MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sdm660-common: sepolicy: Address some denials

Browse source 
Change-Id: Iaba642838e51a2c39c2961e30456148f9794f60e
This commit is contained in:
Max Weffers 2020-05-12 16:45:35 +02:00 committed by OdSazib
parent 06e3d383a2
commit 880ca53df2
No known key found for this signature in database
GPG key ID: CB336514F9F5CF69
5 changed files with 27 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
sepolicy/vendor/genfs_contexts vendored
View file

@ -1,6 +1,28 @@
# Battery
genfscon sysfs /devices/soc/c176000.i2c/i2c-2/2-001d u:object_r:sysfs_battery_supply:s0
# Fingerprint
genfscon sysfs /devices/soc/soc:fingerprint_fpc/device_prepare u:object_r:fingerprint_sysfs:s0
genfscon sysfs /devices/soc/soc:fingerprint_fpc/fingerdown_wait u:object_r:fingerprint_sysfs:s0
genfscon sysfs /devices/soc/soc:fingerprint_fpc/irq u:object_r:fingerprint_sysfs:s0
genfscon sysfs /devices/soc/soc:fingerprint_fpc/irq_enable u:object_r:fingerprint_sysfs:s0
genfscon sysfs /devices/soc/soc:fingerprint_fpc/wakeup_enable u:object_r:fingerprint_sysfs:s0
genfscon sysfs /devices/soc/soc:fpc1020/device_prepare u:object_r:fingerprint_sysfs:s0
genfscon sysfs /devices/soc/soc:fpc1020/fingerdown_wait u:object_r:fingerprint_sysfs:s0
genfscon sysfs /devices/soc/soc:fpc1020/irq u:object_r:fingerprint_sysfs:s0
genfscon sysfs /devices/soc/soc:fpc1020/irq_enable u:object_r:fingerprint_sysfs:s0
genfscon sysfs /devices/soc/soc:fpc1020/wakeup_enable u:object_r:fingerprint_sysfs:s0
# Graphics
genfscon sysfs /devices/virtual/graphics/fb0 u:object_r:sysfs_graphics:s0
genfscon sysfs /devices/virtual/graphics/fb1 u:object_r:sysfs_graphics:s0
genfscon sysfs /devices/virtual/graphics/fb2 u:object_r:sysfs_graphics:s0
genfscon sysfs /devices/virtual/graphics/fb3 u:object_r:sysfs_graphics:s0
# Camera
genfscon sysfs /devices/soc/ca0c000.qcom,cci/ca0c000.qcom,cci:qcom,camera@3/video4linux/video5/name u:object_r:sysfs_graphics:s0
genfscon sysfs /camera_sensorid/sensorid u:object_r:sysfs_graphics:s0
# RTC
genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,pm660_rtc/rtc u:object_r:sysfs_rtc:s0

2
sepolicy/vendor/hal_camera_default.te vendored
View file

@ -3,7 +3,7 @@ binder_call(hal_camera_default, hal_graphics_allocator_default)
typeattribute hal_camera_default data_between_core_and_vendor_violators;
allow hal_camera_default sysfs:file { getattr open read };
allow hal_camera_default sysfs_kgsl:file { getattr open read };
allow hal_camera_default sysfs_kgsl:file r_file_perms;
allow hal_camera_default media_rw_data_file:file { getattr };

1
sepolicy/vendor/hal_sensors_default.te vendored
View file

@ -1,2 +1,3 @@
allow hal_sensors_default sysfs:file { read open };
allow hal_sensors_default sysfs_info:file { read write };
set_prop(hal_sensors_default, camera_prop)

1
sepolicy/vendor/property_contexts vendored
View file

@ -14,6 +14,7 @@ cpp.set.clock u:object_r:camera_prop:s0
disable.cpp.power.collapse u:object_r:camera_prop:s0
persist.camera. u:object_r:camera_prop:s0
persist.vendor.camera. u:object_r:vendor_camera_prop:s0
vendor.camera.eis.gyro_name u:object_r:vendor_camera_prop:s0
# Fingerprint
gf.debug.dump_data u:object_r:vendor_fp_prop:s0

2
sepolicy/vendor/vendor_init.te vendored
View file

@ -30,3 +30,5 @@ allow vendor_init rootfs:lnk_file setattr;
allow vendor_init fingerprint_data_file:dir setattr;
set_prop(vendor_init, camera_prop)
set_prop(vendor_init, vendor_camera_prop)
set_prop(vendor_init, freq_prop)
set_prop(vendor_init, fm_prop)