gts3l: selinux: Overwrite files from gts4lv-common with tiny edits
Because it is much similar to use the same family Signed-off-by: Deokgyu Yang <secugyu@gmail.com> Change-Id: Ic988274c7848c6ea0c9949b8caa63495515c1804
This commit is contained in:
Deokgyu Yang
parent
98396292f8
commit
f13f4f6966
54 changed files with 586 additions and 290 deletions
|
|
@ -1,4 +1,3 @@
|
|||
allow adsprpcd_file self:filesystem associate;
|
||||
allow adsprpcd mnt_vendor_file:dir create_dir_perms;
|
||||
allow adsprpcd mnt_vendor_file:file create_file_perms;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
# Allow audioserver to create socket files for audio arbitration
|
||||
allow audioserver audio_data_file:sock_file { create setattr unlink };
|
||||
allow audioserver audio_data_file:dir remove_name;
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# Allow cnd to access cnd_core_data_file
|
||||
allow cnd cnd_core_data_file:file create_file_perms;
|
||||
allow cnd cnd_core_data_file:sock_file { unlink create setattr };
|
||||
|
||||
allow cnd system_wpa_socket:sock_file unlink;
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
allow dataservice_app system_app_data_file:dir create_dir_perms;
|
||||
allow dataservice_app system_app_data_file:{ file lnk_file } create_file_perms;
|
||||
|
||||
# Allow dataservice_app to read files in cnd_core_data_file
|
||||
r_dir_file(dataservice_app, cnd_core_data_file)
|
||||
|
|
@ -1,3 +1,13 @@
|
|||
type captouch_device, dev_type;
|
||||
type sound_device, dev_type;
|
||||
type sysmatdrv_device, dev_type;
|
||||
type botablk_device, dev_type;
|
||||
type debug_block_device, dev_type;
|
||||
type dsp_block_device, dev_type;
|
||||
type dun_device, dev_type;
|
||||
type efsblk_device, dev_type;
|
||||
type fp_sensor_device, dev_type;
|
||||
type hiddenblk_device, dev_type;
|
||||
type kgsl_device, dev_type;
|
||||
type omr_block_device, dev_type;
|
||||
type paramblk_device, dev_type;
|
||||
type sec_efsblk_device, dev_type;
|
||||
type steady_block_device, dev_type;
|
||||
type tz_device, dev_type;
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
# Silence /dev/stune logspam
|
||||
dontaudit domain device:file w_file_perms;
|
||||
|
|
@ -1,27 +1,53 @@
|
|||
type camera_socket, file_type, core_data_file_type, data_file_type;
|
||||
type cnd_core_data_file, file_type, core_data_file_type, data_file_type;
|
||||
type debugfs_rmt, debugfs_type, fs_type;
|
||||
type firmware-modem_file, file_type, contextmount_type, vendor_file_type;
|
||||
type fpc_data_file, core_data_file_type, data_file_type, file_type;
|
||||
# data
|
||||
type biometrics_vendor_data_file, data_file_type, file_type;
|
||||
type vendor_audiopcm_data_file, data_file_type, file_type;
|
||||
type vendor_convergence_data_file, data_file_type, file_type;
|
||||
type vendor_gps_file, data_file_type, file_type;
|
||||
type vendor_log_file, data_file_type, file_type;
|
||||
|
||||
# efs
|
||||
type app_efs_file, file_type, mlstrustedobject;
|
||||
type battery_efs_file, file_type;
|
||||
type bin_nv_data_efs_file, file_type;
|
||||
type carrier_efs_file, file_type, mlstrustedobject;
|
||||
type cpk_efs_file, file_type;
|
||||
type drm_efs_file, file_type;
|
||||
type dsms_efs_file, file_type;
|
||||
type efs_gsm_file, file_type;
|
||||
type gatekeeper_efs_file, file_type;
|
||||
type imei_efs_file, file_type, mlstrustedobject;
|
||||
type iss_efs_file, file_type;
|
||||
type kpm_efs_file, file_type;
|
||||
type mb_po_efs_file, file_type;
|
||||
type nfc_efs_file, file_type;
|
||||
type nv_core_efs_file, file_type;
|
||||
type otadm_efs_file, file_type;
|
||||
type pdp_efs_file, file_type;
|
||||
type pfw_efs_file, file_type, mlstrustedobject;
|
||||
type prov_efs_file, file_type;
|
||||
type retailmode_efs_file, file_type, mlstrustedobject;
|
||||
type sec_efs_file, file_type, mlstrustedobject;
|
||||
type sec_poc_file, file_type, mlstrustedobject;
|
||||
type snap_efs_file, file_type, mlstrustedobject;
|
||||
type snapsec_efs_file, file_type;
|
||||
type ssm_efs_file, file_type;
|
||||
type tee_efs_file, file_type;
|
||||
type vaultkeeper_efs_file, file_type;
|
||||
type wifi_efs_file, file_type, mlstrustedobject;
|
||||
|
||||
# proc
|
||||
type proc_default_smp_affinity, fs_type, proc_type;
|
||||
type proc_simslot_count, fs_type, proc_type;
|
||||
type proc_swappiness, fs_type, proc_type;
|
||||
|
||||
# rootfs
|
||||
type omr_file, file_type, mlstrustedobject;
|
||||
type persist_qc_senseid_file, file_type;
|
||||
type persist_usf_cal_file, file_type;
|
||||
type proc_buttons, proc_type, fs_type;
|
||||
type proc_touchpanel, proc_type, sysfs_type, fs_type;
|
||||
type qfp-daemon_core_data_file, file_type, core_data_file_type, data_file_type;
|
||||
type sysfs_cnss_common, sysfs_type, fs_type;
|
||||
type sysfs_fpc, sysfs_type, fs_type;
|
||||
type sysfs_fpc_keyevents, sysfs_type, fs_type;
|
||||
type sysfs_fpc_wakeup, sysfs_type, fs_type;
|
||||
type sysfs_fpc_proximity, sysfs_type, fs_type;
|
||||
type sysfs_panel, sysfs_type, fs_type;
|
||||
|
||||
# sysfs
|
||||
type sysfs_audio_writable, fs_type, sysfs_type;
|
||||
type sysfs_camera_writable, fs_type, sysfs_type;
|
||||
type sysfs_fpc, fs_type, sysfs_type;
|
||||
type sysfs_lcd_writable, fs_type, sysfs_type;
|
||||
type sysfs_mdnie_writable, fs_type, sysfs_type;
|
||||
type sysfs_sec_keypad, fs_type, sysfs_type;
|
||||
type sysfs_sec_switch, fs_type, sysfs_type;
|
||||
type sysfs_tsp, fs_type, sysfs_type;
|
||||
type sysfs_wifi, fs_type, sysfs_type;
|
||||
type thermal_data_file, core_data_file_type, data_file_type, file_type;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,65 +1,195 @@
|
|||
# Devices
|
||||
/dev/captouch u:object_r:captouch_device:s0
|
||||
/dev/elliptic(.*)? u:object_r:sound_device:s0
|
||||
/dev/pn548 u:object_r:nfc_device:s0
|
||||
/dev/sysmatdrv u:object_r:sysmatdrv_device:s0
|
||||
|
||||
# Sys files
|
||||
/sys/devices/soc/75b7000\.i2c/i2c-9/9-[0-9a-f]+/leds(/.*)? u:object_r:sysfs_leds:s0
|
||||
/sys/devices/soc/leds-qpnp-[0-9]+/leds(/.*)? u:object_r:sysfs_leds:s0
|
||||
|
||||
/sys/devices/soc/75ba000\.i2c/i2c-12/12-[0-9a-f]+/panel_(color|vendor) u:object_r:sysfs_panel:s0
|
||||
|
||||
/sys/devices/soc/75ba000\.i2c/i2c-12/12-[0-9a-f]+/input/input[0-9]+/0dbutton u:object_r:proc_touchpanel:s0
