diff --git a/sepolicy/public/installd.te b/sepolicy/public/installd.te new file mode 100644 index 00000000..7d3b328e --- /dev/null +++ b/sepolicy/public/installd.te @@ -0,0 +1 @@ +allow installd mnt_user_file:dir search; diff --git a/sepolicy/public/platform_app.te b/sepolicy/public/platform_app.te new file mode 100644 index 00000000..a53c3b86 --- /dev/null +++ b/sepolicy/public/platform_app.te @@ -0,0 +1 @@ +get_prop(platform_app, exported_audio_prop) diff --git a/sepolicy/vendor/gmscore_app.te b/sepolicy/vendor/gmscore_app.te index b2b7f71b..72dea290 100644 --- a/sepolicy/vendor/gmscore_app.te +++ b/sepolicy/vendor/gmscore_app.te @@ -1,2 +1,6 @@ binder_call(gmscore_app, hal_memtrack_default); + +allow gmscore_app { firmware_file linkerconfig_file metadata_file postinstall_mnt_dir vendor_firmware_file }:dir getattr; +allow gmscore_app { init_exec persist_file }:lnk_file getattr; + dontaudit gmscore_app { bt_firmware_file firmware_file }:filesystem getattr; diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te index 2aee7b26..67a867d6 100644 --- a/sepolicy/vendor/init.te +++ b/sepolicy/vendor/init.te @@ -2,6 +2,7 @@ allow init adsprpcd_file:file mounton; allow init apex_metadata_file:lnk_file read; allow init socket_device:sock_file { unlink setattr create }; allow init sysfs_graphics:file { read open }; +allow init sysfs_graphics:lnk_file read; allow init sysfs_battery_supply:file setattr; allow init vendor_default_prop:property_service set; diff --git a/sepolicy/vendor/mutalex.te b/sepolicy/vendor/mutalex.te index a94a03a5..3ece089f 100644 --- a/sepolicy/vendor/mutalex.te +++ b/sepolicy/vendor/mutalex.te @@ -4,3 +4,4 @@ type vendor_mutualex_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(vendor_mutualex) allow vendor_mutualex self:socket create_socket_perms_no_ioctl; +allow vendor_mutualex self:qipcrtr_socket create; diff --git a/sepolicy/vendor/ssgtzd.te b/sepolicy/vendor/ssgtzd.te index 15838969..fa4632a1 100644 --- a/sepolicy/vendor/ssgtzd.te +++ b/sepolicy/vendor/ssgtzd.te @@ -1 +1,2 @@ allow ssgtzd self:socket create_socket_perms_no_ioctl; +allow ssgtzd self:qipcrtr_socket create; diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te index 71516fcc..499bf825 100644 --- a/sepolicy/vendor/system_app.te +++ b/sepolicy/vendor/system_app.te @@ -5,6 +5,7 @@ allow system_app proc_vmallocinfo:file read; allow system_app sysfs_vibrator:dir search; allow system_app sysfs_vibrator:file rw_file_perms; allow system_app sysfs_graphics:dir search; +allow system_app sysfs_graphics:file rw_file_perms; allow system_app sysfs_leds:dir search; allow system_app sysfs_fpsinfo:file rw_file_perms; allow system_app sysfs_headphonegain:file rw_file_perms; diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te index 3213cbee..4447e1b7 100644 --- a/sepolicy/vendor/system_server.te +++ b/sepolicy/vendor/system_server.te @@ -4,5 +4,6 @@ get_prop(system_server, vendor_video_prop) allow system_server app_zygote:process getpgid; allow system_server blkio_dev:dir search; allow system_server sysfs_battery_supply:file rw_file_perms; +allow system_server sysfs_rtc:file read; dontaudit system_server sysfs:file { read open getattr }; diff --git a/sepolicy/vendor/tee.te b/sepolicy/vendor/tee.te index 0a124bc7..cb81e66d 100644 --- a/sepolicy/vendor/tee.te +++ b/sepolicy/vendor/tee.te @@ -4,3 +4,4 @@ typeattribute tee data_between_core_and_vendor_violators; allow tee system_data_file:dir r_dir_perms; allow tee fingerprintd_data_file:dir rw_dir_perms; allow tee fingerprintd_data_file:file create_file_perms; +allow tee persist_file:lnk_file r_file_perms; diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index 8253f4d3..688e7088 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -7,6 +7,7 @@ allow vendor_init { }:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom }; allow vendor_init tee_device:chr_file getattr; +allow vendor_init persist_file:lnk_file read; set_prop(vendor_init, camera_prop) set_prop(vendor_init, vendor_freq_prop)