mirror of
https://github.com/PixelExperience-Devices/device_xiaomi_sm6250-common.git
synced 2025-05-03 20:37:17 +09:00
sm6250-common: Enforcing bring up for R
sm6250-common: Label Light & Perf HALs sm6250-common: Add Sensor Service to Manifest sm6250-common: Disable APEXes sm6250-common: Revert "Introduce 'SafailNet'" sm6250-common: Address FP HAL Denials sm6250-common: Merge Erfan Fingerprint Sepolicy Co-authored-by: Erfan Abdi <erfangplus@gmail.com> Co-authored-by: Volodymyr Zhdanov <wight554@gmail.com> Co-authored-by: Cosmin Tanislav <demonsingur@gmail.com>
This commit is contained in:
Ramii Ahmed
parent
76189fe02f
commit
9b4ea92198
@ -102,7 +102,6 @@ BOARD_KERNEL_CMDLINE += msm_rtb.filter=0x237
|
||||
BOARD_KERNEL_CMDLINE += service_locator.enable=1
|
||||
BOARD_KERNEL_CMDLINE += swiotlb=1
|
||||
BOARD_KERNEL_CMDLINE += video=vfb:640x400,bpp=32,memsize=3072000
|
||||
BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive
|
||||
|
||||
# HIDL
|
||||
DEVICE_MANIFEST_FILE := $(COMMON_PATH)/manifest.xml
|
||||
|
||||
@ -10,9 +10,6 @@ $(call inherit-product, $(SRC_TARGET_DIR)/product/full_base_telephony.mk)
|
||||
# Inherit proprietary targets
|
||||
$(call inherit-product-if-exists, vendor/xiaomi/sm6250-common/sm6250-common-vendor.mk)
|
||||
|
||||
# Enable updating of APEXes
|
||||
$(call inherit-product, $(SRC_TARGET_DIR)/product/updatable_apex.mk)
|
||||
|
||||
# Setup dalvik vm configs
|
||||
$(call inherit-product, frameworks/native/build/phone-xhdpi-4096-dalvik-heap.mk)
|
||||
|
||||
@ -199,8 +196,7 @@ PRODUCT_PACKAGES += \
|
||||
PRODUCT_COPY_FILES += \
|
||||
$(LOCAL_PATH)/rootdir/etc/init.qcom.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.qcom.rc \
|
||||
$(LOCAL_PATH)/rootdir/etc/init.qcom.usb.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.qcom.usb.rc \
|
||||
$(LOCAL_PATH)/rootdir/etc/init.target.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.target.rc \
|
||||
$(LOCAL_PATH)/rootdir/etc/init.safailnet.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.safailnet.rc
|
||||
$(LOCAL_PATH)/rootdir/etc/init.target.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.target.rc
|
||||
|
||||
PRODUCT_COPY_FILES += \
|
||||
$(LOCAL_PATH)/rootdir/bin/init.qcom.post_boot.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.qcom.post_boot.sh \
|
||||
|
||||
15
manifest.xml
15
manifest.xml
@ -481,12 +481,12 @@
|
||||
<hal format="hidl">
|
||||
<name>vendor.qti.hardware.perf</name>
|
||||
<transport>hwbinder</transport>
|
||||
<version>2.0</version>
|
||||
<version>2.2</version>
|
||||
<interface>
|
||||
<name>IPerf</name>
|
||||
<instance>default</instance>
|
||||
</interface>
|
||||
<fqname>@2.0::IPerf/default</fqname>
|
||||
<fqname>@2.2::IPerf/default</fqname>
|
||||
</hal>
|
||||
<hal format="hidl">
|
||||
<name>vendor.qti.hardware.qdutils_disp</name>
|
||||
@ -687,6 +687,17 @@
|
||||
</interface>
|
||||
<fqname>@1.0::ITuiComm/default</fqname>
|
||||
</hal>
|
||||
<hal format="hidl">
|
||||
<name>android.frameworks.sensorservice</name>
|
||||
<transport>hwbinder</transport>
|
||||
<version>1.0</version>
|
||||
<interface>
|
||||
<name>ISensors</name>
|
||||
<instance>default</instance>
|
||||
</interface>
|
||||
<fqname>@1.0::ISensors/default</fqname>
|
||||
<fqname>@1.0::ISensorManager/default</fqname>
|
||||
</hal>
|
||||
<hal format="hidl">
|
||||
<name>vendor.qti.hardware.wifidisplaysession</name>