|
||||
|
||||
/sys/devices/soc/75ba000\.i2c/i2c-12/12-[0-9a-f]+(/input/input[0-9]+)?/reversed_keys u:object_r:proc_touchpanel:s0
|
||||
|
||||
/sys/devices/soc/75ba000\.i2c/i2c-12/12-[0-9a-f]+/input/input[0-9]+/wake_gesture u:object_r:proc_touchpanel:s0
|
||||
/sys/devices/soc/75ba000\.i2c/i2c-12/12-[0-9a-f]+/wakeup_mode u:object_r:proc_touchpanel:s0
|
||||
|
||||
/sys/devices/soc/soc:fpc_fpc1020/irq u:object_r:sysfs_fpc:s0
|
||||
/sys/devices/soc/soc:fpc_fpc1020/enable_key_events u:object_r:sysfs_fpc_keyevents:s0
|
||||
/sys/devices/soc/soc:fpc_fpc1020/enable_wakeup u:object_r:sysfs_fpc_wakeup:s0
|
||||
/sys/devices/soc/soc:fpc_fpc1020/proximity_state u:object_r:sysfs_fpc_proximity:s0
|
||||
|
||||
/sys/module/cnss_common/parameters/bdwlan_file u:object_r:sysfs_cnss_common:s0
|
||||
|
||||
# Data files
|
||||
/data/fpc(/.*)? u:object_r:fpc_data_file:s0
|
||||
/data/camera(/.*)? u:object_r:camera_socket:s0
|
||||
/data/connectivity(/.*)? u:object_r:cnd_core_data_file:s0
|
||||
/data/decrypt\.txt u:object_r:thermal_data_file:s0
|
||||
/data/misc/stargate(/.*)? u:object_r:qfp-daemon_core_data_file:s0
|
||||
|
||||
# Persist files
|
||||
/(mnt/vendor)/persist/audio/us_cal u:object_r:persist_usf_cal_file:s0
|
||||
/(mnt/vendor)/persist/PRSensorData\.txt u:object_r:sensors_persist_file:s0
|
||||
/(mnt/vendor)/persist/PSensor3cm_ct\.txt u:object_r:sensors_persist_file:s0
|
||||
/(mnt/vendor)/persist/qc_senseid(/.*)? u:object_r:persist_qc_senseid_file:s0
|
||||
|
||||
# Root files
|
||||
/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0
|
||||
/firmware(/.*)? u:object_r:firmware_file:s0
|
||||
/firmware-modem(/.*)? u:object_r:firmware-modem_file:s0
|
||||
/omr(/.*)? u:object_r:omr_file:s0
|
||||
# Block devices
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/bota u:object_r:botablk_device:s0
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/config u:object_r:frp_block_device:s0
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/debug u:object_r:debug_block_device:s0
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/dsp u:object_r:dsp_block_device:s0
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/dtbo u:object_r:boot_block_device:s0
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/efs u:object_r:efsblk_device:s0
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/hidden u:object_r:hiddenblk_device:s0
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/omr u:object_r:omr_block_device:s0
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/param u:object_r:paramblk_device:s0
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/persistent u:object_r:frp_block_device:s0
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/sec_efs u:object_r:sec_efsblk_device:s0
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/steady u:object_r:steady_block_device:s0
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/vbmeta u:object_r:boot_block_device:s0
|
||||
/dev/block/platform/soc/624000\.sdhci/by-name/vendor u:object_r:system_block_device:s0
|
||||
|
||||
# Binaries
|
||||
/system/bin/chargeonlymode u:object_r:charger_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/macloader u:object_r:macloader_exec:s0
|
||||
/(vendor|system/vendor)/bin/secril_config_svc u:object_r:secril_config_svc_exec:s0
|
||||
/(vendor|system/vendor)/dsp(/.*)? u:object_r:adsprpcd_file:s0
|
||||
|
||||
# Data files
|
||||
/data/vendor/biometrics(/.*)? u:object_r:biometrics_vendor_data_file:s0
|
||||
/data/vendor/conn(/.*)? u:object_r:vendor_convergence_data_file:s0
|
||||
/data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0
|
||||
/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
|
||||
/data/vendor/log/audiopcm(/.*)? u:object_r:vendor_audiopcm_data_file:s0
|
||||
/data/vendor/secradio(/.*)? u:object_r:vendor_radio_data_file:s0
|
||||
|
||||
# Devices
|
||||
/dev/android_rndis_qc u:object_r:radio_device:s0
|
||||
/dev/cdma_.* u:object_r:radio_device:s0
|
||||
/dev/dbmdx-[0-9]+ u:object_r:audio_device:s0
|
||||
/dev/dun u:object_r:dun_device:s0
|
||||
/dev/esfp[0-9]+ u:object_r:fp_sensor_device:s0
|
||||
/dev/gsm_.* u:object_r:radio_device:s0
|
||||
/dev/link_pm u:object_r:radio_device:s0
|
||||
/dev/mdm u:object_r:radio_device:s0
|
||||
/dev/network_latency u:object_r:radio_device:s0
|
||||
/dev/network_throughput u:object_r:radio_device:s0
|
||||
/dev/nmea u:object_r:radio_device:s0
|
||||
/dev/qmi[0-9]* u:object_r:radio_device:s0
|
||||
/dev/tzic u:object_r:tz_device:s0
|
||||
|
||||
# EFS files
|
||||
/efs/\.drm(/.*)? u:object_r:drm_efs_file:s0
|
||||
/efs/\.nv_core\.bak(.*) u:object_r:nv_core_efs_file:s0
|
||||
/efs/afc(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/apn-changes\.xml u:object_r:sec_efs_file:s0
|
||||
/efs/Battery(/.*)? u:object_r:battery_efs_file:s0
|
||||
/efs/bench(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/biometrics(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
|
||||
/efs/calibration_data u:object_r:sec_efs_file:s0
|
||||
/efs/CamMotorSlideCnt u:object_r:app_efs_file:s0
|
||||
/efs/carrier(/.*)? u:object_r:carrier_efs_file:s0
|
||||
/efs/cpk(/.*)? u:object_r:cpk_efs_file:s0
|
||||
/efs/DAK(/.*)? u:object_r:prov_efs_file:s0
|
||||
/efs/drm(/.*)? u:object_r:drm_efs_file:s0
|
||||
/efs/drx(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/dsms(/.*)? u:object_r:dsms_efs_file:s0
|
||||
/efs/etc/poc(/.*)? u:object_r:sec_poc_file:s0
|
||||
/efs/FactoryApp(/.*)? u:object_r:app_efs_file:s0
|
||||
/efs/gatekeeper(/.*)? u:object_r:gatekeeper_efs_file:s0
|
||||
/efs/grip_cal_data u:object_r:sec_efs_file:s0
|
||||
/efs/gyro_cal_data u:object_r:sec_efs_file:s0
|
||||
/efs/hw_offset u:object_r:sec_efs_file:s0
|
||||
/efs/imei(/.*)? u:object_r:imei_efs_file:s0
|
||||
/efs/ims_setting(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/iss(/.*)? u:object_r:iss_efs_file:s0
|
||||
/efs/logguard(/.*)? u:object_r:iss_efs_file:s0
|
||||
/efs/lpm(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/maxim(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/mb_po(/.*)? u:object_r:mb_po_efs_file:s0
|
||||
/efs/mc(/.*)? u:object_r:prov_efs_file:s0
|
||||
/efs/misc(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/nfc(/.*)? u:object_r:nfc_efs_file:s0
|
||||
/efs/nv_data\.bin(.*) u:object_r:bin_nv_data_efs_file:s0
