diff --git a/BoardConfig.mk b/BoardConfig.mk index 8464f1f..7ae6367 100644 --- a/BoardConfig.mk +++ b/BoardConfig.mk @@ -186,6 +186,7 @@ VENDOR_SECURITY_PATCH := $(BOOT_SECURITY_PATCH) # SEPolicy include device/qcom/sepolicy_vndr/SEPolicy.mk +include hardware/oplus/sepolicy/qti/SEPolicy.mk BOARD_VENDOR_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/vendor diff --git a/sepolicy/vendor/attributes b/sepolicy/vendor/attributes deleted file mode 100644 index 8d180cf..0000000 --- a/sepolicy/vendor/attributes +++ /dev/null @@ -1,12 +0,0 @@ -# HALs -attribute hal_cameraHIDL; -attribute hal_cameraHIDL_client; -attribute hal_cameraHIDL_server; - -attribute hal_display; -attribute hal_display_client; -attribute hal_display_server; - -attribute hal_param; -attribute hal_param_client; -attribute hal_param_server; diff --git a/sepolicy/vendor/cameraserver.te b/sepolicy/vendor/cameraserver.te deleted file mode 100644 index 08b17e0..0000000 --- a/sepolicy/vendor/cameraserver.te +++ /dev/null @@ -1 +0,0 @@ -binder_call(cameraserver, hal_cameraHIDL_default) diff --git a/sepolicy/vendor/device.te b/sepolicy/vendor/device.te deleted file mode 100644 index 8883822..0000000 --- a/sepolicy/vendor/device.te +++ /dev/null @@ -1,8 +0,0 @@ -type byte_cntr_device, dev_type; -type dash_device, dev_type; -type fingerprintd_device, dev_type; -type fragment_monitor_device, dev_type; -type param_block_device, dev_type; -type param_device, dev_type; -type reserve2_block_device, dev_type; -type therm_device, dev_type; diff --git a/sepolicy/vendor/domain.te b/sepolicy/vendor/domain.te deleted file mode 100644 index 6d7bdfb..0000000 --- a/sepolicy/vendor/domain.te +++ /dev/null @@ -1 +0,0 @@ -allow domain opf_file:file r_file_perms; diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index 2f3a19b..3f3c9d6 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -1,22 +1 @@ -# files -type oem_file, file_type; -type op1_file, file_type; -type op2_file, file_type; -type opf_file, file_type; - -# procfs -type proc_direct_swappiness, fs_type, proc_type; type proc_flash_light_file, fs_type, proc_type; -type proc_swappiness, fs_type, proc_type; -type proc_touchpanel, fs_type, proc_type; -type proc_watermark_boost_factor, fs_type, proc_type; - -# sysfs -type sysfs_dbg, fs_type, sysfs_type; -type sysfs_fsc, fs_type, sysfs_type; -type sysfs_fuse, fs_type, sysfs_type; -type sysfs_memplus, fs_type, sysfs_type; -type sysfs_ois_control, fs_type, sysfs_type; -type sysfs_project_info, fs_type, sysfs_type; -type sysfs_tof_control, fs_type, sysfs_type; -type sysfs_tpd, fs_type, sysfs_type; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index 4f3824a..2787576 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -1,85 +1,4 @@ -# Binaries -/(vendor|system/vendor)/bin/opf-service u:object_r:opf_exec:s0 -/(vendor|system/vendor)/bin/wifi-mac-generator-dre u:object_r:wifi-mac-generator_exec:s0 - -# Block devices -/dev/block/platform/soc/4804000\.ufshc/by-name/fw_ufs1_[ab] u:object_r:vendor_custom_ab_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/fw_ufs2_[ab] u:object_r:vendor_custom_ab_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/logo_[ab] u:object_r:vendor_custom_ab_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/oplusdycnvbk u:object_r:vendor_modem_efs_partition_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/oplusreserve4 u:object_r:reserve2_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/oplusstanvbk_[ab] u:object_r:vendor_modem_efs_partition_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/opproduct_[ab] u:object_r:vendor_custom_ab_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/param u:object_r:param_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/rawdump u:object_r:vendor_rawdump_block_device:s0 - -# Data files -/data/reserve-lib(/.