sim1222/device_xiaomi_miatoll
1
0
Fork 0
mirror of https://github.com/PixelExperience-Devices/device_xiaomi_miatoll.git synced 2025-08-03 07:06:30 +09:00
Code Issues Projects Releases Wiki Activity

miatoll: Enforcing bring up for R

Browse Source 
Co-authored-by: Aryan Gupta <guptaaryan189@gmail.com>
Co-authored-by: Erfan Abdi  <erfangplus@gmail.com>
Co-authored-by: Volodymyr Zhdanov <wight554@gmail.com>
Co-authored-by: Cosmin Tanislav <demonsingur@gmail.com>
This commit is contained in:
Ramii Ahmed
2021-01-04 13:12:12 +00:00
committed by Aryan Gupta
parent 76c08d115f
commit 98aaa1c40c
45 changed files with 360 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
BoardConfig.mk
View File

@ -109,7 +109,6 @@ BOARD_KERNEL_CMDLINE += msm_rtb.filter=0x237
BOARD_KERNEL_CMDLINE += service_locator.enable=1
BOARD_KERNEL_CMDLINE += swiotlb=1
BOARD_KERNEL_CMDLINE += video=vfb:640x400,bpp=32,memsize=3072000
BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive
BOARD_KERNEL_CMDLINE += kpti=off
# HIDL

1
sepolicy/private/fsck.te Normal file
View File

@ -0,0 +1 @@
dontaudit fsck self:capability kill;

1
sepolicy/private/linkerconfig.te Normal file
View File

@ -0,0 +1 @@
dontaudit linkerconfig self:capability kill;

2
sepolicy/private/platform_app.te Normal file
View File

@ -0,0 +1,2 @@
hal_client_domain(platform_app, hal_misys)

2
sepolicy/private/priv_app.te Normal file
View File

@ -0,0 +1,2 @@
hal_client_domain(priv_app, hal_misys)

2
sepolicy/private/system_app.te Normal file
View File

@ -0,0 +1,2 @@
hal_client_domain(system_app, hal_misys)

3
sepolicy/private/system_suspend.te Normal file
View File

@ -0,0 +1,3 @@
allow system_suspend sysfs:dir { open read };
allow system_suspend sysfs:file { getattr };
dontaudit system_suspend sysfs:file { open read };

1
sepolicy/private/toolbox.te Normal file
View File

@ -0,0 +1 @@
dontaudit toolbox self:capability kill;

1
sepolicy/private/vdc.te Normal file
View File

@ -0,0 +1 @@
dontaudit vdc self:capability kill;

19
sepolicy/private/xiaomiparts_app.te Normal file
View File

@ -0,0 +1,19 @@
type xiaomiparts_app, domain;
app_domain(xiaomiparts_app)
# Access standard system services
allow xiaomiparts_app app_api_service:service_manager find;
# Allow reading and writing shared prefs
allow xiaomiparts_app system_app_data_file:dir create_dir_perms;
allow xiaomiparts_app system_app_data_file:{ file lnk_file } create_file_perms;
# Allow binder communication with gpuservice
binder_call(xiaomiparts_app, gpuservice)
# Allow XiaomiParts to read and write to cgroup
allow xiaomiparts_app cgroup:file rw_file_perms;
# Allow XiaomiParts to write to sysfs_thermal
allow xiaomiparts_app sysfs_thermal:file w_file_perms;

1
sepolicy/public/attributes Normal file
View File

@ -0,0 +1 @@
hal_attribute_custom(misys)

10
sepolicy/public/te_macros Normal file
View File

@ -0,0 +1,10 @@
#####################################
# hal_attribute_custom(hal_name)
define(`hal_attribute_custom', `
attribute hal_$1;
expandattribute hal_$1 true;
attribute hal_$1_client;
expandattribute hal_$1_client true;
attribute hal_$1_server;
expandattribute hal_$1_server false;
')

2
sepolicy/vendor/app.te vendored Normal file
View File

@ -0,0 +1,2 @@
# Allow appdomain to get persist_camera_prop
get_prop(appdomain, vendor_persist_camera_prop)

1
sepolicy/vendor/batterysecret.te vendored Normal file
View File

@ -0,0 +1 @@
allow batterysecret kmsg_device:chr_file { getattr };

1
sepolicy/vendor/bluetooth.te vendored Normal file
View File

@ -0,0 +1 @@
allow bluetooth incremental_prop:file { getattr open read };