|
||||
/efs/nv_fsm_data\.bin u:object_r:bin_nv_data_efs_file:s0
|
||||
/efs/nxp(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/osc_trim u:object_r:sec_efs_file:s0
|
||||
/efs/otadm(/.*)? u:object_r:otadm_efs_file:s0
|
||||
/efs/otadm_sw_version u:object_r:otadm_efs_file:s0
|
||||
/efs/pdp_bkup(/.*)? u:object_r:pdp_efs_file:s0
|
||||
/efs/pfw_data(/.*)? u:object_r:pfw_efs_file:s0
|
||||
/efs/prov(/.*)? u:object_r:prov_efs_file:s0
|
||||
/efs/prov_data(/.*)? u:object_r:prov_efs_file:s0
|
||||
/efs/prox_cal u:object_r:sec_efs_file:s0
|
||||
/efs/qualcomm(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/recovery(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/richtek(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/root(/.*)? u:object_r:app_efs_file:s0
|
||||
/efs/sec_efs(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/sec_efs/iss/.policy_config u:object_r:sec_efs_file:s0
|
||||
/efs/sec_efs/kpm(/.*)? u:object_r:kpm_efs_file:s0
|
||||
/efs/sec_efs/retailmode(/.*)? u:object_r:retailmode_efs_file:s0
|
||||
/efs/security(/.*)? u:object_r:prov_efs_file:s0
|
||||
/efs/sktdm_mem(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/SlideCount u:object_r:app_efs_file:s0
|
||||
/efs/SMS(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/snap(/.*)? u:object_r:snap_efs_file:s0
|
||||
/efs/snapsec(/.*)? u:object_r:snapsec_efs_file:s0
|
||||
/efs/ssm(/.*)? u:object_r:ssm_efs_file:s0
|
||||
/efs/tas25xx(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/TEE(/.*)? u:object_r:prov_efs_file:s0
|
||||
/efs/tee(/.*)? u:object_r:tee_efs_file:s0
|
||||
/efs/usb_hw_param(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/vk(/.*)? u:object_r:vaultkeeper_efs_file:s0
|
||||
/efs/vold(/.*)? u:object_r:sec_efs_file:s0
|
||||
/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
|
||||
/efs/wv\.keys u:object_r:sec_efs_file:s0
|
||||
/efs_gsm(/.*)? u:object_r:efs_gsm_file:s0
|
||||
/mnt/vendor/efs(/.*)? u:object_r:efs_file:s0
|
||||
/mnt/vendor/efs/\.drm(/.*)? u:object_r:drm_efs_file:s0
|
||||
/mnt/vendor/efs/\.nv_core\.bak(.*) u:object_r:nv_core_efs_file:s0
|
||||
/mnt/vendor/efs/Battery(/.*)? u:object_r:battery_efs_file:s0
|
||||
/mnt/vendor/efs/bench(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
|
||||
/mnt/vendor/efs/calibration_data u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/carrier(/.*)? u:object_r:carrier_efs_file:s0
|
||||
/mnt/vendor/efs/cirrus(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/cpk(/.*)? u:object_r:cpk_efs_file:s0
|
||||
/mnt/vendor/efs/DAK(/.*)? u:object_r:prov_efs_file:s0
|
||||
/mnt/vendor/efs/drm(/.*)? u:object_r:drm_efs_file:s0
|
||||
/mnt/vendor/efs/drx(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/etc/poc(/.*)? u:object_r:sec_poc_file:s0
|
||||
/mnt/vendor/efs/FactoryApp(/.*)? u:object_r:app_efs_file:s0
|
||||
/mnt/vendor/efs/grip_cal_data u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/gyro_cal_data u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/hw_offset u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/imei(/.*)? u:object_r:imei_efs_file:s0
|
||||
/mnt/vendor/efs/ims_setting(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/iss(/.*)? u:object_r:iss_efs_file:s0
|
||||
/mnt/vendor/efs/logguard(/.*)? u:object_r:iss_efs_file:s0
|
||||
/mnt/vendor/efs/maxim(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/mc(/.*)? u:object_r:prov_efs_file:s0
|
||||
/mnt/vendor/efs/misc(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/nv_data\.bin(.*) u:object_r:bin_nv_data_efs_file:s0
|
||||
/mnt/vendor/efs/nv_fsm_data\.bin u:object_r:bin_nv_data_efs_file:s0
|
||||
/mnt/vendor/efs/nxp(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/osc_trim u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/otadm(/.*)? u:object_r:otadm_efs_file:s0
|
||||
/mnt/vendor/efs/otadm_sw_version u:object_r:otadm_efs_file:s0
|
||||
/mnt/vendor/efs/pfw_data(/.*)? u:object_r:pfw_efs_file:s0
|
||||
/mnt/vendor/efs/pn-changes\.xml u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/prov(/.*)? u:object_r:prov_efs_file:s0
|
||||
/mnt/vendor/efs/prov_data(/.*)? u:object_r:prov_efs_file:s0
|
||||
/mnt/vendor/efs/prox_cal u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/qualcomm(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/recovery(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/richtek(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/root(/.*)? u:object_r:app_efs_file:s0
|
||||
/mnt/vendor/efs/sec_efs(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/sec_efs/iss/.policy_config u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/sec_efs/retailmode(/.*)? u:object_r:retailmode_efs_file:s0
|
||||
/mnt/vendor/efs/security(/.*)? u:object_r:prov_efs_file:s0
|
||||
/mnt/vendor/efs/sktdm_mem(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/SlideCount u:object_r:app_efs_file:s0
|
||||
/mnt/vendor/efs/SMS(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/TEE(/.*)? u:object_r:prov_efs_file:s0
|
||||
/mnt/vendor/efs/tee(/.*)? u:object_r:tee_efs_file:s0
|
||||
/mnt/vendor/efs/usb_hw_param(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/vk(/.*)? u:object_r:vaultkeeper_efs_file:s0
|
||||
/mnt/vendor/efs/vold(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
|
||||
/mnt/vendor/efs/wv\.keys u:object_r:sec_efs_file:s0
|
||||
|
||||
# HALs
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.1-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.1-service\.widevine u:object_r:hal_drm_widevine_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.samsung u:object_r:hal_fingerprint_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service\.samsung u:object_r:hal_health_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service\.samsung u:object_r:hal_keymaster_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.samsung u:object_r:hal_light_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.1-service\.gts3l u:object_r:hal_usb_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service\.samsung-qcom u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.samsung\.hardware\.camera\.provider@2\.4-service u:object_r:hal_camera_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.samsung\.hardware\.miscpower@1\.0-service u:object_r:hal_power_default_exec:s0
|
||||