*)? u:object_r:apk_data_file:s0 - -# Devices -/dev/byte-cntr u:object_r:byte_cntr_device:s0 -/dev/cc_ctl u:object_r:graphics_device:s0 -/dev/fragment_monitor u:object_r:fragment_monitor_device:s0 -/dev/goodix_fp u:object_r:fingerprintd_device:s0 -/dev/ht_ctl u:object_r:graphics_device:s0 -/dev/mmw0_thermal u:object_r:therm_device:s0 -/dev/mmw1_thermal u:object_r:therm_device:s0 -/dev/mmw2_thermal u:object_r:therm_device:s0 -/dev/opfeature u:object_r:opf_file:s0 -/dev/param u:object_r:param_device:s0 -/dev/skin_thermal u:object_r:therm_device:s0 -/dev/st21nfc u:object_r:nfc_device:s0 - -# HALs -/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0 -/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.1-service\.oneplus u:object_r:hal_lineage_livedisplay_qti_exec:s0 -/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.oneplus u:object_r:hal_lineage_touch_default_exec:s0 -/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.camera@1\.0-service u:object_r:hal_cameraHIDL_default_exec:s0 -/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.CameraMDMHIDL@1\.0-service u:object_r:hal_cameraHIDL_default_exec:s0 -/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.display@1\.0-service u:object_r:hal_display_default_exec:s0 -/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.param@1\.0-service u:object_r:hal_param_default_exec:s0 - -# OP1, OP2 files -/mnt/vendor/op1(/.*)? u:object_r:op1_file:s0 -/mnt/vendor/op2(/.*)? u:object_r:op2_file:s0 - -# Persist files -/mnt/vendor/persist u:object_r:vendor_data_file:s0 -/mnt/vendor/persist/camera(/.*)? u:object_r:oem_file:s0 -/mnt/vendor/persist/camera_ae_sync(/.*)? u:object_r:oem_file:s0 -/mnt/vendor/persist/dual_camera_calibration(/.*)? u:object_r:oem_file:s0 -/mnt/vendor/persist/engineermode(/.*)? u:object_r:oem_file:s0 -/mnt/vendor/persist/OPDiagnose(/.*)? u:object_r:oem_file:s0 - -# Sys files -/sys/module/fsc(/.*)? u:object_r:sysfs_fsc:s0 -/sys/module/fuse(/.*)? u:object_r:sysfs_fuse:s0 -/sys/module/proc(/.*)? u:object_r:sysfs_dbg:s0 -/sys/module/tpd(/.*)? u:object_r:sysfs_tpd:s0 -/sys/module/qpnp_smb5(/.*)? u:object_r:vendor_sysfs_battery_supply:s0 - -# Sys files (health) +# Battery +/sys/module/qpnp_smb5(/.*)? u:object_r:vendor_sysfs_battery_supply:s0 /sys/devices/platform/soc/4c90000.i2c/i2c-1/1-006b/iio:device5/name u:object_r:vendor_sysfs_battery_supply:s0 /sys/devices/platform/soc/4c90000.i2c/i2c-1/1-006b/power_supply/parallel/model_name u:object_r:vendor_sysfs_battery_supply:s0 - -# Sys files (wakeup) -/sys/devices(/platform)?/soc/[0-9a-f]+.qcom,spmi/spmi-[0-9]+/spmi[0-9]+-[0-9]+/[0-9a-f]+.qcom,spmi:qcom,pmk[0-9]+@[0-9]+:pon_hlos@[0-9]+/wakeup/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices(/platform)?/soc/[0-9a-f]+.qcom,spmi/spmi-[0-9]+/spmi[0-9]+-[0-9]+/[0-9a-f]+.qcom,spmi:qcom,pmk[0-9]+@[0-9]+:pon_pbs@[0-9]+/wakeup/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices(/platform)?/soc/[0-9a-f]+.qcom,spmi/spmi-[0-9]+/spmi[0-9]+-[0-9]+/[0-9a-f]+.qcom,spmi:qcom,pmk[0-9]+@[0-9]+:rtc@[0-9]+/rtc/rtc[0-9]+/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices(/platform)?/soc/[0-9a-f]+.qcom,spmi/spmi-[0-9]+/spmi[0-9]+-[0-9]+/[0-9a-f]+.qcom,spmi:qcom,pmk[0-9]+@[0-9]+:rtc@[0-9]+/wakeup/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/fastrpc/adsprpc-smd-secure/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/fastrpc/adsprpc-smd/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_aac/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_alac/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_amrnb/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_amrwb/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_amrwbplus/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_ape/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_evrc/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_g711alaw/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_g711mlaw/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_mp3/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_multi_aac/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_qcelp/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_wma/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/msm_wmapro/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index 