2
sepolicy/vendor/device.te vendored Normal file
View File

@ -0,0 +1,2 @@
type fingerprint_device, dev_type;
type spidev_device, dev_type;

5
sepolicy/vendor/file.te vendored Normal file
View File

@ -0,0 +1,5 @@
# Camera persist file
type camera_persist_file, file_type, vendor_persist_type;
# Touchscreen
type sysfs_touchpanel, sysfs_type, fs_type;

35
sepolicy/vendor/file_contexts vendored
View File

@ -3,8 +3,41 @@
/vendor/bin/batterysecret u:object_r:batterysecret_exec:s0
/mnt/vendor/persist/subsys(/.*)? u:object_r:persist_subsys_file:s0
# Biometric
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.xiaomi_sm6250 u:object_r:hal_fingerprint_default_exec:s0
# Camera
/mnt/vendor/persist/camera(/.*)? u:object_r:camera_persist_file:s0
# Device Nodes
/dev/stune(/.*)? u:object_r:cgroup:s0
# Fingerprint
/vendor/bin/hw/android\.hardware\.fingerprint@2\.1-service\.xiaomi_sm6250 u:object_r:hal_fingerprint_default_exec:s0
/data/gf_data(/.*)? u:object_r:fingerprintd_data_file:s0
/data/vendor/fpc(/.*)? u:object_r:fingerprint_vendor_data_file:s0
/data/vendor/gf_data(/.*)? u:object_r:fingerprint_vendor_data_file:s0
/data/vendor/goodix(/.*)? u:object_r:fingerprint_vendor_data_file:s0
/dev/goodix_fp u:object_r:fingerprint_device:s0
# IR
/dev/lirc0 u:object_r:spidev_device:s0
/dev/spidev7.1 u:object_r:spidev_device:s0
/dev/spidev0.1 u:object_r:spidev_device:s0
# Power HAL
/vendor/bin/hw/android\.hardware\.power@1\.3-service\.xiaomi_sm6250 u:object_r:hal_power_default_exec:s0
# Light
/vendor/bin/hw/android\.hardware\.light@2\.0-service\.xiaomi_sm6250 u:object_r:hal_light_default_exec:s0
# Perf
/vendor/bin/hw/vendor\.qti\.hardware\.perf@2\.2-service\.xiaomi_sm6250 u:object_r:same_process_hal_file:s0
# Mac
/data/vendor/mac_addr(/.*)? u:object_r:vendor_wifi_vendor_data_file:s0
/vendor/bin/nv_mac u:object_r:vendor_wcnss_service_exec:s0
# Misys
/(vendor|system/vendor)/bin/hw/vendor\.xiaomi\.hardware\.misys@1\.0-service u:object_r:hal_misys_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.xiaomi\.hardware\.misys@2\.0-service u:object_r:hal_misys_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.xiaomi\.hardware\.misys@3\.0-service u:object_r:hal_misys_default_exec:s0

84
sepolicy/vendor/genfs_contexts vendored Normal file
View File

@ -0,0 +1,84 @@
# Battery
genfscon sysfs /devices/soc/c176000.i2c/i2c-2/2-001d u:object_r:sysfs_battery_supply:s0
# Camera
genfscon sysfs /camera_sensorid/sensorid u:object_r:sysfs_graphics:s0
# LED
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,leds@d000/leds/white u:object_r:sysfs_graphics:s0
# Touchpanel
genfscon sysfs /touchpanel u:object_r:sysfs_touchpanel:s0
# Wakeup source stats
genfscon sysfs /devices/platform/soc/18800000.qcom,icnss/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/1e00000.qcom,ipa/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/3000000.qcom,lpass/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/4080000.qcom,mss/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/8300000.qcom,turing/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/880000.spi/spi_master/spi0/spi0.0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/888000.qcom,qup_uart/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/890000.spi/spi_master/spi1/spi1.0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/894000.qcom,qup_uart/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/9800000.qcom,npu/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/984000.i2c/i2c-0/0-0008/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/984000.i2c/i2c-0/0-0057/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-1/1-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-1/1-003b/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/a600000.ssusb/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/aae0000.qcom,venus/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/rtc/rtc0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:google,bms/power_supply/sm7250_bms/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/main/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/pc_port/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,usb-pdphy@1700/usbpd0/power_supply/tcpm-source-psy-usbpd0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,usb-pdphy@1700/usbpd0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qpnp,qg/power_supply/bms/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm8150l@4:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/rtc/rtc0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm7250b@2:google,bms/power_supply/sm7250_bms/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/main/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/pc_port/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,usb-pdphy@1700/usbpd0/power_supply/tcpm-source-psy-usbpd0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,usb-pdphy@1700/usbpd0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm7250b@2:qpnp,qg/power_supply/bms/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-04/c440000.qcom,spmi:qcom,pm8150l@4:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/soc:gpio_keys/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/soc:keydebug/keycombo.0.auto/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/soc:qcom,msm-audio-apr/soc:qcom,msm-audio-apr:qcom,q6core-audio/soc:qcom,msm-audio-apr:qcom,q6core-audio:bolero-cdc/rx-macro/rx_swr_ctrl/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/soc:qcom,msm-audio-apr/soc:qcom,msm-audio-apr:qcom,q6core-audio/soc:qcom,msm-audio-apr:qcom,q6core-audio:bolero-cdc/tx-macro/tx_swr_ctrl/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-adsp/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-cdsp/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-mpss/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-npu/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/soc:qcom,smp2p_sleepstate/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/diag/diag/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_aac/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_alac/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_amrnb/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_amrwb/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_amrwbplus/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_ape/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_evrc/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_g711alaw/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_g711mlaw/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_mp3/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_multi_aac/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_qcelp/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_wma/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/misc/msm_wmapro/wakeup u:object_r:sysfs_wakeup:s0

