mirror of
https://github.com/PixelExperience-Devices/device_xiaomi_sm6250-common.git
synced 2025-05-03 04:27:16 +09:00
sm6250-common: Pull SELinux policy from Xiaomi SM8250 tree
Change-Id: I83dce3c678f796034fd39947414c8067d338edf2
This commit is contained in:
Alexander Winkowski
parent
eef8a24f25
commit
c653ce51be
@ -177,6 +177,7 @@ VENDOR_SECURITY_PATCH := 2021-07-01
|
||||
|
||||
# Sepolicy
|
||||
include device/qcom/sepolicy_vndr/SEPolicy.mk
|
||||
BOARD_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor
|
||||
|
||||
# Verified Boot
|
||||
BOARD_AVB_ENABLE := true
|
||||
|
||||
1
sepolicy/vendor/adsprpcd.te
vendored
Normal file
1
sepolicy/vendor/adsprpcd.te
vendored
Normal file
@ -0,0 +1 @@
|
||||
r_dir_file(vendor_adsprpcd, vendor_sysfs_graphics)
|
||||
2
sepolicy/vendor/app.te
vendored
Normal file
2
sepolicy/vendor/app.te
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
get_prop({ appdomain -isolated_app }, vendor_fp_prop)
|
||||
get_prop({ appdomain -isolated_app }, vendor_tee_listener_prop)
|
||||
49
sepolicy/vendor/batterysecret.te
vendored
Normal file
49
sepolicy/vendor/batterysecret.te
vendored
Normal file
@ -0,0 +1,49 @@
|
||||
type batterysecret, domain;
|
||||
type batterysecret_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(batterysecret)
|
||||
|
||||
r_dir_file(batterysecret, cgroup)
|
||||
r_dir_file(batterysecret, mnt_vendor_file)
|
||||
r_dir_file(batterysecret, vendor_sysfs_battery_supply)
|
||||
r_dir_file(batterysecret, sysfs_batteryinfo)
|
||||
r_dir_file(batterysecret, sysfs_type)
|
||||
r_dir_file(batterysecret, vendor_sysfs_usb_supply)
|
||||
r_dir_file(batterysecret, vendor_sysfs_usbpd_device)
|
||||
|
||||
allow batterysecret {
|
||||
mnt_vendor_file
|
||||
persist_subsys_file
|
||||
rootfs
|
||||
}:dir rw_dir_perms;
|
||||
|
||||
allow batterysecret {
|
||||
persist_subsys_file
|
||||
vendor_sysfs_battery_supply
|
||||
sysfs_usb
|
||||
vendor_sysfs_usb_supply
|
||||
vendor_sysfs_usbpd_device
|
||||
}:file w_file_perms;
|
||||
|
||||
allow batterysecret kmsg_device:chr_file rw_file_perms;
|
||||
|
||||
allow batterysecret self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
||||
|
||||
allow batterysecret self:global_capability_class_set {
|
||||
sys_tty_config
|
||||
sys_boot
|
||||
};
|
||||
|
||||
allow batterysecret self:capability {
|
||||
chown
|
||||
fsetid
|
||||
};
|
||||
|
||||
allow batterysecret {
|
||||
system_suspend_hwservice
|
||||
hidl_manager_hwservice
|
||||
}:hwservice_manager find;
|
||||
|
||||
binder_call(batterysecret, system_suspend_server)
|
||||
|
||||
wakelock_use(batterysecret)
|
||||
5
sepolicy/vendor/device.te
vendored
Normal file
5
sepolicy/vendor/device.te
vendored
Normal file
@ -0,0 +1,5 @@
|
||||
type fingerprint_device, dev_type;
|
||||
|
||||
type lirc_device, dev_type;
|
||||
|
||||
type sound_device, dev_type;
|
||||
14
sepolicy/vendor/file.te
vendored
14
sepolicy/vendor/file.te
vendored
@ -1 +1,15 @@
|
||||
type audio_socket, file_type;
|
||||
|
||||
type camera_persist_file, file_type, vendor_persist_type;
|
||||
|
||||
type fingerprint_data_file, data_file_type, file_type, vendor_persist_type;
|
||||
|
||||
type persist_subsys_file, vendor_persist_type, file_type;
|
||||
|
||||
type sysfs_msm_boot, fs_type, sysfs_type;
|
||||
|
||||
type sysfs_msm_subsys, sysfs_type, fs_type;
|
||||
|
||||
type thermal_link_device, dev_type;
|
||||
|
||||
type vendor_sysfs_iio, fs_type, sysfs_type;