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@1\.0-service u:object_r:hal_sensors_default_exec:s0
|
||||
|
||||
# Shell scripts
|
||||
/(vendor|system/vendor)/bin/init\.panel\.sh u:object_r:init_panel_exec:s0
|
||||
/(vendor|system/vendor)/bin/init\.tfa\.sh u:object_r:init_tfa_exec:s0
|
||||
# Rootfs
|
||||
/firmware(/.*)? u:object_r:firmware_file:s0
|
||||
/omr(/.*)? u:object_r:omr_file:s0
|
||||
/persist(/.*)? u:object_r:persist_file:s0
|
||||
|
||||
# Sys
|
||||
/sys/class/camera(/.*)? -- u:object_r:sysfs_camera_writable:s0
|
||||
/sys/class/lcd(/.*)? -- u:object_r:sysfs_lcd_writable:s0
|
||||
/sys/class/power_supply(/.*)? -- u:object_r:sysfs_batteryinfo:s0
|
||||
/sys/class/power_supply/battery(/.*)? -- u:object_r:sysfs_batteryinfo:s0
|
||||
/sys/class/rfkill/rfkill[0-9]+/state -- u:object_r:sysfs_bluetooth_writable:s0
|
||||
/sys/class/rfkill/rfkill[0-9]+/type -- u:object_r:sysfs_bluetooth_writable:s0
|
||||
/sys/devices/platform/soc/soc:battery/power_supply(/.*)? -- u:object_r:sysfs_batteryinfo:s0
|
||||
/sys/devices/virtual/audio/earjack/state u:object_r:sysfs_audio_writable:s0
|
||||
/sys/devices/virtual/fingerprint/fingerprint(/.*)? u:object_r:sysfs_fpc:s0
|
||||
/sys/devices/virtual/lcd/panel(/.*)? u:object_r:sysfs_lcd_writable:s0
|
||||
/sys/devices/virtual/mdnie(/.*)? -- u:object_r:sysfs_mdnie_writable:s0
|
||||
/sys/devices/virtual/sec/tsp(/.*)? u:object_r:sysfs_tsp:s0
|
||||
|
|
|
|||
|
|
@ -1,17 +1,23 @@
|
|||
genfscon debugfs /rmt_storage u:object_r:debugfs_rmt:s0
|
||||
genfscon proc /irq/default_smp_affinity u:object_r:proc_default_smp_affinity:s0
|
||||
genfscon proc /memsize u:object_r:proc_meminfo:s0
|
||||
genfscon proc /schedstat u:object_r:proc_sched:s0
|
||||
genfscon proc /simslot_count u:object_r:proc_simslot_count:s0
|
||||
genfscon proc /sys/kernel/sched_boost u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_cstate_aware u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_downmigrate u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_group_downmigrate u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_group_upmigrate u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_initial_task_util u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_sync_hint_enable u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_upmigrate u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_walt_rotate_big_tasks u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/vm/swappiness u:object_r:proc_swappiness:s0
|
||||
|
||||
genfscon proc /buttons u:object_r:proc_buttons:s0
|
||||
genfscon proc /touchpanel u:object_r:proc_touchpanel:s0
|
||||
|
||||
genfscon sysfs /devices/soc/6a00000.ssusb/6a00000.dwc3/gadget/lun0/ u:object_r:sysfs_android_usb:s0
|
||||
genfscon sysfs /devices/soc/6a00000.ssusb/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /devices/soc/70000.qcom,msm-core/uio/uio1 u:object_r:sysfs_uio_file:s0
|
||||
genfscon sysfs /devices/soc/70000.qcom,msm-thermal/uio/uio2 u:object_r:sysfs_uio_file:s0
|
||||
genfscon sysfs /devices/soc/75b5000.i2c/i2c-7/7-001d/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /devices/soc/msm-bcl-19/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /devices/soc/msm-bcl-21/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /devices/soc/qpnp-fg-22/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /devices/soc/qpnp-fg-24/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /devices/soc/qpnp-smbcharger-21/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /devices/soc/qpnp-smbcharger-23/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /devices/soc/soc:qcom,bcl/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /devices/soc/qpnp-smbcharger-[a-z0-9]+/power_supply/dc(/.*)? u:object_r:sysfs_battery_supply:s0
|
||||
genfscon sysfs /devices/soc/qpnp-smbcharger-[a-z0-9]+/power_supply/battery(/.*)? u:object_r:sysfs_battery_supply:s0
|
||||
genfscon sysfs /devices/virtual/lcd/panel u:object_r:sysfs_lcd_writable:s0
|
||||
genfscon sysfs /devices/virtual/sensors/ssc_core/ssc_hw_rev u:object_r:sysfs_sensors:s0
|
||||
genfscon sysfs /power/cpufreq_max_limit u:object_r:sysfs_power:s0
|
||||
genfscon sysfs /power/cpufreq_min_limit u:object_r:sysfs_power:s0
|
||||
genfscon sysfs /power/cpufreq_table u:object_r:sysfs_power:s0
|
||||
genfscon sysfs /wifi u:object_r:sysfs_wifi:s0
|
||||
|
|
|
|||
|
|
@ -1 +1,13 @@
|
|||
r_dir_file(hal_audio_default, persist_usf_cal_file)
|
||||
allow hal_audio_default hal_bluetooth_a2dp_hwservice:hwservice_manager { add find };
|
||||
|
||||
allow hal_audio_default sysfs_audio_writable:file r_file_perms;
|
||||
|
||||
allow hal_audio_default sec_efs_file:dir create_dir_perms;
|
||||
allow hal_audio_default sec_efs_file:file create_file_perms;
|
||||
|
||||
allow hal_audio_default vendor_audio_data_file:dir create_dir_perms;
|
||||
|
||||
allow hal_audio_default vendor_audiopcm_data_file:dir create_dir_perms;
|
||||
allow hal_audio_default vendor_audiopcm_data_file:file create_file_perms;
|
||||
|
||||
allow hal_audio_default vendor_log_file:dir r_dir_perms;
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
allow hal_bluetooth_default bluetooth_data_file:dir ra_dir_perms;
|
||||
allow hal_bluetooth_default bluetooth_data_file:file create_file_perms;
|
||||
10
sepolicy/hal_bluetooth_qti.te
Normal file
10
sepolicy/hal_bluetooth_qti.te
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
allow hal_bluetooth_qti efs_file:dir r_dir_perms;
|
||||
|
||||
allow hal_bluetooth_qti bluetooth_efs_file:dir rw_dir_perms;
|
||||
allow hal_bluetooth_qti bluetooth_efs_file:file create_file_perms;
|
||||
|
||||
allow hal_bluetooth_qti diag_device:chr_file rw_file_perms;
|
||||
|
||||
r_dir_file(hal_bluetooth_qti, vendor_convergence_data_file)
|
||||
|
||||
get_prop(hal_bluetooth_qti, vendor_factory_prop)
|
||||
|
|
@ -1 +1,14 @@
|
|||
allow hal_camera_default camera_data_file:sock_file write;
|
||||
allow hal_camera_default app_efs_file:dir rw_dir_perms;
|
||||
allow hal_camera_default app_efs_file:file rw_file_perms;
|
||||
|
||||
allow hal_camera_default sysfs_camera_writable:dir r_dir_perms;
|
||||
allow hal_camera_default sysfs_camera_writable:file rw_file_perms;
|
||||
|
||||
allow hal_camera_default sysfs_sensors:file r_file_perms;
|
||||
|
||||
