MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sdm660-common: sepolicy: Adress few denials

Browse source 
Change-Id: I45c7af8087a8495e4e7902d74f7811c2d40f5197
This commit is contained in:
Max Weffers 2020-04-15 17:51:04 +02:00 committed by OdSazib
parent fee506cf0b
commit b0fa4e9f51
No known key found for this signature in database
GPG key ID: CB336514F9F5CF69
9 changed files with 42 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
sepolicy/vendor/device.te vendored
View file

@ -1,2 +1,3 @@
type fingerprint_device, dev_type;
type spidev_device, dev_type;
type blkio_dev, dev_type;

3
sepolicy/vendor/file_contexts vendored
View file

@ -1,6 +1,9 @@
# Biometric
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.xiaomi_sdm660 u:object_r:hal_fingerprint_sdm660_exec:s0
# blkio
/dev/blkio(/.*)? u:object_r:blkio_dev:s0
# Goodix Fingerprint
/data/misc/gf_data(/.*)? u:object_r:fingerprint_data_file:s0
/data/misc/goodix(/.*)? u:object_r:fingerprint_data_file:s0

1
sepolicy/vendor/hal_camera_default.te vendored
View file

@ -11,3 +11,4 @@ allow hal_camera_default camera_data_file:dir w_dir_perms;
allow hal_camera_default camera_data_file:file create_file_perms;
set_prop(hal_camera_default, vendor_camera_prop)
allow hal_camera_default persist_camera_prop:file read;

14
sepolicy/vendor/hal_fingerprint_sdm660.te vendored
View file

@ -21,6 +21,20 @@ allow hal_fingerprint_sdm660 fingerprint_data_file:file rw_file_perms;
allow hal_fingerprint_sdm660 fingerprint_sysfs:file rw_file_perms;
allow hal_fingerprint_sdm660 fingerprint_sysfs:dir r_dir_perms;
allow hal_fingerprint_sdm660 fingerprint_sysfs:lnk_file read;
allow hal_fingerprint_sdm660 sysfs_devfreq:file r_file_perms;
allow hal_fingerprint_sdm660 system_data_file:file r_file_perms;
allow hal_fingerprint_sdm660 sysfs_devfreq:dir search;
allow hal_fingerprint_sdm660 sysfs_sectouch:dir search;
allow hal_fingerprint_sdm660 persist_file:dir r_dir_perms;
allow hal_fingerprint_sdm660 persist_fingerprint_file:file r_file_perms;
allow hal_fingerprint_sdm660 mnt_user_file:dir search;
allow hal_fingerprint_sdm660 mnt_user_file:lnk_file r_file_perms;
allow hal_fingerprint_sdm660 sdcardfs:dir search;
allow hal_fingerprint_sdm660 storage_file:dir search;
allow hal_fingerprint_sdm660 storage_file:lnk_file read;
allow hal_fingerprint_sdm660 hal_perf_hwservice:hwservice_manager find;
allow hal_fingerprint_sdm660 rootfs:dir read;

1
sepolicy/vendor/init.te vendored
View file

@ -7,3 +7,4 @@ allow init vendor_default_prop:property_service set;
allow init sysfs_info:file { open read };
allow init sysfs:file setattr;
allow init persist_block_device:lnk_file relabelto;
allow init sysfs_graphics:file { open write };

1
sepolicy/vendor/system_app.te vendored
View file

@ -9,5 +9,6 @@ allow system_app sysfs_thermal:file rw_file_perms;
allow system_app sysfs_thermal:dir search;
allow system_app sysfs_vibrator:file rw_file_perms;
allow system_app sysfs_vibrator:dir search;
allow system_app sysfs_leds:dir search;
set_prop(system_app, system_prop);

1
sepolicy/vendor/ueventd.te vendored
View file

@ -4,3 +4,4 @@ allow ueventd kcal_dev:lnk_file r_file_perms;
allow ueventd hall_dev:dir r_dir_perms;
allow ueventd hall_dev:file rw_file_perms;
allow ueventd hall_dev:lnk_file r_file_perms;
allow ueventd metadata_file:dir search;

8
sepolicy/vendor/vendor_init.te vendored
View file

@ -14,19 +14,23 @@ allow vendor_init media_rw_data_file:file { getattr relabelfrom };
allow vendor_init rootfs:dir { add_name create setattr write };
allow vendor_init persist_debug_prop:property_service set;
allow vendor_init persist_debug_prop:file read;
allow vendor_init persist_dpm_prop:property_service set;
allow vendor_init qcom_ims_prop:property_service set;
allow vendor_init thermal_engine_prop:property_service set;
allow vendor_init vendor_ssr_prop:property_service set;
allow vendor_init audio_prop:property_service set;
allow vendor_init vendor_fp_prop:property_service set;
allow vendor_init power_prop:property_service set;
allow vendor_init reschedule_service_prop:property_service set;
allow vendor_init bservice_prop:property_service set;
allow vendor_init rootfs:dir { add_name write };
allow vendor_init rootfs:lnk_file setattr;
allow vendor_init fingerprint_data_file:dir setattr;
allow vendor_init fingerprint_data_file:dir {setattr create};
allow vendor_init blkio_dev:file write;
allow vendor_init proc_dirty:file write;
set_prop(vendor_init, camera_prop)
set_prop(vendor_init, vendor_camera_prop)
set_prop(vendor_init, freq_prop)

14
sepolicy/vendor/vendor_toolbox.te vendored
View file

@ -15,6 +15,7 @@ allow vendor_toolbox rootfs:dir r_dir_perms;
allow vendor_toolbox {
mnt_vendor_file
persist_alarm_file
persist_audio_file
persist_block_device
persist_bluetooth_file
persist_bms_file
@ -37,3 +38,16 @@ allow vendor_toolbox {
unlabeled
vendor_persist_mmi_file
}:dir { r_dir_perms setattr getattr};
allow vendor_toolbox {
mnt_vendor_file
persist_alarm_file
persist_audio_file
persist_block_device
persist_bluetooth_file
persist_bms_file
persist_hvdcp_file
persist_time_file
regionalization_file
sensors_persist_file
}:file { getattr};