371846e..2c3dd1d 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -1,34 +1 @@ -# procfs -genfscon proc /qcom_flash u:object_r:proc_flash_light_file:s0 -genfscon proc /touchpanel u:object_r:proc_touchpanel:s0 - -# sysfs -genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/dimlayer_bl_en u:object_r:sysfs_livedisplay_tuneable:s0 -genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/hbm u:object_r:sysfs_livedisplay_tuneable:s0 -genfscon sysfs /kernel/ois_control u:object_r:sysfs_ois_control:s0 -genfscon sysfs /kernel/tof_control u:object_r:sysfs_tof_control:s0 -genfscon sysfs /module/memplus_core/parameters u:object_r:sysfs_memplus:s0 -genfscon sysfs /project_info u:object_r:sysfs_project_info:s0 - -# sysfs (wakeup) -genfscon sysfs /devices/platform/soc/1628000.qcom,msm-eud/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/4a84000.qcom,qup_uart/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/4c88000.i2c/i2c-0/0-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/5800000.qcom,ipa/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/5ab0000.qcom,venus/subsys5/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/5ab0000.qcom,venus/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/6000000.qcom,mss/subsys2/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/6000000.qcom,mss/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/a400000.qcom,lpass/subsys0/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/a400000.qcom,lpass/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/b000000.qcom,turing/subsys1/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/b000000.qcom,turing/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/c800000.qcom,icnss/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys3/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys4/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-adsp/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-dsps/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-modem/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,smp2p_sleepstate/wakeup u:object_r:sysfs_wakeup:s0 +genfscon proc /qcom_flash u:object_r:proc_flash_light_file:s0 diff --git a/sepolicy/vendor/hal_bluetooth_default.te b/sepolicy/vendor/hal_bluetooth_default.te deleted file mode 100644 index 6bdf685..0000000 --- a/sepolicy/vendor/hal_bluetooth_default.te +++ /dev/null @@ -1,3 +0,0 @@ -allow hal_bluetooth_default vendor_data_file:file r_file_perms; - -allow hal_bluetooth_default vendor_diag_device:chr_file rw_file_perms; diff --git a/sepolicy/vendor/hal_bootctl.te b/sepolicy/vendor/hal_bootctl.te deleted file mode 100644 index 5b16097..0000000 --- a/sepolicy/vendor/hal_bootctl.te +++ /dev/null @@ -1 +0,0 @@ -allow hal_bootctl vendor_modem_efs_partition_device:blk_file getattr; diff --git a/sepolicy/vendor/hal_cameraHIDL.te b/sepolicy/vendor/hal_cameraHIDL.te deleted file mode 100644 index fc6f13c..0000000 --- a/sepolicy/vendor/hal_cameraHIDL.te +++ /dev/null @@ -1,4 +0,0 @@ -binder_call(hal_cameraHIDL_client, hal_cameraHIDL_server) -binder_call(hal_cameraHIDL_server, hal_cameraHIDL_client) - -hal_attribute_hwservice(hal_cameraHIDL, hal_cameraHIDL_hwservice) diff --git a/sepolicy/vendor/hal_cameraHIDL_default.te b/sepolicy/vendor/hal_cameraHIDL_default.te deleted file mode 100644 index 2f5dd6d..0000000 --- a/sepolicy/vendor/hal_cameraHIDL_default.te +++ /dev/null @@ -1,22 +0,0 @@ -type hal_cameraHIDL_default, domain; -hal_server_domain(hal_cameraHIDL_default, hal_cameraHIDL) - -type