r_dir_file(hal_camera_default, efs_file)
|
||||
r_dir_file(hal_camera_default, sec_poc_file)
|
||||
|
||||
get_prop(hal_camera_default, graphics_vulkan_prop)
|
||||
get_prop(hal_camera_default, vendor_factory_prop)
|
||||
set_prop(hal_camera_default, sec_camera_prop)
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
allow hal_drm_default media_data_file:dir create_dir_perms;
|
||||
allow hal_drm_default media_data_file:file create_file_perms;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow hal_drm_widevine media_data_file:dir create_dir_perms;
|
||||
allow hal_drm_widevine media_data_file:file create_file_perms;
|
||||
|
|
@ -1,21 +1,21 @@
|
|||
binder_call(hal_fingerprint_default, qfp-daemon)
|
||||
binder_use(hal_fingerprint_default)
|
||||
|
||||
# Allow hal_fingerprint_default to open firmware images
|
||||
r_dir_file(hal_fingerprint_default, firmware_file)
|
||||
|
||||
allow hal_fingerprint_default iqfp_service:service_manager find;
|
||||
|
||||
allow hal_fingerprint_default fingerprintd_data_file:file create_file_perms;
|
||||
allow hal_fingerprint_default fingerprintd_data_file:dir rw_dir_perms;
|
||||
allow hal_fingerprint_default fpc_data_file:dir rw_dir_perms;
|
||||
allow hal_fingerprint_default fpc_data_file:file create_file_perms;
|
||||
allow hal_fingerprint_default fpc_data_file:sock_file { create unlink };
|
||||
allow hal_fingerprint_default sysfs_fpc:dir r_dir_perms;
|
||||
allow hal_fingerprint_default sysfs_fpc:file rw_file_perms;
|
||||
allow hal_fingerprint_default sysmatdrv_device:chr_file w_file_perms;
|
||||
allow hal_fingerprint_default fp_sensor_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
|
||||
|
||||
# Ignore all logging requests
|
||||
dontaudit hal_fingerprint_default storage_file:dir search;
|
||||
allow hal_fingerprint_default firmware_file:file r_file_perms;
|
||||
|
||||
allow hal_fingerprint_default efs_file:file r_file_perms;
|
||||
|
||||
allow hal_fingerprint_default sec_poc_file:file r_file_perms;
|
||||
|
||||
allow hal_fingerprint_default sec_efs_file:dir create_dir_perms;
|
||||
allow hal_fingerprint_default sec_efs_file:file create_file_perms;
|
||||
|
||||
allow hal_fingerprint_default sysfs_fpc:dir r_dir_perms;
|
||||
allow hal_fingerprint_default sysfs_fpc:file r_file_perms;
|
||||
allow hal_fingerprint_default sysfs_fpc:lnk_file r_file_perms;
|
||||
|
||||
allow hal_fingerprint_default biometrics_vendor_data_file:dir create_dir_perms;
|
||||
allow hal_fingerprint_default biometrics_vendor_data_file:file create_file_perms;
|
||||
|
||||
allow hal_fingerprint_default vendor_data_file:dir create_dir_perms;
|
||||
allow hal_fingerprint_default vendor_data_file:file create_file_perms;
|
||||
|
|
|
|||
12
sepolicy/hal_gatekeeper_default.te
Normal file
12
sepolicy/hal_gatekeeper_default.te
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
allow hal_gatekeeper_default tz_device:chr_file rw_file_perms;
|
||||
|
||||
allow hal_gatekeeper_default efs_file:dir search;
|
||||
|
||||
allow hal_gatekeeper_default sec_poc_file:dir search;
|
||||
|
||||
allow hal_gatekeeper_default prov_efs_file:dir create_dir_perms;
|
||||
allow hal_gatekeeper_default prov_efs_file:file create_file_perms;
|
||||
|
||||
get_prop(hal_gatekeeper_default, tzdaemon_prop)
|
||||
get_prop(hal_gatekeeper_default, vendor_tztsdaemon_prop)
|
||||
set_prop(hal_gatekeeper_default, dumpstate_options_prop)
|
||||
9
sepolicy/hal_gnss_qti.te
Normal file
9
sepolicy/hal_gnss_qti.te
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
binder_call(hal_gnss_qti, hal_gnss_default)
|
||||
|
||||
allow hal_gnss_qti location_data_file:dir rw_dir_perms;
|
||||
allow hal_gnss_qti location_data_file:file rw_file_perms;
|
||||
|
||||
allow hal_gnss_qti vendor_data_file:dir rw_dir_perms;
|
||||
|
||||
allow hal_gnss_qti vendor_gps_file:dir rw_dir_perms;
|
||||
allow hal_gnss_qti vendor_gps_file:file create_file_perms;
|
||||
5
sepolicy/hal_health_default.te
Normal file
5
sepolicy/hal_health_default.te
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
allow hal_health_default mnt_vendor_file:dir search;
|
||||
|
||||
r_dir_file(hal_health_default, app_efs_file)
|
||||
r_dir_file(hal_health_default, efs_file)
|
||||
r_dir_file(hal_health_default, battery_efs_file)
|
||||
23
sepolicy/hal_keymaster_default.te
Normal file
23
sepolicy/hal_keymaster_default.te
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
allow hal_keymaster_default mnt_vendor_file:dir r_dir_perms;
|
||||
|
||||
allow hal_keymaster_default firmware_file:file r_file_perms;
|
||||
|
||||
allow hal_keymaster_default efs_file:dir r_dir_perms;
|
||||
allow hal_keymaster_default efs_file:file r_file_perms;
|
||||
allow hal_keymaster_default efs_file:lnk_file r_file_perms;
|
||||
|
||||
allow hal_keymaster_default prov_efs_file:dir create_dir_perms;
|
||||
allow hal_keymaster_default prov_efs_file:file create_file_perms;
|
||||
|
||||
allow hal_keymaster_default sec_poc_file:dir r_dir_perms;
|
||||
allow hal_keymaster_default sec_poc_file:file r_file_perms;
|
||||
allow hal_keymaster_default sec_poc_file:lnk_file r_file_perms;
|
||||
|
||||
allow hal_keymaster_default tee_device:chr_file rw_file_perms;
|
||||
allow hal_keymaster_default tz_device:chr_file rw_file_perms;
|
||||
|
||||
get_prop(hal_keymaster_default, compact_dump_prop)
|
||||
get_prop(hal_keymaster_default, tzdaemon_prop)
|
||||
get_prop(hal_keymaster_default, vendor_tztsdaemon_prop)
|
||||
set_prop(hal_keymaster_default, ctl_start_prop)
|
||||
set_prop(hal_keymaster_default, dumpstate_options_prop)
|
||||
8
sepolicy/hal_lineage_livedisplay_sysfs.te
Normal file
8
sepolicy/hal_lineage_livedisplay_sysfs.te
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
allow hal_lineage_livedisplay_sysfs display_vendor_data_file:dir rw_dir_perms;
|
||||
allow hal_lineage_livedisplay_sysfs display_vendor_data_file:file create_file_perms;
|
||||
|
||||
allow hal_lineage_livedisplay_sysfs sysfs_lcd_writable:dir search;
|
||||
allow hal_lineage_livedisplay_sysfs sysfs_lcd_writable:file rw_file_perms;
|
||||
|
||||
allow hal_lineage_livedisplay_sysfs sysfs_mdnie_writable:dir search;
|
||||
allow hal_lineage_livedisplay_sysfs sysfs_mdnie_writable:file rw_file_perms;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow hal_lineage_touch_default proc_touchpanel:dir search;