|
||||
|
||||
27
sepolicy/vendor/file_contexts
vendored
27
sepolicy/vendor/file_contexts
vendored
@ -1,11 +1,38 @@
|
||||
# Audio
|
||||
/dev/socket/audio_hw_socket u:object_r:audio_socket:s0
|
||||
|
||||
# Camera
|
||||
/mnt/vendor/persist/camera(/.*)? u:object_r:camera_persist_file:s0
|
||||
|
||||
# Charger
|
||||
/vendor/bin/batterysecret u:object_r:batterysecret_exec:s0
|
||||
|
||||
# Fingerprint
|
||||
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2.1-service\.xiaomi_atoll u:object_r:hal_fingerprint_default_exec:s0
|
||||
|
||||
# Fingerprint - devices
|
||||
/dev/goodix_fp u:object_r:fingerprint_device:s0
|
||||
|
||||
# Fingerprint - data
|
||||
/data/vendor/goodix(/.*)? u:object_r:fingerprint_data_file:s0
|
||||
/data/vendor/fpc(/.*)? u:object_r:fingerprint_data_file:s0
|
||||
|
||||
# IR
|
||||
/dev/spidev0.1 u:object_r:lirc_device:s0
|
||||
|
||||
# Lights
|
||||
/vendor/bin/hw/android\.hardware\.lights-service\.xiaomi_atoll u:object_r:hal_light_default_exec:s0
|
||||
|
||||
# Persist subsystem
|
||||
/mnt/vendor/persist/subsys(/.*)? u:object_r:persist_subsys_file:s0
|
||||
|
||||
# Power
|
||||
/vendor/bin/hw/android\.hardware\.power-service\.xiaomi-libperfmgr u:object_r:hal_power_default_exec:s0
|
||||
|
||||
# Sys
|
||||
/sys/bus/iio/devices u:object_r:vendor_sysfs_iio:s0
|
||||
/sys/devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:vadc@3100/iio:device0(/.*)? u:object_r:vendor_sysfs_iio:s0
|
||||
/sys/devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm6150l@4:vadc@3100/iio:device1(/.*)? u:object_r:vendor_sysfs_iio:s0
|
||||
|
||||
# Thermal
|
||||
/vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.xiaomi_atoll u:object_r:hal_thermal_default_exec:s0
|
||||
|
||||
56
sepolicy/vendor/genfs_contexts
vendored
Normal file
56
sepolicy/vendor/genfs_contexts
vendored
Normal file
@ -0,0 +1,56 @@
|
||||
# DSP
|
||||
genfscon sysfs /kernel/boot_cdsp/boot u:object_r:sysfs_msm_boot:s0
|
||||
|
||||
# Display
|
||||
genfscon sysfs /devices/platform/soc/5000000.qcom,kgsl-3d0 u:object_r:sysfs_msm_subsys:s0
|
||||
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/idle_state u:object_r:vendor_sysfs_graphics:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-llcc-bw u:object_r:sysfs_msm_subsys:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,cpu-llcc-ddr-bw u:object_r:sysfs_msm_subsys:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-l3-lat u:object_r:sysfs_msm_subsys:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,cpu6-cpu-l3-lat u:object_r:sysfs_msm_subsys:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display u:object_r:vendor_sysfs_graphics:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,gpubw u:object_r:sysfs_msm_subsys:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,gpubw/devfreq u:object_r:sysfs_msm_subsys:s0
|
||||
|
||||
# Health
|
||||
genfscon sysfs /class/power_supply/battery/capacity u:object_r:vendor_sysfs_battery_supply:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:maxim_ds28e16/power_supply/batt_verify u:object_r:vendor_sysfs_battery_supply:s0
|
||||
|
||||
# LED
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,leds@d000/leds/white u:object_r:sysfs_leds:s0
|
||||
|
||||
# Wakeup source stats
|
||||
