update sepolicy
This commit is contained in:
Valera1978
parent
ea7a1a25ba
commit
c0c8c50cef
18 changed files with 48 additions and 1 deletions
|
|
@ -2,3 +2,7 @@ allow cameraserver unlabeled:file { getattr open read };
|
|||
allow cameraserver system_prop:property_service set;
|
||||
allow cameraserver socket_device:sock_file write;
|
||||
allow cameraserver sysfs_camera:dir search;
|
||||
allow cameraserver hal_perf_default:binder call;
|
||||
allow cameraserver hal_perf_hwservice:hwservice_manager find;
|
||||
allow cameraserver sysfs:file write;
|
||||
allow cameraserver sysfs_camera:file { getattr open read };
|
||||
|
|
|
|||
|
|
@ -27,3 +27,5 @@
|
|||
# sysfs
|
||||
/sys/devices/virtual/camera(/.*)? u:object_r:sysfs_camera:s0
|
||||
/sys/devices/virtual/sec/sec_key/hall_irq_ctrl u:object_r:sysfs_sec:s0
|
||||
|
||||
/system/bin/wifiloader u:object_r:wifiloader_exec:s0
|
||||
|
|
|
|||
1
sepolicy/hal_drm_widevine.te
Normal file
1
sepolicy/hal_drm_widevine.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
allow hal_drm_widevine firmware_file:lnk_file read;
|
||||
|
|
@ -1 +1,2 @@
|
|||
allow hal_keymaster_default firmware_file:dir search;
|
||||
allow hal_keymaster_default firmware_file:file read;
|
||||
|
|
|
|||
2
sepolicy/hal_perf_default.te
Normal file
2
sepolicy/hal_perf_default.te
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
allow hal_perf_default init:unix_stream_socket connectto;
|
||||
allow hal_perf_default property_socket:sock_file write;
|
||||
|
|
@ -1 +1,2 @@
|
|||
allow hvdcp sysfs:file read;
|
||||
allow hvdcp sysfs:file { open read };
|
||||
allow hvdcp sysfs:dir write;
|
||||
|
|
|
|||
|
|
@ -1 +1,3 @@
|
|||
allow hwservicemanager unlabeled:file { getattr open read };
|
||||
allow hwservicemanager init:dir search;
|
||||
allow hwservicemanager init:file read;
|
||||
|
|
|
|||
|
|
@ -9,3 +9,13 @@ allow init functionfs:dir mounton;
|
|||
allow init self:netlink_socket { bind create read };
|
||||
allow init self:tcp_socket create;
|
||||
allow init socket_device:sock_file { create setattr };
|
||||
|
||||
allow init system_data_file:file rename;
|
||||
allow init tee_device:chr_file ioctl;
|
||||
allow init vfsspi_device:chr_file { ioctl getattr write };
|
||||
|
||||
allow init ion_device:chr_file ioctl;
|
||||
allow init tee_device:chr_file write;
|
||||
|
||||
allow init hidl_base_hwservice:hwservice_manager add;
|
||||
allow init hwservicemanager:binder { call transfer };
|
||||
|
|
|
|||
1
sepolicy/keystore.te
Normal file
1
sepolicy/keystore.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
allow keystore firmware_file:dir search;
|
||||
1
sepolicy/mediaextractor.te
Normal file
1
sepolicy/mediaextractor.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
allow mediaextractor vfat:file { getattr read };
|
||||
|
|
@ -6,3 +6,4 @@ allow mm-qcamerad camera_data_file:sock_file { create unlink };
|
|||
allow mm-qcamerad camera_socket:dir read;
|
||||
allow mm-qcamerad system_prop:property_service set;
|
||||
allow mm-qcamerad sysfs_camera:dir search;
|
||||
allow mm-qcamerad sysfs_camera:file { getattr open read write };
|
||||
|
|
|
|||
|
|
@ -16,3 +16,4 @@ allow rild proc_net:file w_file_perms;
|
|||
allow rild sysfs_sec:file rw_file_perms;
|
||||
|
||||
allow rild tombstone_data_file:dir search;
|
||||
allow rild vendor_file:file ioctl;
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
r_dir_file(system_server, app_efs_file)
|
||||
allow system_server sysfs_mdnie:file rw_file_perms;
|
||||
allow system_server default_android_service:service_manager find;
|
||||
allow system_server unlabeled:file unlink;
|
||||
|
|
|
|||
|
|
@ -6,3 +6,5 @@ file_type_auto_trans(tee, apk_data_file, tee_data_file);
|
|||
allow tee property_socket:sock_file write;
|
||||
allow tee init:unix_stream_socket connectto;
|
||||
allow tee gatekeeper_data_file:file { open read };
|
||||
|
||||
allow tee efs_file:file { open read };
|
||||
|
|
|
|||
|
|
@ -10,3 +10,4 @@ allow toolbox sensors_prop:property_service set;
|
|||
allow toolbox radio_data_file:dir { add_name create getattr open read setattr write };
|
||||
allow toolbox self:capability dac_override;
|
||||
allow toolbox sensors_persist_file:dir getattr;
|
||||
allow toolbox proc:file { open read };
|
||||
|
|
|
|||
|
|
@ -1,3 +1,6 @@
|
|||
allow untrusted_app_25 proc_stat:file { open read };
|
||||
allow untrusted_app_25 wcnss_prop:file open;
|
||||
allow untrusted_app_25 wififtmd_prop:file { getattr open };
|
||||
allow untrusted_app_25 mnt_media_rw_file:dir getattr;
|
||||
allow untrusted_app_25 rootfs:dir read;
|
||||
allow untrusted_app_25 sysfs:file read;
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
allow vold adsprpcd_file:dir r_dir_perms;
|
||||
allow vold efs_file:dir { ioctl open read };
|
||||
allow vold persist_file:dir { open read ioctl };
|
||||
allow vold self:capability sys_resource;
|
||||
|
|
|
|||
12
sepolicy/wifiloader.te
Normal file
12
sepolicy/wifiloader.te
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
#### wifiloader
|
||||
#
|
||||
type wifiloader, domain;
|
||||
type wifiloader_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(wifiloader)
|
||||
|
||||
allow wifiloader proc:file r_file_perms;
|
||||
|
||||
# load .ko modules
|
||||
allow kernel self:capability sys_module;
|
||||
allow wifiloader self:capability sys_module;
|
||||
Loading…
Reference in a new issue