|
||||
allow hal_lineage_touch_default proc_touchpanel:file rw_file_perms;
|
||||
|
|
@ -1 +1,5 @@
|
|||
dontaudit hal_perf_default self:capability { dac_override dac_read_search };
|
||||
allow hal_perf_default self:capability kill;
|
||||
|
||||
allow hal_perf_default proc_sched:file rw_file_perms;
|
||||
|
||||
get_prop(hal_perf_default, sec_camera_prop)
|
||||
|
|
|
|||
|
|
@ -1,11 +1,9 @@
|
|||
add_hwservice(hal_power_default, hal_miscpower_hwservice)
|
||||
|
||||
# Allow writing to files in /proc/touchpanel
|
||||
allow hal_power_default proc_touchpanel:dir search;
|
||||
allow hal_power_default proc_touchpanel:file rw_file_perms;
|
||||
|
||||
allow hal_power_default sysfs_devices_system_cpu:file rw_file_perms;
|
||||
|
||||
allow hal_power_default sysfs_batteryinfo:dir r_dir_perms;
|
||||
allow hal_power_default sysfs_batteryinfo:file rw_file_perms;
|
||||
|
||||
allow hal_power_default sysfs_tsp:dir r_dir_perms;
|
||||
allow hal_power_default sysfs_tsp:file rw_file_perms;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,20 @@
|
|||
allow hal_sensors_default audioserver:binder { call transfer };
|
||||
allow hal_sensors_default audioserver_service:service_manager find;
|
||||
allow hal_sensors_default input_device:dir r_dir_perms;
|
||||
allow hal_sensors_default input_device:chr_file rw_file_perms;
|
||||
|
||||
allow hal_sensors_default sound_device:chr_file rw_file_perms;
|
||||
allow hal_sensors_default sysfs_sensors:dir r_dir_perms;
|
||||
allow hal_sensors_default sysfs_sensors:file rw_file_perms;
|
||||
|
||||
binder_use(hal_sensors_default)
|
||||
allow hal_sensors_default mnt_vendor_file:dir rw_dir_perms;
|
||||
allow hal_sensors_default mnt_vendor_file:file create_file_perms;
|
||||
|
||||
allow hal_sensors_default app_efs_file:dir create_dir_perms;
|
||||
allow hal_sensors_default app_efs_file:file create_file_perms;
|
||||
|
||||
allow hal_sensors_default sec_poc_file:dir r_dir_perms;
|
||||
|
||||
r_dir_file(hal_sensors_default, efs_file)
|
||||
r_dir_file(hal_sensors_default, sec_poc_file)
|
||||
|
||||
userdebug_or_eng(`
|
||||
get_prop(hal_sensors_default, sensors_dbg_prop)
|
||||
')
|
||||
|
|
|
|||
1
sepolicy/hal_usb_default.te
Normal file
1
sepolicy/hal_usb_default.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
allow hal_usb_default sysfs_usb:file rw_file_perms;
|
||||
11
sepolicy/healthd.te
Normal file
11
sepolicy/healthd.te
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
allow healthd app_efs_file:dir rw_file_perms;
|
||||
allow healthd app_efs_file:file create_file_perms;
|
||||
|
||||
allow healthd battery_efs_file:dir create_dir_perms;
|
||||
allow healthd battery_efs_file:file create_file_perms;
|
||||
|
||||
allow healthd sysfs_battery_supply:file w_file_perms;
|
||||
allow healthd sysfs_batteryinfo:file w_file_perms;
|
||||
|
||||
r_dir_file(healthd, efs_file)
|
||||
r_dir_file(healthd, sec_poc_file)
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
dontaudit hvdcp self:capability dac_override;
|
||||
|
||||
allow hvdcp sysfs_batteryinfo:dir search;
|
||||
allow hvdcp sysfs_batteryinfo:file rw_file_perms;
|
||||
|
|
@ -2,7 +2,7 @@ vendor.samsung.hardware.bluetooth.a2dp::ISecBluetoothAudioOffload
|
|||
vendor.samsung.hardware.bluetooth.a2dpsink::ISecBluetoothA2dpSinkProvidersFactory u:object_r:hal_bluetooth_a2dp_hwservice:s0
|
||||
vendor.samsung.hardware.bluetooth.audio::ISecBluetoothAudioProvidersFactory u:object_r:hal_audio_hwservice:s0
|
||||
vendor.samsung.hardware.bluetooth::ISecBluetooth u:object_r:hal_bluetooth_hwservice:s0
|
||||
vendor.samsung.hardware.exthealth::IExtHealth u:object_r:hal_health_hwservice:s0
|
||||
vendor.samsung.hardware.camera.provider::ISecCameraProvider u:object_r:hal_camera_hwservice:s0
|
||||
vendor.samsung.hardware.gnss::ISecGnss u:object_r:hal_gnss_hwservice:s0
|
||||
vendor.samsung.hardware.health::ISecHealth u:object_r:hal_health_hwservice:s0
|
||||
vendor.samsung.hardware.miscpower::ISecMiscPower u:object_r:hal_miscpower_hwservice:s0
|
||||
|
|
|
|||
|
|
@ -1,3 +1,5 @@
|
|||
;
|
||||
allow init adsprpcd_file:filesystem { mount relabelfrom relabelto };
|
||||
allow init debugfs:file write;
|
||||
allow init efs_file:dir mounton;
|
||||
allow init omr_file:dir mounton;
|
||||
allow init vendor_firmware_file:file mounton;
|
||||
|
||||
allow init socket_device:sock_file create;
|
||||
|
|
|
|||
|
|
@ -1,15 +0,0 @@
|
|||
type init_panel, domain;
|
||||
type init_panel_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
# Allow for transition from init domain to init_panel
|
||||
init_daemon_domain(init_panel)
|
||||
|
||||
# Allow to read panel color and vendor sysfs
|
||||
allow init_panel sysfs_panel:file r_file_perms;
|
||||
|
||||
# Shell script needs to execute /vendor/bin/sh
|
||||
allow init_panel vendor_shell_exec:file rx_file_perms;
|
||||
allow init_panel vendor_toolbox_exec:file rx_file_perms;
|
||||
|
||||
# Set panel property
|
||||
set_prop(init_panel, system_panel_prop)
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
type init_tfa, domain;
|
||||
type init_tfa_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
# Allow for transition from init domain to init_tfa
|
||||
init_daemon_domain(init_tfa)
|
||||
|
||||
# Allow read and write to sound card device
|
||||
allow init_tfa audio_device:chr_file rw_file_perms;
|
||||
allow init_tfa audio_device:dir search;
|
||||
|
||||
# Allow executing tinyplay
|
||||
allow init_tfa system_file:file execute_no_trans;
|
||||
|
||||
# Shell script needs to execute /vendor/bin/sh
|
||||
allow init_tfa vendor_shell_exec:file rx_file_perms;
|
||||
allow init_tfa vendor_toolbox_exec:file rx_file_perms;
|
||||
3
sepolicy/kernel.te
Normal file
3
sepolicy/kernel.te
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
allow kernel block_device:dir search;
|
||||
|
||||
allow kernel debug_block_device:blk_file rw_file_perms;
|
||||
37
sepolicy/macloader.te
Normal file
37
sepolicy/macloader.te
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
type macloader, domain;
|
||||
type macloader_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(macloader)
|
||||
|
||||
allow macloader self:capability { chown fowner fsetid net_admin net_raw sys_module };
|
||||
|
||||
allow macloader self:udp_socket { ioctl create };
