop:s0
|
||||
ro.hwversion u:object_r:exported_default_prop:s0
|
||||
persist.vendor.slm.enable u:object_r:exported_default_prop:s0
|
||||
|
||||
# Media
|
||||
gpu.stats.debug.level u:object_r:vendor_default_prop:s0
|
||||
|
|
|
|||
1
sepolicy/vendor/ueventd.te
vendored
1
sepolicy/vendor/ueventd.te
vendored
|
|
@ -2,3 +2,4 @@ allow ueventd hall_dev:dir r_dir_perms;
|
|||
allow ueventd hall_dev:file rw_file_perms;
|
||||
allow ueventd hall_dev:lnk_file r_file_perms;
|
||||
allow ueventd metadata_file:dir search;
|
||||
allow ueventd ueventd:capability kill;
|
||||
|
|
|
|||
3
sepolicy/vendor/untrusted_app.te
vendored
Normal file
3
sepolicy/vendor/untrusted_app.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
allow untrusted_app_25 zygote:unix_stream_socket getopt;
|
||||
allow untrusted_app_29 zygote:unix_stream_socket getopt;
|
||||
allow untrusted_app_30 zygote:unix_stream_socket getopt;
|
||||
1
sepolicy/vendor/vendor_init.te
vendored
1
sepolicy/vendor/vendor_init.te
vendored
|
|
@ -10,6 +10,7 @@ allow vendor_init tee_device:chr_file getattr;
|
|||
allow vendor_init persist_file:lnk_file r_file_perms;
|
||||
allow vendor_init proc:file w_file_perms;
|
||||
allow vendor_init proc_sched_energy_aware:file w_file_perms;
|
||||
allow vendor_init cache_file:dir search;
|
||||
|
||||
get_prop(vendor_init, hal_fingerprint_prop)
|
||||
|
||||
|
|
|
|||
1
sepolicy/vendor/wcnss_service.te
vendored
1
sepolicy/vendor/wcnss_service.te
vendored
|
|
@ -3,3 +3,4 @@ allow wcnss_service proc_net:file r_file_perms;
|
|||
allow wcnss_service sysfs:file r_file_perms;
|
||||
allow wcnss_service sysfs_net:dir search;
|
||||
allow wcnss_service vendor_shell_exec:file { x_file_perms execute_no_trans };
|
||||
allow wcnss_service rootfs:dir { read write open };
|
||||
|
|
|
|||
Loading…
Reference in a new issue