sdm66-common: sepolicy: Fix labeling sysfs nodes for K4.19
- Address more denials and label some new nodes Signed-off-by: OdSazib <odsazib@gmail.com>
This commit is contained in:
OdSazib
parent
4ec9f92ace
commit
5351cc35f9
8 changed files with 55 additions and 38 deletions
|
|
@ -1,3 +1,4 @@
|
|||
# To resolve arbitrary sysfs paths from /sys/class/wakeup/* symlinks.
|
||||
allow system_suspend sysfs_type:dir r_dir_perms;
|
||||
allow system_suspend sysfs_wakeup:file r_file_perms;
|
||||
dontaudit system_suspend sysfs:file r_file_perms;
|
||||
|
|
|
|||
12
sepolicy/vendor/file_contexts
vendored
12
sepolicy/vendor/file_contexts
vendored
|
|
@ -4,7 +4,7 @@
|
|||
# Biometric
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.xiaomi_sdm660 u:object_r:hal_fingerprint_sdm660_exec:s0
|
||||
|
||||
# Biometric
|
||||
# Camera
|
||||
/data/misc/camera u:object_r:camera_data_file:s0
|
||||
|
||||
# blkio
|
||||
|
|
@ -14,9 +14,6 @@
|
|||
# CNE
|
||||
/(vendor|system/vendor)/bin/mutualex u:object_r:vendor_mutualex_exec:s0
|
||||
|
||||
# Debug
|
||||
/sys/kernel/debug/mmc0/mmc0:0001/ext_csd u:object_r:debugfs_mmc:s0
|
||||
|
||||
# Executables
|
||||
/vendor/bin/sh u:object_r:vendor_shell_exec:s0
|
||||
|
||||
|
|
@ -52,8 +49,11 @@
|
|||
/(vendor|system/vendor)/bin/mlipayd@1.1 u:object_r:hal_mlipay_default_exec:s0
|
||||
|
||||
# Notification LED
|
||||
/devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/white/max_brightness u:object_r:sysfs_graphics:s0
|
||||
/devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/white/brightness u:object_r:sysfs_graphics:s0
|
||||
/sys/devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/blue(/.*)? u:object_r:sysfs_graphics:s0
|
||||
/sys/devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/green(/.*)? u:object_r:sysfs_graphics:s0
|
||||
/sys/devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/red(/.*)? u:object_r:sysfs_graphics:s0
|
||||
/sys/devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/white(/.*)? u:object_r:sysfs_graphics:s0
|
||||
/sys/devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d300/leds/flashlight(/.*)? u:object_r:sysfs_graphics:s0
|
||||
|
||||
# Power
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.power-service\.xiaomi_sdm660-libperfmgr u:object_r:hal_power_default_exec:s0
|
||||
|
|
|
|||
10
sepolicy/vendor/genfs_contexts
vendored
10
sepolicy/vendor/genfs_contexts
vendored
|
|
@ -1,7 +1,11 @@
|
|||
# Battery
|
||||
genfscon sysfs /devices/platform/soc/c175000.i2c/i2c-1/1-0062 u:object_r:sysfs_battery_supply:s0
|
||||
genfscon sysfs /devices/platform/soc/c176000.i2c/i2c-2/2-001d u:object_r:sysfs_battery_supply:s0
|
||||
|
||||
# Camera
|
||||
genfscon sysfs /devices/platform/soc/ca0c000.qcom,cci/ca0c000.qcom,cci:qcom,camera@0/video4linux/video2/name u:object_r:sysfs_graphics:s0
|
||||
genfscon sysfs /devices/platform/soc/ca0c000.qcom,cci/ca0c000.qcom,cci:qcom,camera@1/video4linux/video3/name u:object_r:sysfs_graphics:s0
|
||||
genfscon sysfs /devices/platform/soc/ca0c000.qcom,cci/ca0c000.qcom,cci:qcom,camera@2/video4linux/video4/name u:object_r:sysfs_graphics:s0
|
||||
genfscon sysfs /devices/platform/soc/ca0c000.qcom,cci/ca0c000.qcom,cci:qcom,camera@3/video4linux/video5/name u:object_r:sysfs_graphics:s0
|
||||
genfscon sysfs /camera_sensorid/sensorid u:object_r:sysfs_graphics:s0
|
||||
|
||||
|
|
@ -22,6 +26,11 @@ genfscon sysfs /devices/platform/soc/soc:fpc1020/fingerdown_wait
