From f614ba1ce686b4f88eaa3ce97b9b822615d8402d Mon Sep 17 00:00:00 2001 From: OdSazib Date: Sat, 31 Oct 2020 18:48:42 +0600 Subject: [PATCH] sdm660-common: Clean up sepolicy for Android 11 checkpolicy: error(s) encountered while parsing configuration Changes in Android 11 * dpmd > vendor_dpmd * persist_camera_prop > vendor_persist_camera_prop * persist_dpm_prop > vendor_persist_dpm_prop Signed-off-by: OdSazib --- sepolicy/private/app.te | 2 +- sepolicy/private/dpmd.te | 2 +- sepolicy/private/system_server.te | 2 +- sepolicy/private/vendor_init.te | 2 +- sepolicy/vendor/vendor_init.te | 38 +++++++++++++++---------------- 5 files changed, 22 insertions(+), 24 deletions(-) diff --git a/sepolicy/private/app.te b/sepolicy/private/app.te index 5cfea1a5..760b53e1 100644 --- a/sepolicy/private/app.te +++ b/sepolicy/private/app.te @@ -1,2 +1,2 @@ # Allow appdomain to get persist_camera_prop -get_prop(appdomain, persist_camera_prop) +get_prop(appdomain, vendor_persist_camera_prop) diff --git a/sepolicy/private/dpmd.te b/sepolicy/private/dpmd.te index 91923585..c9491f84 100644 --- a/sepolicy/private/dpmd.te +++ b/sepolicy/private/dpmd.te @@ -1 +1 @@ -set_prop(dpmd, ctl_stop_prop) +set_prop(vendor_dpmd, ctl_stop_prop) diff --git a/sepolicy/private/system_server.te b/sepolicy/private/system_server.te index 9d2e9395..8f8c524d 100644 --- a/sepolicy/private/system_server.te +++ b/sepolicy/private/system_server.te @@ -1,4 +1,4 @@ binder_call(system_server, folio_daemon) # Allow system_server to set persist_camera_prop -get_prop(system_server, persist_camera_prop) +get_prop(system_server, vendor_persist_camera_prop) diff --git a/sepolicy/private/vendor_init.te b/sepolicy/private/vendor_init.te index 7b44804d..93586398 100644 --- a/sepolicy/private/vendor_init.te +++ b/sepolicy/private/vendor_init.te @@ -1,2 +1,2 @@ # Allow vendor_init to set persist_camera_prop -set_prop(vendor_init, persist_camera_prop) +set_prop(vendor_init, vendor_persist_camera_prop) diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index b996b03d..6a8f7aa6 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -8,29 +8,27 @@ allow vendor_init { camera_data_file }:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom }; -allow vendor_init unlabeled:{ dir file } { getattr relabelfrom }; - -allow vendor_init media_rw_data_file:file { getattr relabelfrom }; - -allow vendor_init rootfs:dir { add_name create setattr write }; -allow vendor_init persist_debug_prop:property_service set; -allow vendor_init persist_debug_prop:file read; -allow vendor_init persist_dpm_prop:property_service set; -allow vendor_init qcom_ims_prop:property_service set; -allow vendor_init thermal_engine_prop:property_service set; -allow vendor_init vendor_ssr_prop:property_service set; -allow vendor_init audio_prop:property_service set; -allow vendor_init vendor_fp_prop:property_service set; -allow vendor_init reschedule_service_prop:property_service set; -allow vendor_init bservice_prop:property_service set; - -allow vendor_init rootfs:dir { add_name write }; -allow vendor_init rootfs:lnk_file setattr; allow vendor_init fingerprint_data_file:dir {setattr create}; - -allow vendor_init blkio_dev:file write; +allow vendor_init media_rw_data_file:file { getattr relabelfrom }; +allow vendor_init persist_debug_prop:file read; +allow vendor_init rootfs:dir { add_name create setattr write }; +allow vendor_init rootfs:lnk_file setattr; +allow vendor_init unlabeled:{ dir file } { getattr relabelfrom }; +allow vendor_init blkio_dev:file { open read write create }; allow vendor_init proc_dirty:file write; +allow vendor_init { + audio_prop + bservice_prop + persist_debug_prop + vendor_persist_dpm_prop + qcom_ims_prop + reschedule_service_prop + thermal_engine_prop + vendor_ssr_prop + vendor_fp_prop +}:property_service set; + set_prop(vendor_init, camera_prop) set_prop(vendor_init, vendor_camera_prop) set_prop(vendor_init, freq_prop)