|
||||
<transport>hwbinder</transport>
|
||||
|
||||
@ -28,7 +28,6 @@
|
||||
import /vendor/etc/init/hw/init.qcom.usb.rc
|
||||
import /vendor/etc/init/hw/init.target.rc
|
||||
import /vendor/etc/init/hw/init.device.rc
|
||||
import /vendor/etc/init/hw/init.safailnet.rc
|
||||
|
||||
on early-init
|
||||
mount debugfs debugfs /sys/kernel/debug
|
||||
|
||||
@ -1,8 +0,0 @@
|
||||
# Safetynet bypass
|
||||
# Inspired in magisk source code, by topjohnwu
|
||||
# Ported to ramdisk by jhenrique09
|
||||
|
||||
on boot
|
||||
# selinux nodes, hide permissive state
|
||||
chmod 0640 /sys/fs/selinux/enforce
|
||||
chmod 0440 /sys/fs/selinux/policy
|
||||
1
sepolicy/private/fsck.te
Normal file
1
sepolicy/private/fsck.te
Normal file
@ -0,0 +1 @@
|
||||
dontaudit fsck self:capability kill;
|
||||
1
sepolicy/private/linkerconfig.te
Normal file
1
sepolicy/private/linkerconfig.te
Normal file
@ -0,0 +1 @@
|
||||
dontaudit linkerconfig self:capability kill;
|
||||
2
sepolicy/private/system_suspend.te
Normal file
2
sepolicy/private/system_suspend.te
Normal file
@ -0,0 +1,2 @@
|
||||
allow system_suspend sysfs:dir { open read };
|
||||
dontaudit system_suspend sysfs:file { getattr open read };
|
||||
1
sepolicy/private/vdc.te
Normal file
1
sepolicy/private/vdc.te
Normal file
@ -0,0 +1 @@
|
||||
dontaudit vdc self:capability kill;
|
||||
4
sepolicy/vendor/battery.te
vendored
4
sepolicy/vendor/battery.te
vendored
@ -21,7 +21,6 @@ r_dir_file(battery_daemons, vendor_sysfs_usbpd_device)
|
||||
|
||||
allow battery_daemons persist_subsys_file:dir w_dir_perms;
|
||||
allow battery_daemons rootfs:dir w_dir_perms;
|
||||
|
||||
allow battery_daemons kmsg_device:chr_file w_file_perms;
|
||||
allow battery_daemons persist_subsys_file:file w_file_perms;
|
||||
allow battery_daemons sysfs:file w_file_perms;
|
||||
@ -29,12 +28,9 @@ allow battery_daemons vendor_sysfs_battery_supply:file w_file_perms;
|
||||
allow battery_daemons sysfs_usb:file w_file_perms;
|
||||
allow battery_daemons vendor_sysfs_usb_supply:file w_file_perms;
|
||||
allow battery_daemons vendor_sysfs_usbpd_device:file w_file_perms;
|
||||
|
||||
allow battery_daemons self:global_capability_class_set sys_tty_config;
|
||||
allow battery_daemons self:global_capability_class_set sys_boot;
|
||||
|
||||
allow battery_daemons self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
||||
|
||||
allow battery_daemons self:capability { chown fsetid };
|
||||
|
||||
wakelock_use(battery_daemons)
|
||||
|
||||
2
sepolicy/vendor/device.te
vendored
Normal file
2
sepolicy/vendor/device.te
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
type fingerprint_device, dev_type;
|
||||
type spidev_device, dev_type;
|
||||
20
sepolicy/vendor/file_contexts
vendored
20
sepolicy/vendor/file_contexts
vendored
@ -3,8 +3,26 @@
|
||||
/vendor/bin/batterysecret u:object_r:batterysecret_exec:s0
|
||||
/mnt/vendor/persist/subsys(/.*)? u:object_r:persist_subsys_file:s0
|
||||
|
||||
# Biometric
|
||||
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.xiaomi_sm6250 u:object_r:hal_fingerprint_default_exec:s0
|
||||
|
||||
# Fingerprint
|
||||
/vendor/bin/hw/android\.hardware\.fingerprint@2\.1-service\.xiaomi_sm6250 u:object_r:hal_fingerprint_default_exec:s0
|
||||
/data/gf_data(/.*)? u:object_r:fingerprintd_data_file:s0
|
||||
/data/vendor/fpc(/.*)? u:object_r:fingerprint_vendor_data_file:s0
|