genfscon sysfs /devices/platform/soc/18800000.qcom,icnss/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/88c000.qcom,qup_uart/tty/ttyHS0/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/890000.i2c/i2c-1/1-005a/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/a600000.ssusb/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,power-on@800/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/battery/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/main/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/pc_port/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/usbpd/usbpd0/otg_default/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/usbpd/usbpd0/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qpnp,qg/power_supply/bms/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm6150l@4:qcom,power-on@800/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:gpio_keys/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,msm-audio-apr/soc:qcom,msm-audio-apr:qcom,q6core-audio/soc:qcom,msm-audio-apr:qcom,q6core-audio:bolero-cdc/rx-macro/rx_swr_ctrl/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,msm-audio-apr/soc:qcom,msm-audio-apr:qcom,q6core-audio/soc:qcom,msm-audio-apr:qcom,q6core-audio:bolero-cdc/tx-macro/tx_swr_ctrl/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/input/input1/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_aac/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_alac/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_amrnb/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_amrwbplus/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_amrwb/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_ape/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_evrc/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_g711alaw/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_g711mlaw/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_mp3/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_multi_aac/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_qcelp/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_wma/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/misc/msm_wmapro/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
14
sepolicy/vendor/hal_audio_default.te
vendored
Normal file
14
sepolicy/vendor/hal_audio_default.te
vendored
Normal file
@ -0,0 +1,14 @@
|
||||
# For interfacing with PowerHAL
|
||||
hal_client_domain(hal_audio_default, hal_power)
|
||||
|
||||
# Allow hal_audio_default to read vendor_persist_audio_file
|
||||
r_dir_file(hal_audio_default, vendor_persist_audio_file)
|
||||
|
||||
r_dir_file(hal_audio_default, sysfs)
|
||||
|
||||
binder_call(hal_audio_default, system_suspend_server)
|
||||
|
||||
set_prop(hal_audio_default, vendor_audio_prop)
|
||||
|
||||
allow hal_audio_default audio_socket:sock_file rw_file_perms;
|
||||
allow hal_audio_default system_suspend_hwservice:hwservice_manager find;
|
||||
2
sepolicy/vendor/hal_bluetooth_default.te
vendored
Normal file
2
sepolicy/vendor/hal_bluetooth_default.te
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
# Allow hal_bluetooth_default to read files in vendor_wifi_vendor_data_file
|
||||
r_dir_file(hal_bluetooth_default, vendor_wifi_vendor_data_file)
|
||||
17
sepolicy/vendor/hal_camera_default.te
vendored
Normal file
17
sepolicy/vendor/hal_camera_default.te
vendored
Normal file
@ -0,0 +1,17 @@
|
||||
# For interfacing with PowerHAL
|
||||
hal_client_domain(hal_camera_default, hal_power)
|
||||
|
||||
# Allow hal_camera_default to read to vendor_sysfs_kgsl
|
||||
r_dir_file(hal_camera_default, vendor_sysfs_kgsl)