|
||||
allowxperm macloader self:udp_socket ioctl { SIOCGIFFLAGS SIOCSIFFLAGS };
|
||||
|
||||
allow macloader efs_file:dir search;
|
||||
allow macloader mnt_vendor_file:dir r_dir_perms;
|
||||
allow macloader sec_poc_file:dir search;
|
||||
|
||||
allow macloader wifi_efs_file:dir create_dir_perms;
|
||||
allow macloader wifi_efs_file:file create_file_perms;
|
||||
|
||||
allow macloader vendor_convergence_data_file:dir create_dir_perms;
|
||||
allow macloader vendor_convergence_data_file:file create_file_perms;
|
||||
|
||||
allow macloader kernel:key search;
|
||||
allow macloader kernel:system module_request;
|
||||
|
||||
allow macloader kmsg_device:chr_file rw_file_perms;
|
||||
|
||||
allow macloader system_file:system module_load;
|
||||
|
||||
allow macloader vendor_shell_exec:file rx_file_perms;
|
||||
|
||||
allow macloader sysfs:file { read write open getattr };
|
||||
allow macloader sysfs_net:dir r_dir_perms;
|
||||
allow macloader sysfs_wlan_fwpath:file w_file_perms;
|
||||
|
||||
allow macloader sysfs_wifi:dir r_dir_perms;
|
||||
allow macloader sysfs_wifi:file rw_file_perms;
|
||||
|
||||
get_prop(macloader, sec_cnss_diag_prop)
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
# Allow mediaserver to create socket files for audio arbitration
|
||||
allow mediaserver audio_data_file:sock_file { create setattr unlink };
|
||||
allow mediaserver audio_data_file:dir remove_name;
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
allow mm-qcamerad camera_data_file:sock_file { create unlink };
|
||||
allow mm-qcamerad camera_data_file:dir search;
|
||||
|
||||
allow mm-qcamerad camera_socket:dir w_dir_perms;
|
||||
allow mm-qcamerad camera_socket:sock_file { create unlink write };
|
||||
|
|
@ -1 +0,0 @@
|
|||
set_prop(netmgrd, vendor_xlat_prop)
|
||||
8
sepolicy/per_proxy_helper.te
Normal file
8
sepolicy/per_proxy_helper.te
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
type per_proxy_helper, domain;
|
||||
type per_proxy_helper_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(per_proxy_helper)
|
||||
|
||||
allow per_proxy_helper firmware_file:file r_file_perms;
|
||||
|
||||
allow per_proxy_helper ssr_device:chr_file r_file_perms;
|
||||
|
|
@ -1 +1,11 @@
|
|||
type system_panel_prop, property_type;
|
||||
type compact_dump_prop, property_type;
|
||||
type csc_prop, property_type;
|
||||
type ina_status_prop, property_type;
|
||||
type receiver_error_prop, property_type;
|
||||
type sec_camera_prop, property_type;
|
||||
type sec_cnss_diag_prop, property_type;
|
||||
type tzdaemon_prop, property_type;
|
||||
type vendor_factory_prop, property_type;
|
||||
type vendor_members_prop, property_type;
|
||||
type vendor_qseecomd_prop, property_type;
|
||||
type vendor_tztsdaemon_prop, property_type;
|
||||
|
|
|
|||
|
|
@ -1,14 +1,21 @@
|
|||
service.soundcard. u:object_r:audio_prop:s0
|
||||
audio. u:object_r:audio_prop:s0
|
||||
|
||||
dual.camera.cs.br u:object_r:camera_prop:s0
|
||||
persist.camera. u:object_r:camera_prop:s0
|
||||
|
||||
persist.net.doxlat u:object_r:vendor_xlat_prop:s0
|
||||
ro.sys.oem.sno u:object_r:system_radio_prop:s0
|
||||
sys.fake_bs_flag0 u:object_r:system_radio_prop:s0
|
||||
sys.fake_bs_flag1 u:object_r:system_radio_prop:s0
|
||||
|
||||
sys.listeners.registered u:object_r:vendor_tee_listener_prop:s0
|
||||
|
||||
sys.panel. u:object_r:system_panel_prop:s0
|
||||
camera. u:object_r:camera_prop:s0
|
||||
cnss_diag.service u:object_r:sec_cnss_diag_prop:s0
|
||||
init.svc.compact_dump u:object_r:compact_dump_prop:s0
|
||||
mdc. u:object_r:csc_prop:s0
|
||||
persist.camera. u:object_r:camera_prop:s0
|
||||
persist.sys.bt.driver.version u:object_r:vendor_bluetooth_prop:s0
|
||||
persist.sys.ina.status u:object_r:ina_status_prop:s0
|
||||
persist.vendor.camera. u:object_r:sec_camera_prop:s0
|
||||
persist.vendor.camera.debug.logfile u:object_r:sec_camera_prop:s0
|
||||
persist.vendor.members. u:object_r:vendor_members_prop:s0
|
||||
ro.csc. u:object_r:csc_prop:s0
|
||||
ro.error.receiver.default u:object_r:receiver_error_prop:s0
|
||||
ro.factory.factory_binary u:object_r:vendor_factory_prop:s0
|
||||
ro.fastbootd.available u:object_r:exported_default_prop:s0
|
||||
ro.netflix.channel u:object_r:csc_prop:s0
|
||||
ro.vendor.multisim. u:object_r:vendor_radio_prop:s0
|
||||
ro.vendor.radio. u:object_r:vendor_radio_prop:s0
|
||||
vendor.bluetooth_fw_ver u:object_r:vendor_bluetooth_prop:s0
|
||||
vendor.npu.usr_drv.log_mask u:object_r:sec_camera_prop:s0
|
||||
vendor.sys.qseecomd. u:object_r:vendor_qseecomd_prop:s0
|
||||
vendor.tzts_daemon u:object_r:vendor_tztsdaemon_prop:s0
|
||||
|
|
|
|||
|
|
@ -1,24 +0,0 @@
|
|||
binder_call(qfp-daemon, hal_fingerprint_default)
|
||||
binder_use(qfp-daemon)
|
||||
|
||||
allow qfp-daemon self:socket create_socket_perms;
|
||||
allowxperm qfp-daemon self:socket ioctl msm_sock_ipc_ioctls;
|
||||
|
||||
allow qfp-daemon captouch_device:chr_file rw_file_perms;
|
||||
|
||||
allow qfp-daemon mnt_vendor_file:dir search;
|
||||
|
||||
allow qfp-daemon qfp-daemon_core_data_file:dir { rw_dir_perms setattr };
|
||||
allow qfp-daemon qfp-daemon_core_data_file:file create_file_perms;
|
||||
|
||||
# Access QFP Android Proxy
|
||||
allow qfp-daemon qfp_proxy_service:service_manager find;
|
||||
|
||||
# Add IQfpService service
|
||||
allow qfp-daemon iqfp_service:service_manager add;
|
||||
|
||||
r_dir_file(qfp-daemon, persist_qc_senseid_file)
|
||||
r_dir_file(qfp-daemon, sensors_persist_file)
|
||||
|
||||
# Ignore all logging requests
|
||||
dontaudit qfp-daemon storage_file:dir search;
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
allow qti_init_shell proc_buttons:dir { r_dir_perms setattr };
|
||||
allow qti_init_shell proc_buttons:file { getattr setattr };
|
||||
allow qti_init_shell proc_touchpanel:dir { r_dir_perms setattr };
|
||||
allow qti_init_shell proc_touchpanel:file { getattr setattr };
|
||||
allow qti_init_shell mnt_vendor_file:dir create_dir_perms;
|
||||
|
||||
allow qti_init_shell sensors_persist_file:dir create_dir_perms;
|
||||
|
||||
set_prop(qti_init_shell, ctl_default_prop)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,8 @@
|
|||
set_prop(rild, system_radio_prop)
|
||||
allow rild self:tun_socket create;
|
||||
|
||||