||||
/data/vendor/gf_data(/.*)? u:object_r:fingerprint_vendor_data_file:s0
|
||||
/data/vendor/goodix(/.*)? u:object_r:fingerprint_vendor_data_file:s0
|
||||
/dev/goodix_fp u:object_r:fingerprint_device:s0
|
||||
|
||||
# IR
|
||||
/dev/lirc0 u:object_r:spidev_device:s0
|
||||
/dev/spidev7.1 u:object_r:spidev_device:s0
|
||||
/dev/spidev0.1 u:object_r:spidev_device:s0
|
||||
|
||||
#Light
|
||||
/vendor/bin/hw/android\.hardware\.light@2\.0-service\.xiaomi_sm6250 u:object_r:hal_light_default_exec:s0
|
||||
|
||||
#Perf
|
||||
/vendor/bin/hw/vendor\.qti\.hardware\.perf@2\.2-service\.xiaomi_sm6250 u:object_r:same_process_hal_file:s0
|
||||
|
||||
# Power HAL
|
||||
/vendor/bin/hw/android\.hardware\.power@1\.3-service\.xiaomi_sm6250 u:object_r:hal_power_default_exec:s0
|
||||
|
||||
26
sepolicy/vendor/hal_fingerprint_default.te
vendored
Normal file
26
sepolicy/vendor/hal_fingerprint_default.te
vendored
Normal file
@ -0,0 +1,26 @@
|
||||
hal_server_domain(hal_fingerprint_default, hal_fingerprint)
|
||||
init_daemon_domain(hal_fingerprint_default)
|
||||
|
||||
# access to /data/system/users/[0-9]+/fpdata
|
||||
allow hal_fingerprint_default fingerprintd_data_file:dir rw_dir_perms;
|
||||
allow hal_fingerprint_default fingerprintd_data_file:file create_file_perms;
|
||||
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
|
||||
allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find;
|
||||
allow hal_fingerprint_default vendor_sysfs_fps_attr:file { open read write };
|
||||
allow hal_fingerprint_default property_socket:sock_file write;
|
||||
allow hal_fingerprint_default init:unix_stream_socket connectto;
|
||||
|
||||
allow hal_fingerprint_default {
|
||||
fingerprint_device
|
||||
tee_device
|
||||
uhid_device
|
||||
}:chr_file rw_file_perms;
|
||||
|
||||
# TODO(b/36644492): Remove data_between_core_and_vendor_violators once
|
||||
# hal_fingerprint no longer directly accesses fingerprintd_data_file.
|
||||
typeattribute hal_fingerprint_default data_between_core_and_vendor_violators;
|
||||
binder_call(hal_fingerprint_default, hal_perf_default)
|
||||
r_dir_file(hal_fingerprint_default, firmware_file)
|
||||
set_prop(hal_fingerprint_default, hal_fingerprint_prop)
|
||||
dontaudit hal_fingerprint_default storage_file:dir search;
|
||||
|
||||
1
sepolicy/vendor/hal_health_default.te
vendored
Normal file
1
sepolicy/vendor/hal_health_default.te
vendored
Normal file
@ -0,0 +1 @@
|
||||
allow hal_health_default sysfs:file read;
|
||||
2
sepolicy/vendor/hal_ir_default.te
vendored
Normal file
2
sepolicy/vendor/hal_ir_default.te
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
get_prop(hal_ir_default, lirc_prop)
|
||||
allow hal_ir_default spidev_device:chr_file rw_file_perms;
|
||||
1
sepolicy/vendor/hal_light_default.te
vendored
Normal file
1
sepolicy/vendor/hal_light_default.te
vendored
Normal file
@ -0,0 +1 @@
|
||||
allow hal_light_default sysfs:file { open write getattr };
|
||||
1
sepolicy/vendor/hal_sensors_default.te
vendored
Normal file
1
sepolicy/vendor/hal_sensors_default.te
vendored
Normal file
@ -0,0 +1 @@
|
||||
set_prop(hal_sensors_default, vendor_camera_prop)
|
||||
2
sepolicy/vendor/hwservice_contexts
vendored
Normal file
2
sepolicy/vendor/hwservice_contexts
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
vendor.goodix.hardware.fingerprint::IGoodixBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0