1
sepolicy/vendor/gpuservice.te vendored Normal file
View File

@ -0,0 +1 @@
allow gpuservice graphics_config_prop:file { read };

7
sepolicy/vendor/hal_audio_default.te vendored Normal file
View File

@ -0,0 +1,7 @@
type audio_socket, file_type;
set_prop(hal_audio_default, vendor_audio_prop)
allow hal_audio_default mnt_vendor_file:dir search;
r_dir_file(hal_audio_default, vendor_persist_audio_file)
allow hal_audio_default audio_socket:sock_file rw_file_perms;

10
sepolicy/vendor/hal_camera_default.te vendored Normal file
View File

@ -0,0 +1,10 @@
allow hal_camera_default vendor_camera_prop:property_service { set };
allow hal_camera_default mnt_vendor_file:file { getattr };
allow hal_camera_default proc_stat:file { open read };
allow hal_camera_default vendor_default_prop:file { open read };
allow hal_camera_default vendor_xdsp_device:chr_file { read };
# Allow hal_camera_default to read to mnt/vendor/persist/camera
r_dir_file(hal_camera_default, camera_persist_file)
r_dir_file(hal_camera_default, mnt_vendor_file)
get_prop(hal_camera_default, vendor_camera_prop)

26
sepolicy/vendor/hal_fingerprint_default.te vendored Normal file
View File

@ -0,0 +1,26 @@
hal_server_domain(hal_fingerprint_default, hal_fingerprint)
init_daemon_domain(hal_fingerprint_default)
# access to /data/system/users/[0-9]+/fpdata
allow hal_fingerprint_default fingerprintd_data_file:dir rw_dir_perms;
allow hal_fingerprint_default fingerprintd_data_file:file create_file_perms;
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find;
allow hal_fingerprint_default vendor_sysfs_fps_attr:file { open read write };
allow hal_fingerprint_default property_socket:sock_file write;
allow hal_fingerprint_default init:unix_stream_socket connectto;
allow hal_fingerprint_default {
fingerprint_device
tee_device
uhid_device
}:chr_file rw_file_perms;
# TODO(b/36644492): Remove data_between_core_and_vendor_violators once
# hal_fingerprint no longer directly accesses fingerprintd_data_file.
typeattribute hal_fingerprint_default data_between_core_and_vendor_violators;
binder_call(hal_fingerprint_default, hal_perf_default)
r_dir_file(hal_fingerprint_default, firmware_file)
set_prop(hal_fingerprint_default, hal_fingerprint_prop)
dontaudit hal_fingerprint_default storage_file:dir search;
allow hal_fingerprint_default hal_fingerprint_prop:property_service { set };

2
sepolicy/vendor/hal_health_default.te vendored Normal file
View File

@ -0,0 +1,2 @@
allow hal_health_default sysfs:file { open read };
allow hal_health_default sysfs:file { getattr open read };

2
sepolicy/vendor/hal_ir_default.te vendored Normal file
View File

@ -0,0 +1,2 @@
get_prop(hal_ir_default, lirc_prop)
allow hal_ir_default spidev_device:chr_file rw_file_perms;