hal_cameraHIDL_default_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_cameraHIDL_default) - -add_hwservice(hal_cameraHIDL_default, hal_cameraHIDL_hwservice) - -hwbinder_use(hal_cameraHIDL_default) - -binder_call(hal_cameraHIDL_default, vendor_hal_perf_default) - -allow hal_cameraHIDL_default vendor_hal_perf_hwservice:hwservice_manager find; - -allow hal_cameraHIDL_default ion_device:chr_file r_file_perms; -allow hal_cameraHIDL_default tee_device:chr_file rw_file_perms; - -allow hal_cameraHIDL_default vendor_camera_data_file:dir create_dir_perms; - -r_dir_file(hal_cameraHIDL_default, firmware_file) - -get_prop(hal_cameraHIDL_default, hwservicemanager_prop) diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te index 06a0fae..0c80fb6 100644 --- a/sepolicy/vendor/hal_camera_default.te +++ b/sepolicy/vendor/hal_camera_default.te @@ -1,27 +1 @@ -hal_client_domain(hal_camera_default, hal_cameraHIDL) - -allow hal_camera_default mnt_vendor_file:dir w_dir_perms; -allow hal_camera_default mnt_vendor_file:file create_file_perms; - -allow hal_camera_default oem_file:dir w_dir_perms; -allow hal_camera_default oem_file:file create_file_perms; - -allow hal_camera_default vendor_persist_file:dir w_dir_perms; -allow hal_camera_default vendor_persist_file:file create_file_perms; - -allow hal_camera_default input_device:dir r_dir_perms; -allow hal_camera_default input_device:chr_file r_file_perms; - -allow hal_camera_default proc_meminfo:file r_file_perms; allow hal_camera_default proc_flash_light_file:file rw_file_perms; - -allow hal_camera_default sysfs_ois_control:dir r_dir_perms; -allow hal_camera_default sysfs_ois_control:file rw_file_perms; - -allow hal_camera_default sysfs_tof_control:dir r_dir_perms; -allow hal_camera_default sysfs_tof_control:file rw_file_perms; - -get_prop(hal_camera_default, ctl_default_prop) -get_prop(hal_camera_default, vendor_db_security_prop) -get_prop(hal_camera_default, vendor_mmi_prop) -set_prop(hal_camera_default, vendor_sys_op_prop) diff --git a/sepolicy/vendor/hal_display.te b/sepolicy/vendor/hal_display.te deleted file mode 100644 index f9f233d..0000000 --- a/sepolicy/vendor/hal_display.te +++ /dev/null @@ -1,4 +0,0 @@ -binder_call(hal_display_client, hal_display_server) -binder_call(hal_display_server, hal_display_client) - -hal_attribute_hwservice(hal_display, hal_display_hwservice) diff --git a/sepolicy/vendor/hal_display_default.te b/sepolicy/vendor/hal_display_default.te deleted file mode 100644 index 1225350..0000000 --- a/sepolicy/vendor/hal_display_default.te +++ /dev/null @@ -1,17 +0,0 @@ -type hal_display_default, domain; -hal_server_domain(hal_display_default, hal_display) - -type hal_display_default_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_display_default) - -add_hwservice(hal_display_default, hal_display_hwservice) - -hwbinder_use(hal_display_default) - -binder_call(hal_display_default, vendor_hal_display_color) - -allow hal_display_default vendor_hal_display_postproc_hwservice:hwservice_manager find; - -allow hal_display_default sysfs:file rw_file_perms; - -get_prop(hal_display_default, hwservicemanager_prop) diff --git a/sepolicy/vendor/hal_fingerprint_device.te b/sepolicy/vendor/hal_fingerprint_device.te deleted file mode 100644 index 95af6f6..0000000 --- a/sepolicy/vendor/hal_fingerprint_device.te +++ /dev/null @@ -1,21 +0,0 @@ -hal_client_domain(hal_fingerprint_default, hal_display) - -allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl; - -binder_call(hal_fingerprint_default, vendor_hal_perf_default) - -allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find; - -allow hal_fingerprint_default fingerprintd_device:chr_file rw_file_perms; -allow hal_fingerprint_default tee_device:chr_file rw_file_perms; -allow hal_fingerprint_default vendor_qdsp_device:chr_file