|
||||
vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0
|
||||
4
sepolicy/vendor/property.te
vendored
Normal file
4
sepolicy/vendor/property.te
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
type hal_fingerprint_prop, property_type;
|
||||
type mlipay_prop, property_type;
|
||||
type thermal_engine_prop, property_type;
|
||||
type lirc_prop, property_type;
|
||||
45
sepolicy/vendor/property_contexts
vendored
Normal file
45
sepolicy/vendor/property_contexts
vendored
Normal file
@ -0,0 +1,45 @@
|
||||
# Audio
|
||||
audio.sys.noisy.broadcast.delay u:object_r:vendor_default_prop:s0
|
||||
audio.sys.offload.pstimeout.secs u:object_r:vendor_default_prop:s0
|
||||
audio_hal.in_period_size u:object_r:vendor_default_prop:s0
|
||||
audio_hal.period_multiplier u:object_r:vendor_default_prop:s0
|
||||
persist.audio.fluence.voicecomm u:object_r:vendor_default_prop:s0
|
||||
|
||||
# Camera
|
||||
cameradaemon.SaveMemAtBoot u:object_r:vendor_default_prop:s0
|
||||
cpp.set.clock u:object_r:vendor_default_prop:s0
|
||||
disable.cpp.power.collapse u:object_r:vendor_default_prop:s0
|
||||
vendor.camera.eis.gyro_name u:object_r:vendor_camera_prop:s0
|
||||
vidc.enc.dcvs.extra-buff-count u:object_r:vendor_default_prop:s0
|
||||
|
||||
#IR
|
||||
ro.lirc.dev u:object_r:lirc_prop:s0
|
||||
|
||||
# Fingerprint
|
||||
fpc_kpi u:object_r:vendor_default_prop:s0
|
||||
gf.debug.dump_data u:object_r:vendor_default_prop:s0
|
||||
persist.sys.fp. u:object_r:hal_fingerprint_prop:s0
|
||||
persist.vendor.sys.fp. u:object_r:hal_fingerprint_prop:s0
|
||||
ro.boot.fp. u:object_r:hal_fingerprint_prop:s0
|
||||
ro.boot.fpsensor u:object_r:hal_fingerprint_prop:s0
|
||||
sys.fp. u:object_r:hal_fingerprint_prop:s0
|
||||
|
||||
# Media
|
||||
gpu.stats.debug.level u:object_r:vendor_default_prop:s0
|
||||
|
||||
# Mlipay
|
||||
persist.vendor.sys.pay. u:object_r:mlipay_prop:s0
|
||||
persist.vendor.sys.provision.status u:object_r:mlipay_prop:s0
|
||||
|
||||
# RIL
|
||||
ro.build.software.version u:object_r:exported_radio_prop:s0
|
||||
ro.fota.oem u:object_r:exported_radio_prop:s0
|
||||
ro.miui. u:object_r:exported_radio_prop:s0
|
||||
ro.product.mod_device u:object_r:exported_radio_prop:s0
|
||||
|
||||
# Thermal engine
|
||||
persist.sys.thermal. u:object_r:thermal_engine_prop:s0
|
||||
sys.thermal. u:object_r:thermal_engine_prop:s0
|
||||
|
||||
# Wlan
|
||||
persist.vendor.wigig.npt.enable u:object_r:vendor_default_prop:s0
|
||||
4
sepolicy/vendor/tee.te
vendored
Normal file
4
sepolicy/vendor/tee.te
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
typeattribute tee data_between_core_and_vendor_violators;
|
||||
allow tee system_data_file:dir r_dir_perms;
|
||||
allow tee fingerprintd_data_file:dir rw_dir_perms;
|
||||
allow tee fingerprintd_data_file:file create_file_perms;
|
||||
11
sepolicy/vendor/vendor_init.te
vendored
Normal file
11
sepolicy/vendor/vendor_init.te
vendored
Normal file
@ -0,0 +1,11 @@
|
||||
typeattribute vendor_init data_between_core_and_vendor_violators;
|
||||
|
||||
allow vendor_init {
|
||||
system_data_file
|
||||
tombstone_data_file
|
||||
}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
|
||||
|
||||
allow init adsprpcd_file:file mounton;
|
||||
|
||||
set_prop(vendor_init, vendor_freq_prop)
|
||||
set_prop(vendor_init, vendor_camera_prop)
|
||||
Loading…
x
Reference in New Issue
Block a user