1
sepolicy/vendor/hal_light_default.te vendored Normal file
View File

@ -0,0 +1 @@
allow hal_light_default sysfs:file { open write getattr };

5
sepolicy/vendor/hal_misys.te vendored Normal file
View File

@ -0,0 +1,5 @@
# HwBinder IPC from client to server
binder_call(hal_misys_client, hal_misys_server)
add_hwservice(hal_misys_server, hal_misys_hwservice)
allow hal_misys_client hal_misys_hwservice:hwservice_manager find;

11
sepolicy/vendor/hal_misys_default.te vendored Normal file
View File

@ -0,0 +1,11 @@
type hal_misys_default, domain;
hal_server_domain(hal_misys_default, hal_misys)
type hal_misys_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_misys_default)
r_dir_file(hal_misys_default, firmware_file)
r_dir_file(hal_misys_default, mnt_vendor_file)
get_prop(hal_misys_default, vendor_camera_prop)

1
sepolicy/vendor/hal_sensors_default.te vendored Normal file
View File

@ -0,0 +1 @@
set_prop(hal_sensors_default, vendor_camera_prop)

2
sepolicy/vendor/hwservice.te vendored Normal file
View File

@ -0,0 +1,2 @@
type hal_misys_hwservice, hwservice_manager_type;

3
sepolicy/vendor/hwservice_contexts vendored Normal file
View File

@ -0,0 +1,3 @@
vendor.goodix.hardware.fingerprint::IGoodixBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0
vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0
vendor.xiaomi.hardware.misys::IMiSys u:object_r:hal_misys_hwservice:s0

1
sepolicy/vendor/init.te vendored Normal file
View File

@ -0,0 +1 @@
allow init vendor_configs_file:file { mounton };

4
sepolicy/vendor/platform_app.te vendored Normal file
View File

@ -0,0 +1,4 @@
allow platform_app vendor_audio_prop:file { open read };
allow platform_app cgroup:file { open read };
allow platform_app vendor_xdsp_device:chr_file { read };
allow platform_app adsprpcd_file:dir { getattr search };

5
sepolicy/vendor/property.te vendored Normal file
View File

@ -0,0 +1,5 @@
type hal_fingerprint_prop, property_type;
type mlipay_prop, property_type;
type thermal_engine_prop, property_type;
type lirc_prop, property_type;

63
sepolicy/vendor/property_contexts vendored Normal file
View File

@ -0,0 +1,63 @@
# Audio
audio.sys.noisy.broadcast.delay u:object_r:vendor_audio_prop:s0
audio.sys.offload.pstimeout.secs u:object_r:vendor_audio_prop:s0
audio_hal.in_period_size u:object_r:vendor_audio_prop:s0
audio_hal.period_multiplier u:object_r:vendor_audio_prop:s0
persist.audio.fluence.voicecomm u:object_r:vendor_audio_prop:s0
# Camera
cameradaemon.SaveMemAtBoot u:object_r:vendor_camera_prop:s0
cpp.set.clock u:object_r:vendor_camera_prop:s0
disable.cpp.power.collapse u:object_r:vendor_camera_prop:s0
vendor.camera.eis.gyro_name u:object_r:vendor_camera_prop:s0
vidc.enc.dcvs.extra-buff-count u:object_r:vendor_camera_prop:s0
camera.gyro. u:object_r:vendor_camera_prop:s0
#vendor.camera.aux.packageblacklist u:object_r:vendor_camera_prop:s0
persist.camera.gyro u:object_r:vendor_camera_prop:s0
vendor.camera.boot_complete u:object_r:vendor_camera_prop:s0
ro.camera.req.fmq.size u:object_r:vendor_camera_prop:s0
# Camera IDs
vendor.camera.sensor.rearMacro.fuseID u:object_r:vendor_camera_prop:s0
vendor.camera.sensor.rearUltra.fuseID u:object_r:vendor_camera_prop:s0
vendor.camera.sensor.rearTele.fuseID u:object_r:vendor_camera_prop:s0
vendor.camera.sensor.frontMain.fuseID u:object_r:vendor_camera_prop:s0
vendor.camera.sensor.rearMain.fuseID u:object_r:vendor_camera_prop:s0
# IR
ro.lirc.dev u:object_r:lirc_prop:s0
# Fingerprint
fpc_kpi u:object_r:hal_fingerprint_prop:s0
gf.debug.dump_data u:object_r:hal_fingerprint_prop:s0
persist.sys.fp. u:object_r:hal_fingerprint_prop:s0
persist.vendor.sys.fp. u:object_r:hal_fingerprint_prop:s0
ro.boot.fp. u:object_r:hal_fingerprint_prop:s0
ro.boot.fpsensor u:object_r:hal_fingerprint_prop:s0
sys.fp. u:object_r:hal_fingerprint_prop:s0
vendor.sys.fp u:object_r:hal_fingerprint_prop:s0
vendor.sys.fp. u:object_r:hal_fingerprint_prop:s0
# Manufacture Prop
ro.product.system.manufacturer u:object_r:exported2_default_prop:s0
# Media
gpu.stats.debug.level u:object_r:vendor_default_prop:s0
# Mlipay
persist.vendor.sys.pay. u:object_r:mlipay_prop:s0
persist.vendor.sys.provision.status u:object_r:mlipay_prop:s0
# RIL
ro.build.software.version u:object_r:exported_radio_prop:s0
ro.fota.oem u:object_r:exported_radio_prop:s0
ro.miui. u:object_r:exported_radio_prop:s0
ro.product.mod_device u:object_r:exported_radio_prop:s0
# Thermal engine
persist.sys.thermal. u:object_r:thermal_engine_prop:s0
sys.thermal. u:object_r:thermal_engine_prop:s0
vendor.sys.thermal. u:object_r:thermal_engine_prop:s0
# Wlan
persist.vendor.wigig.npt.enable u:object_r:vendor_default_prop:s0