rw_file_perms; -allow hal_fingerprint_default vendor_xdsp_device:chr_file rw_file_perms; - -allow hal_fingerprint_default proc_touchpanel:dir search; -allow hal_fingerprint_default proc_touchpanel:file rw_file_perms; - -allow hal_fingerprint_default uhid_device:chr_file rw_file_perms; - -get_prop(hal_fingerprint_default, vendor_adsprpc_prop) -get_prop(hal_fingerprint_default, vendor_default_prop) -set_prop(hal_fingerprint_default, vendor_fingerprint_prop) diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te deleted file mode 100644 index 08b21f9..0000000 --- a/sepolicy/vendor/hal_graphics_composer_default.te +++ /dev/null @@ -1,5 +0,0 @@ -allow hal_graphics_composer_default vendor_persist_file:file rw_file_perms; - -allow hal_graphics_composer_default sysfs_devices_system_cpu:file rw_file_perms; - -allow hal_graphics_composer_default vendor_diag_device:chr_file rw_file_perms; diff --git a/sepolicy/vendor/hal_lineage_livedisplay_qti.te b/sepolicy/vendor/hal_lineage_livedisplay_qti.te deleted file mode 100644 index 178a242..0000000 --- a/sepolicy/vendor/hal_lineage_livedisplay_qti.te +++ /dev/null @@ -1,5 +0,0 @@ -allow hal_lineage_livedisplay_qti vendor_display_vendor_data_file:dir rw_dir_perms; -allow hal_lineage_livedisplay_qti vendor_display_vendor_data_file:file create_file_perms; - -allow hal_lineage_livedisplay_qti vendor_sysfs_graphics:dir r_dir_perms; -allow hal_lineage_livedisplay_qti sysfs_livedisplay_tuneable:file rw_file_perms; diff --git a/sepolicy/vendor/hal_lineage_touch_default.te b/sepolicy/vendor/hal_lineage_touch_default.te deleted file mode 100644 index 2782309..0000000 --- a/sepolicy/vendor/hal_lineage_touch_default.te +++ /dev/null @@ -1,2 +0,0 @@ -allow hal_lineage_touch_default proc_touchpanel:dir search; -allow hal_lineage_touch_default proc_touchpanel:file rw_file_perms; diff --git a/sepolicy/vendor/hal_nfc_default.te b/sepolicy/vendor/hal_nfc_default.te deleted file mode 100644 index 17bb5a1..0000000 --- a/sepolicy/vendor/hal_nfc_default.te +++ /dev/null @@ -1,4 +0,0 @@ -allow hal_nfc_default vendor_nfc_vendor_data_file:dir create_dir_perms; -allow hal_nfc_default vendor_nfc_vendor_data_file:file create_file_perms; - -get_prop(hal_nfc_default, vendor_nfc_prop) \ No newline at end of file diff --git a/sepolicy/vendor/hal_param.te b/sepolicy/vendor/hal_param.te deleted file mode 100644 index 27a3543..0000000 --- a/sepolicy/vendor/hal_param.te +++ /dev/null @@ -1,4 +0,0 @@ -binder_call(hal_param_client, hal_param_server) -binder_call(hal_param_server, hal_param_client) - -hal_attribute_hwservice(hal_param, hal_param_hwservice) diff --git a/sepolicy/vendor/hal_param_default.te b/sepolicy/vendor/hal_param_default.te deleted file mode 100644 index e9406fb..0000000 --- a/sepolicy/vendor/hal_param_default.te +++ /dev/null @@ -1,17 +0,0 @@ -type hal_param_default, domain; -hal_server_domain(hal_param_default, hal_param) - -type hal_param_default_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_param_default) - -allow hal_param_default self:qipcrtr_socket create_socket_perms_no_ioctl; - -allow hal_param_default block_device:dir search; - -allow hal_param_default param_block_device:blk_file rw_file_perms; - -allow hal_param_default param_device:chr_file rw_file_perms; - -r_dir_file(hal_param_default, sysfs_project_info) - -get_prop(hal_param_default, exported_default_prop) diff --git a/sepolicy/vendor/hal_power_default.te b/sepolicy/vendor/hal_power_default.te deleted file mode 100644 index 63b5b0f..0000000 --- a/sepolicy/vendor/hal_power_default.te +++ /dev/null @@ -1,2 +0,0 @@ -allow hal_power_default proc_touchpanel:dir search; -allow hal_power_default proc_touchpanel:file rw_file_perms; diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te deleted file mode 100644 index 2f36a79..0000000 --- a/sepolicy/vendor/hwservice.te +++ /dev/null @@ -1,4 +0,0 @@ -type hal_cameraHIDL_hwservice, hwservice_manager_type; -type hal_charger_hwservice, hwservice_manager_type; -type hal_display_hwservice, hwservice_manager_type; -type hal_param_hwservice, hwservice_manager_type; diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts deleted file mode 100644 index 482f6a0..0000000 --- a/sepolicy/vendor/hwservice_contexts +++ /dev/null @@ -1,10 +0,0 @@ -vendor.goodix3626.