|
||||
|
||||
# Allow hal_camera_default to read to mnt/vendor/persist/camera
|
||||
r_dir_file(hal_camera_default, camera_persist_file)
|
||||
r_dir_file(hal_camera_default, mnt_vendor_file)
|
||||
r_dir_file(hal_camera_default, vendor_persist_sensors_file)
|
||||
|
||||
allow hal_camera_default proc_stat:file read;
|
||||
|
||||
set_prop(hal_camera_default, vendor_camera_prop)
|
||||
|
||||
allow hal_camera_default socket_device:sock_file write;
|
||||
allow hal_camera_default proc_stat:file { open };
|
||||
33
sepolicy/vendor/hal_fingerprint_default.te
vendored
Normal file
33
sepolicy/vendor/hal_fingerprint_default.te
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
allow hal_fingerprint_default fingerprint_data_file:dir rw_dir_perms;
|
||||
allow hal_fingerprint_default fingerprint_data_file:file create_file_perms;
|
||||
|
||||
allow hal_fingerprint_default {
|
||||
fingerprint_device
|
||||
input_device
|
||||
tee_device
|
||||
uhid_device
|
||||
}: chr_file rw_file_perms;
|
||||
|
||||
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
|
||||
|
||||
allow hal_fingerprint_default {
|
||||
input_device
|
||||
vendor_sysfs_graphics
|
||||
sysfs_msm_subsys
|
||||
}: dir r_dir_perms;
|
||||
|
||||
allow hal_fingerprint_default {
|
||||
vendor_sysfs_fingerprint
|
||||
vendor_sysfs_fps_attr
|
||||
vendor_sysfs_graphics
|
||||
sysfs_msm_subsys
|
||||
}: file rw_file_perms;
|
||||
|
||||
r_dir_file(hal_fingerprint_default, firmware_file)
|
||||
|
||||
get_prop(system_server, vendor_fp_prop);
|
||||
|
||||
set_prop(hal_fingerprint_default, vendor_fp_prop)
|
||||
|
||||
allow hal_fingerprint_default vendor_sysfs_spss:dir { search };
|
||||
allow hal_fingerprint_default vendor_sysfs_spss:file { open read };
|
||||
2
sepolicy/vendor/hal_health_default.te
vendored
Normal file
2
sepolicy/vendor/hal_health_default.te
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
allow hal_health_default sysfs_wakeup:dir r_dir_perms;
|
||||
allow hal_health_default sysfs_wakeup:file r_file_perms;
|
||||
4
sepolicy/vendor/hal_ir_default.te
vendored
Normal file
4
sepolicy/vendor/hal_ir_default.te
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
allow hal_ir_default lirc_device:{
|
||||
chr_file
|
||||
file
|
||||
} rw_file_perms;
|
||||
5
sepolicy/vendor/hal_light_default.te
vendored
Normal file
5
sepolicy/vendor/hal_light_default.te
vendored
Normal file
@ -0,0 +1,5 @@
|
||||
allow hal_light_default {
|
||||
sysfs_leds
|
||||
}:file rw_file_perms;
|
||||
|
||||
r_dir_file(hal_light_default, sysfs_leds)
|
||||
3
sepolicy/vendor/hal_nfc_default.te
vendored
Normal file
3
sepolicy/vendor/hal_nfc_default.te
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
# Data file accesses.
|
||||
allow hal_nfc_default vendor_nfc_vendor_data_file:dir create_dir_perms;
|
||||
allow hal_nfc_default vendor_nfc_vendor_data_file:file create_file_perms;
|
||||
32
sepolicy/vendor/hal_power_default.te
vendored
Normal file
32
sepolicy/vendor/hal_power_default.te
vendored
Normal file
@ -0,0 +1,32 @@
|
||||
# Allow hal_power_default to write to dt2w nodes
|
||||
allow hal_power_default input_device:dir r_dir_perms;
|
||||
allow hal_power_default input_device:chr_file rw_file_perms;
|
||||
|
||||
r_dir_file(hal_power_default, input_device)
|
||||
|
||||
allow hal_power_default {
|
||||
vendor_sysfs_devfreq
|
||||
sysfs_msm_subsys
|
||||
}:dir search;
|
||||
|
||||
allow hal_power_default {
|
||||
