MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sdm660: sepolicy: Start Q Bringup

Browse source
This commit is contained in:
Max Weffers 2019-10-01 13:02:00 +02:00
parent f29f40577c
commit f3b7c8bb63
No known key found for this signature in database
GPG key ID: 795F73D22FB93FAE
9 changed files with 5 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
BoardConfigCommon.mk
View file

@ -277,10 +277,9 @@ BOARD_USES_QC_TIME_SERVICES := true
# SELinux
include device/qcom/sepolicy-legacy-um/sepolicy.mk
# BOARD_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor
# BOARD_PLAT_PUBLIC_SEPOLICY_DIR += $(COMMON_PATH)/sepolicy/public
# BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(COMMON_PATH)/sepolicy/private
BOARD_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy-minimal
BOARD_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor
BOARD_PLAT_PUBLIC_SEPOLICY_DIR += $(COMMON_PATH)/sepolicy/public
BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(COMMON_PATH)/sepolicy/private
# Telephony
TARGET_USES_ALTERNATIVE_MANUAL_NETWORK_SELECT := true

4
sepolicy-minimal/file.te
View file

@ -1,4 +0,0 @@
type adsprpcd_file, file_type;
type bt_firmware_file, file_type;
type firmware_file, file_type;
type persist_file, file_type;

5
sepolicy-minimal/file_contexts
View file

@ -1,5 +0,0 @@
# Root Symlinks
/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0
/dsp(/.*)? u:object_r:adsprpcd_file:s0
/firmware(/.*)? u:object_r:firmware_file:s0
/persist(/.*)? u:object_r:persist_file:s0

1
sepolicy/vendor/app.te vendored
View file

@ -1,6 +1,5 @@
# Allow appdomain to get vendor_camera_prop
get_prop(appdomain, vendor_camera_prop)
allow { appdomain -isolated_app } hal_mlipay_hwservice:hwservice_manager find;
binder_call({ appdomain -isolated_app }, hal_mlipay_default)
get_prop({ appdomain -isolated_app }, mlipay_prop)
get_prop({ appdomain -isolated_app }, hal_fingerprint_prop)

1
sepolicy/vendor/hal_camera_default.te vendored
View file

@ -2,7 +2,6 @@ binder_call(hal_camera_default, hal_configstore_default)
binder_call(hal_camera_default, hal_graphics_allocator_default)
typeattribute hal_camera_default data_between_core_and_vendor_violators;
allow hal_camera_default { hal_configstore_ISurfaceFlingerConfigs hal_graphics_allocator_hwservice }:hwservice_manager find;
allow hal_camera_default sysfs:file { getattr open read };
allow hal_camera_default sysfs_kgsl:file { getattr open read };

2
sepolicy/vendor/hwservice.te vendored
View file

@ -1,2 +1,2 @@
type goodixhw_service, hwservice_manager_type;
type hal_mlipay_hwservice, hwservice_manager_type, untrusted_app_visible_hwservice;
type hal_mlipay_hwservice, hwservice_manager_type;

1
sepolicy/vendor/init.te vendored
View file

@ -3,7 +3,6 @@ allow init ipa_dev:chr_file open;
allow init ion_device:chr_file ioctl;
allow init property_socket:sock_file write;
allow init sysfs_dm:file { open write };
allow init tee_device:chr_file { write ioctl };
allow init vendor_default_prop:property_service set;
allow init sysfs_info:file { open read };
allow init sysfs:file setattr;

1
sepolicy/vendor/property.te vendored
View file

@ -2,6 +2,7 @@ type hal_fingerprint_prop, property_type;
type mlipay_prop, property_type;
type vendor_fp_prop, property_type;
type ifaa_prop, property_type;
type vendor_camera_prop, property_type;
# Thermal engine
type thermal_engine_prop, property_type;

1
sepolicy/vendor/system_app.te vendored
View file

@ -1,6 +1,5 @@
allow system_app vendor_default_prop:file { getattr open read };
allow system_app wificond:binder call;
allow system_app hal_mlipay_hwservice:hwservice_manager find;
allow system_app hal_mlipay_default:binder call;
allow system_app kcal_dev:file rw_file_perms;
allow system_app kcal_dev:dir search;