dontaudit rild tombstone_data_file:dir search;
|
||||
dontaudit rild vendor_file:file ioctl;
|
||||
allow rild tun_device:chr_file rw_file_perms;
|
||||
allowxperm rild tun_device:chr_file ioctl { TUNSETIFF TUNSETPERSIST };
|
||||
|
||||
allow rild proc_net:file write;
|
||||
|
||||
get_prop(rild, csc_prop)
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
# debugfs access
|
||||
userdebug_or_eng(`
|
||||
allow rmt_storage debugfs_rmt:dir search;
|
||||
allow rmt_storage debugfs_rmt:file rw_file_perms;
|
||||
')
|
||||
|
|
@ -1 +0,0 @@
|
|||
user=system seinfo=platform name=.dataservices domain=dataservice_app type=radio_data_file
|
||||
14
sepolicy/secril_config_svc.te
Normal file
14
sepolicy/secril_config_svc.te
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
type secril_config_svc, domain;
|
||||
type secril_config_svc_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(secril_config_svc)
|
||||
|
||||
allow secril_config_svc mnt_vendor_file:dir search;
|
||||
|
||||
r_dir_file(secril_config_svc, efs_file)
|
||||
r_dir_file(secril_config_svc, sec_poc_file)
|
||||
|
||||
allow secril_config_svc proc_simslot_count:file r_file_perms;
|
||||
|
||||
get_prop(secril_config_svc, csc_prop)
|
||||
set_prop(secril_config_svc, vendor_radio_prop)
|
||||
|
|
@ -1 +0,0 @@
|
|||
get_prop(sensors, system_panel_prop)
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
# Allow ConfigPanel to work
|
||||
allow system_app proc_buttons:dir search;
|
||||
allow system_app proc_buttons:file rw_file_perms;
|
||||
allow system_app proc_touchpanel:dir search;
|
||||
allow system_app proc_touchpanel:file rw_file_perms;
|
||||
allow system_app sysfs_fpc_keyevents:file rw_file_perms;
|
||||
allow system_app sysfs_fpc_wakeup:file rw_file_perms;
|
||||
|
||||
# Allow PocketMode to work
|
||||
allow system_app sysfs_fpc_proximity:file rw_file_perms;
|
||||
|
||||
# Allow system_app to read and create files in cnd_core_data_file
|
||||
allow system_app cnd_core_data_file:dir w_dir_perms;
|
||||
allow system_app cnd_core_data_file:file create_file_perms;
|
||||
|
||||
# Allow system_app to read and create files in qfp-daemon_core_data_file
|
||||
allow system_app qfp-daemon_core_data_file:dir create_dir_perms;
|
||||
allow system_app qfp-daemon_core_data_file:file create_file_perms;
|
||||
|
||||
allow system_app qfp_proxy_service:service_manager add;
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
allow system_server sound_device:chr_file rw_file_perms;
|
||||
allow system_server sysfs_fpc_keyevents:file rw_file_perms;
|
||||
allow system_server sysfs_fpc_wakeup:file rw_file_perms;
|
||||
|
|
@ -1,10 +1,45 @@
|
|||
allow tee fingerprintd_data_file:dir rw_dir_perms;
|
||||
allow tee fingerprintd_data_file:file create_file_perms;
|
||||
hwbinder_use(tee)
|
||||
vndbinder_use(tee)
|
||||
|
||||
allow tee persist_qc_senseid_file:dir create_dir_perms;
|
||||
allow tee persist_qc_senseid_file:file create_file_perms;
|
||||
binder_call(tee, appdomain)
|
||||
binder_call(tee, hal_graphics_allocator_default)
|
||||
binder_call(tee, hal_graphics_composer_default)
|
||||
|
||||
allow tee qfp-daemon_core_data_file:dir create_dir_perms;
|
||||
allow tee qfp-daemon_core_data_file:file create_file_perms;
|
||||
allow tee self:netlink_generic_socket create_socket_perms_no_ioctl;
|
||||
allow tee self:netlink_socket create_socket_perms_no_ioctl;
|
||||
|
||||
allow tee system_data_file:dir r_dir_perms;
|
||||
allow tee hal_graphics_mapper_hwservice:hwservice_manager find;
|
||||
|
||||
allow tee graphics_device:blk_file rw_file_perms;
|
||||
allow tee kmsg_device:blk_file rw_file_perms;
|
||||
allow tee properties_device:blk_file rw_file_perms;
|
||||
|
||||
allow tee persist_file:lnk_file r_file_perms;
|
||||
|
||||
allow tee proc:file r_file_perms;
|
||||
|
||||
allow tee proc_stat:file r_file_perms;
|
||||
|
||||
allow tee proc_sysrq:file w_file_perms;
|
||||
|
||||
allow tee rootfs:dir r_dir_perms;
|
||||
allow tee rootfs:file r_file_perms;
|
||||
allow tee rootfs:lnk_file r_file_perms;
|
||||
|
||||
allow tee efs_file:dir create_dir_perms;
|
||||
allow tee efs_file:file create_file_perms;
|
||||
|
||||
allow tee prov_efs_file:dir create_dir_perms;
|
||||
allow tee prov_efs_file:file create_file_perms;
|
||||
|
||||
allow tee sec_poc_file:dir create_dir_perms;
|
||||
allow tee sec_poc_file:file create_file_perms;
|
||||
|
||||
allow tee vaultkeeper_efs_file:dir rw_dir_perms;
|
||||
allow tee vaultkeeper_efs_file:file rw_file_perms;
|
||||
|
||||
allow tee vendor_data_file:dir create_dir_perms;
|
||||
allow tee vendor_data_file:file create_file_perms;
|
||||
|
||||
get_prop(tee, hwservicemanager_prop)
|
||||
set_prop(tee, vendor_qseecomd_prop)
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
allow thermal-engine sysfs:dir r_dir_perms;
|
||||
|
||||
r_dir_file(thermal-engine, sysfs_batteryinfo)
|
||||
|
|
@ -1 +1 @@
|
|||
allow time_daemon self:capability { setgid setuid };
|
||||
r_dir_file(time_daemon, timeservice_app)
|
||||
|
|
|
|||
|
|
@ -1,10 +1,17 @@
|
|||
allow vendor_init {
|
||||
camera_data_file
|
||||
media_rw_data_file
|
||||
nfc_data_file
|
||||
qfp-daemon_core_data_file
|
||||
system_data_file
|
||||
time_data_file
|
||||
wifi_data_file
|
||||
wpa_socket
|
||||
}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
|
||||
allow vendor_init cgroup:file rw_file_perms;
|
||||
|
||||
allow vendor_init proc_default_smp_affinity:file rw_file_perms;
|
||||
allow vendor_init proc_hung_task:file rw_file_perms;
|
||||
allow vendor_init proc_sched:file rw_file_perms;
|
||||
allow vendor_init proc_swappiness:file rw_file_perms;
|
||||
allow vendor_init proc_sysrq:file rw_file_perms;
|
||||
|
||||
set_prop(vendor_init, camera_prop)
|
||||
set_prop(vendor_init, config_prop)
|
||||
set_prop(vendor_init, csc_prop)
|
||||
set_prop(vendor_init, ffs_prop)
|
||||
set_prop(vendor_init, ina_status_prop)
|
||||
set_prop(vendor_init, receiver_error_prop)
|
||||
set_prop(vendor_init, vendor_iop_prop)
|
||||
set_prop(vendor_init, vendor_members_prop)
|
||||
set_prop(vendor_init, vold_prop)
|
||||
|
|
|
|||
1
sepolicy/wcnss_service.te
Normal file
1
sepolicy/wcnss_service.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
r_dir_file(wcnss_service, vendor_convergence_data_file)
|
||||
Loading…
Reference in a new issue