cgroup
|
||||
proc
|
||||
vendor_sysfs_devfreq
|
||||
sysfs_devices_system_cpu
|
||||
vendor_sysfs_graphics
|
||||
vendor_sysfs_kgsl
|
||||
sysfs_msm_subsys
|
||||
vendor_sysfs_scsi_host
|
||||
}:{
|
||||
file
|
||||
lnk_file
|
||||
} rw_file_perms;
|
||||
|
||||
allow hal_power_default vendor_latency_device:chr_file rw_file_perms;
|
||||
|
||||
# Rule for hal_power_default to access graphics composer process
|
||||
unix_socket_connect(hal_power_default, vendor_pps, hal_graphics_composer_default);
|
||||
|
||||
# To get/set powerhal state property
|
||||
set_prop(hal_power_default, power_prop)
|
||||
2
sepolicy/vendor/hal_power_stats_default.te
vendored
Normal file
2
sepolicy/vendor/hal_power_stats_default.te
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
allow hal_power_stats_default vendor_sysfs_iio:dir r_dir_perms;
|
||||
allow hal_power_stats_default vendor_sysfs_iio:file r_file_perms;
|
||||
9
sepolicy/vendor/hal_sensors_default.te
vendored
Normal file
9
sepolicy/vendor/hal_sensors_default.te
vendored
Normal file
@ -0,0 +1,9 @@
|
||||
unix_socket_connect(hal_sensors_default, audio, hal_audio_default)
|
||||
|
||||
allow hal_sensors_default audio_socket:sock_file rw_file_perms;
|
||||
allow hal_sensors_default socket_device:sock_file rw_file_perms;
|
||||
allow hal_sensors_default iio_device:chr_file rw_file_perms;
|
||||
allow hal_sensors_default vendor_sysfs_iio:dir r_dir_perms;
|
||||
allow hal_sensors_default vendor_sysfs_iio:file rw_file_perms;
|
||||
|
||||
get_prop(hal_sensors_default, vendor_adsprpc_prop)
|
||||
2
sepolicy/vendor/hwservice_contexts
vendored
Normal file
2
sepolicy/vendor/hwservice_contexts
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_hwservice:s0
|
||||
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonExt u:object_r:hal_fingerprint_hwservice:s0
|
||||
4
sepolicy/vendor/init.te
vendored
Normal file
4
sepolicy/vendor/init.te
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
# For mount tracefs tracefs /sys/kernel/tracing
|
||||
allow init debugfs_tracing_debug:dir mounton;
|
||||
|
||||
allow init same_process_hal_file:file execute;
|
||||
6
sepolicy/vendor/property.te
vendored
6
sepolicy/vendor/property.te
vendored
@ -1 +1,7 @@
|
||||
type power_prop, property_type;
|
||||
|
||||
type vendor_device_prop, property_type;
|
||||
|
||||
type vendor_fp_prop, property_type;
|
||||
|
||||
type vendor_thermal_prop, property_type;
|
||||
|
||||
24
sepolicy/vendor/property_contexts
vendored
24
sepolicy/vendor/property_contexts
vendored
@ -1,2 +1,26 @@
|
||||
# Camera
|
||||
persist.vendor.camera.mi.module. u:object_r:vendor_camera_prop:s0
|
||||
vendor.camera. u:object_r:vendor_camera_prop:s0
|
||||
persist.camera. u:object_r:vendor_camera_prop:s0
|
||||
|
||||
# Fingerprint
|
||||
persist.vendor.sys.fp. u:object_r:vendor_fp_prop:s0
|
||||
ro.hardware.fp u:object_r:vendor_fp_prop:s0
|
||||
vendor.fps_hal. u:object_r:vendor_fp_prop:s0
|
||||
vendor.sys.fp u:object_r:vendor_fp_prop:s0
|
||||
|
||||
# Power
|
||||
vendor.powerhal.state u:object_r:power_prop:s0
|
||||
vendor.powerhal.audio u:object_r:power_prop:s0
|
||||
vendor.powerhal.lpm u:object_r:power_prop:s0
|
||||
vendor.powerhal.init u:object_r:power_prop:s0
|
||||
vendor.powerhal.rendering u:object_r:power_prop:s0
|
||||
|
||||
# Recovery
|
||||
ro.build.expect. u:object_r:exported_default_prop:s0
|
||||
|
||||
# Thermal
|
||||
vendor.thermal. u:object_r:vendor_thermal_prop:s0