1
sepolicy/vendor/radio.te vendored Normal file
View File

@ -0,0 +1 @@
allow radio gpuservice:binder { call };

8
sepolicy/vendor/system_app.te vendored Normal file
View File

@ -0,0 +1,8 @@
allow system_app vendor_default_prop:file { getattr open read };
allow system_app vendor_default_prop:file {map};
allow system_app vendor_sysfs_graphics:file { getattr open read };
allow system_app vendor_sysfs_msm_perf:dir { search };
allow system_app apk_data_file:dir { write };
allow system_app sysfs_zram:dir { search };
allow system_app sysfs_zram:file { read };
allow system_app sysfs_thermal:file { write };

4
sepolicy/vendor/system_server.te vendored Normal file
View File

@ -0,0 +1,4 @@
# Allow system_server to set persist_camera_prop
get_prop(system_server, vendor_persist_camera_prop)
get_prop(system_server, vendor_display_notch_prop)

4
sepolicy/vendor/tee.te vendored Normal file
View File

@ -0,0 +1,4 @@
typeattribute tee data_between_core_and_vendor_violators;
allow tee system_data_file:dir r_dir_perms;
allow tee fingerprintd_data_file:dir rw_dir_perms;
allow tee fingerprintd_data_file:file create_file_perms;

1
sepolicy/vendor/toolbox.te vendored Normal file
View File

@ -0,0 +1 @@
allow toolbox toolbox:capability { kill };

1
sepolicy/vendor/vendor_hal_neuralnetworks_default.te vendored Normal file
View File

@ -0,0 +1 @@
allow vendor_hal_neuralnetworks_default vendor_default_prop:file { read };

19
sepolicy/vendor/vendor_init.te vendored Normal file
View File

@ -0,0 +1,19 @@
typeattribute vendor_init data_between_core_and_vendor_violators;
allow vendor_init {
system_data_file
tombstone_data_file
}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
allow init adsprpcd_file:file mounton;
set_prop(vendor_init, vendor_freq_prop)
set_prop(vendor_init, vendor_camera_prop)
# Allow vendor_init to set persist_camera_prop
set_prop(vendor_init, vendor_persist_camera_prop)
allow vendor_init persist_debug_prop:file { read };
allow vendor_init default_prop:file { read };
allow vendor_init vendor_default_prop:property_service { set };

1
sepolicy/vendor/vendor_qti_init_shell.te vendored Normal file
View File

@ -0,0 +1 @@
allow vendor_qti_init_shell sysfs:file write;

1
sepolicy/vendor/vendor_sysfs_battery_supply.te vendored Normal file
View File

@ -0,0 +1 @@
allow vendor_sysfs_battery_supply vendor_sysfs_battery_supply:dir { read };

4
sepolicy/vendor/vendor_thermal-engine.te vendored Normal file
View File

@ -0,0 +1,4 @@
allow vendor_thermal-engine thermal_engine_prop:file { read };
allow vendor_thermal-engine vendor_data_file:dir { read };
set_prop(vendor_thermal-engine, thermal_engine_prop)
allow vendor_thermal-engine sysfs:dir r_dir_perms;