|
|||
genfscon sysfs /devices/platform/soc/soc:fpc1020/irq u:object_r:sysfs_fingerprint:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:fpc1020/irq_enable u:object_r:sysfs_fingerprint:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:fpc1020/wakeup_enable u:object_r:sysfs_fingerprint:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:goodix_fp/device_prepare u:object_r:sysfs_fingerprint:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:goodix_fp/fingerdown_wait u:object_r:sysfs_fingerprint:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:goodix_fp/irq u:object_r:sysfs_fingerprint:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:goodix_fp/irq_enable u:object_r:sysfs_fingerprint:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:goodix_fp/wakeup_enable u:object_r:sysfs_fingerprint:s0
|
||||
|
||||
# Graphics
|
||||
genfscon sysfs /devices/virtual/graphics/fb0 u:object_r:sysfs_graphics:s0
|
||||
|
|
@ -32,6 +41,7 @@ genfscon sysfs /devices/virtual/graphics/fb2
|
|||
genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/button-backlight u:object_r:sysfs_graphics:s0
|
||||
genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/button-backlight1 u:object_r:sysfs_graphics:s0
|
||||
genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/white u:object_r:sysfs_graphics:s0
|
||||
genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d300/leds/flashlight u:object_r:sysfs_graphics:s0
|
||||
|
||||
# Power
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,gpubw u:object_r:sysfs_devfreq:s0
|
||||
|
|
|
|||
3
sepolicy/vendor/hal_power_stats_default.te
vendored
3
sepolicy/vendor/hal_power_stats_default.te
vendored
|
|
@ -1 +1,2 @@
|
|||
allow hal_power_stats_default sysfs:dir read;
|
||||
allow hal_power_stats_default sysfs:dir { open read };
|
||||
allow hal_power_stats_default sysfs:file { open read };
|
||||
|
|
|
|||
1
sepolicy/vendor/init.te
vendored
1
sepolicy/vendor/init.te
vendored
|
|
@ -1,4 +1,5 @@
|
|||
allow init adsprpcd_file:file mounton;
|
||||
allow init apex_metadata_file:lnk_file read;
|
||||
allow init socket_device:sock_file { unlink setattr create };
|
||||
allow init sysfs_graphics:file { read open };
|
||||
allow init sysfs_battery_supply:file setattr;
|
||||
|
|
|
|||
2
sepolicy/vendor/qti_init_shell.te
vendored
2
sepolicy/vendor/qti_init_shell.te
vendored
|
|
@ -1,5 +1,7 @@
|
|||
allow qti_init_shell ctl_start_prop:property_service set;
|
||||
allow qti_init_shell ctl_stop_prop:property_service set;
|
||||
allow qti_init_shell self:perf_event cpu;
|
||||
allow qti_init_shell sysfs:file { setattr write };
|
||||
|
||||
dontaudit qti_init_shell system_prop:property_service set;
|
||||
dontaudit qti_init_shell self:capability { dac_override dac_read_search };
|
||||
|
|
|
|||
1
sepolicy/vendor/ueventd.te
vendored
Normal file
1
sepolicy/vendor/ueventd.te
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
allow ueventd metadata_file:dir search;
|
||||
1
sepolicy/vendor/vendor_init.te
vendored
1
sepolicy/vendor/vendor_init.te
vendored
|
|
@ -1,6 +1,7 @@
|
|||
typeattribute vendor_init data_between_core_and_vendor_violators;
|
||||
|
||||
allow vendor_init {
|
||||
camera_data_file
|
||||
system_data_file
|
||||
tombstone_data_file
|
||||
}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
|
||||
|
|
|
|||
Loading…
Reference in a new issue