|
||||
|
||||
# USB
|
||||
sys.usb.configfs u:object_r:system_prop:s0
|
||||
|
||||
1
sepolicy/vendor/radio.te
vendored
Normal file
1
sepolicy/vendor/radio.te
vendored
Normal file
@ -0,0 +1 @@
|
||||
get_prop(radio, vendor_audio_prop)
|
||||
2
sepolicy/vendor/sensors.te
vendored
Normal file
2
sepolicy/vendor/sensors.te
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
# Allow sensors to access backlight sysfs state
|
||||
r_dir_file(vendor_sensors, vendor_sysfs_graphics)
|
||||
6
sepolicy/vendor/system_app.te
vendored
Normal file
6
sepolicy/vendor/system_app.te
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
allow system_app vendor_sysfs_battery_supply:dir { search };
|
||||
allow system_app vendor_sysfs_battery_supply:file { read };
|
||||
allow system_app vendor_sysfs_battery_supply:file { open };
|
||||
allow system_app vendor_sysfs_battery_supply:file { getattr };
|
||||
|
||||
r_dir_file(system_app, vendor_sysfs_battery_supply)
|
||||
7
sepolicy/vendor/tee.te
vendored
Normal file
7
sepolicy/vendor/tee.te
vendored
Normal file
@ -0,0 +1,7 @@
|
||||
allow tee fingerprint_data_file:dir create_dir_perms;
|
||||
allow tee {
|
||||
fingerprint_data_file
|
||||
mnt_vendor_file
|
||||
}:file create_file_perms;
|
||||
|
||||
allow tee mnt_vendor_file:dir rw_dir_perms;
|
||||
11
sepolicy/vendor/thermal-engine.te
vendored
Normal file
11
sepolicy/vendor/thermal-engine.te
vendored
Normal file
@ -0,0 +1,11 @@
|
||||
allow vendor_thermal-engine {
|
||||
vendor_sysfs_devfreq
|
||||
sysfs_msm_subsys
|
||||
}:dir r_dir_perms;
|
||||
|
||||
allow vendor_thermal-engine vendor_sysfs_devfreq:file rw_file_perms;
|
||||
|
||||
# Rule for vendor_thermal-engine to access init process
|
||||
unix_socket_connect(vendor_thermal-engine, property, init);
|
||||
|
||||
set_prop(vendor_thermal-engine, vendor_thermal_prop)
|
||||
1
sepolicy/vendor/uevent.te
vendored
Normal file
1
sepolicy/vendor/uevent.te
vendored
Normal file
@ -0,0 +1 @@
|
||||
allow ueventd self:capability sys_nice;
|
||||
1
sepolicy/vendor/vendor_hal_perf_default.te
vendored
Normal file
1
sepolicy/vendor/vendor_hal_perf_default.te
vendored
Normal file
@ -0,0 +1 @@
|
||||
allow vendor_hal_perf_default sysfs_msm_subsys:dir search;
|
||||
15
sepolicy/vendor/vendor_init.te
vendored
15
sepolicy/vendor/vendor_init.te
vendored
@ -1,2 +1,17 @@
|
||||
set_prop(vendor_init, power_prop)
|
||||
set_prop(vendor_init, vendor_alarm_boot_prop)
|
||||
set_prop(vendor_init, vendor_video_prop)
|
||||
|
||||
allow vendor_init {
|
||||
vendor_debugfs_clk
|
||||
proc_dirty
|
||||
proc
|
||||
}:file w_file_perms;
|
||||
|
||||
allow vendor_init block_device:lnk_file setattr;
|
||||
allow vendor_init vendor_camera_prop:property_service set;
|
||||
|
||||
allow vendor_init input_device:chr_file { create setattr unlink rw_file_perms };
|
||||
|
||||
allow vendor_init thermal_link_device:dir r_dir_perms;
|
||||
allow vendor_init thermal_link_device:lnk_file r_file_perms;
|
||||
|
||||
4
sepolicy/vendor/vendor_qti_init_shell.te
vendored
Normal file
4
sepolicy/vendor/vendor_qti_init_shell.te
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
allow vendor_qti_init_shell configfs:dir rw_dir_perms;
|
||||
allow vendor_qti_init_shell configfs:file create_file_perms;
|
||||
allow vendor_qti_init_shell ctl_stop_prop:property_service set;
|
||||
allow vendor_qti_init_shell sysfs_wakeup:file setattr;
|
||||
Loading…
x
Reference in New Issue
Block a user