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_hwservice:s0 -vendor.goodix3626.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonExt u:object_r:hal_fingerprint_hwservice:s0 -vendor.goodix3626.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonHbd u:object_r:hal_fingerprint_hwservice:s0 -vendor.goodix3626.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonFido u:object_r:hal_fingerprint_hwservice:s0 -vendor.oneplus.camera.CameraHIDL::IOnePlusCameraProvider u:object_r:hal_cameraHIDL_hwservice:s0 -vendor.oneplus.fingerprint.extension::IVendorFingerprintExtensions u:object_r:hal_fingerprint_hwservice:s0 -vendor.oneplus.hardware.camera::IOnePlusCameraProvider u:object_r:hal_cameraHIDL_hwservice:s0 -vendor.oneplus.hardware.CameraMDMHIDL::IOnePlusCameraMDM u:object_r:hal_cameraHIDL_hwservice:s0 -vendor.oneplus.hardware.display::IOneplusDisplay u:object_r:hal_display_hwservice:s0 -vendor.oneplus.hardware.param::IOneplusParam u:object_r:hal_param_hwservice:s0 diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te deleted file mode 100644 index 03ad952..0000000 --- a/sepolicy/vendor/kernel.te +++ /dev/null @@ -1,2 +0,0 @@ -allow kernel param_block_device:dir search; -allow kernel param_block_device:blk_file rw_file_perms; diff --git a/sepolicy/vendor/opf.te b/sepolicy/vendor/opf.te deleted file mode 100644 index 07f319d..0000000 --- a/sepolicy/vendor/opf.te +++ /dev/null @@ -1,11 +0,0 @@ -type opf, domain; -type opf_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(opf) - -type_transition opf device:file opf_file; - -allow opf device:dir create_dir_perms; -allow opf device:file create_file_perms; - -allow opf opf_file:file create_file_perms; diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te deleted file mode 100644 index 56aa7d7..0000000 --- a/sepolicy/vendor/property.te +++ /dev/null @@ -1,11 +0,0 @@ -vendor_internal_prop(vendor_db_security_prop) -vendor_internal_prop(vendor_fingerprint_prop) -vendor_internal_prop(vendor_gps_prop) -vendor_internal_prop(vendor_memplus_prop) -vendor_internal_prop(vendor_nfc_prop) -vendor_internal_prop(vendor_oem_bluetooth_prop) -vendor_internal_prop(vendor_oem_wifi_prop) -vendor_internal_prop(vendor_rild_prop) -vendor_internal_prop(vendor_set_wlan_prop) -vendor_internal_prop(vendor_shell_prop) -vendor_internal_prop(vendor_sys_op_prop) diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts deleted file mode 100644 index d02aa44..0000000 --- a/sepolicy/vendor/property_contexts +++ /dev/null @@ -1,51 +0,0 @@ -persist.vendor.bluetooth.bt.uart.log u:object_r:vendor_oem_bluetooth_prop:s0 -persist.vendor.ese. u:object_r:vendor_nfc_prop:s0 -persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0 -persist.vendor.oem.bt.debug u:object_r:vendor_oem_bluetooth_prop:s0 -persist.vendor.oem.btenhanced.debug u:object_r:vendor_oem_bluetooth_prop:s0 -persist.vendor.oem.btsnoop.debug u:object_r:vendor_oem_bluetooth_prop:s0 -persist.vendor.oem.fp.version u:object_r:vendor_fingerprint_prop:s0 -persist.vendor.oem.gps.debug u:object_r:vendor_gps_prop:s0 -persist.vendor.oem.wifi.chain u:object_r:vendor_oem_wifi_prop:s0 -persist.vendor.oem.wifi.cnssdiag u:object_r:vendor_oem_wifi_prop:s0 -persist.vendor.oem.wifi.copytosd u:object_r:vendor_oem_wifi_prop:s0 -persist.vendor.oem.wifi.debug u:object_r:vendor_oem_wifi_prop:s0 -persist.vendor.oem.wifi.logpath u:object_r:vendor_oem_wifi_prop:s0 -persist.vendor.oem.wifi.txenable u:object_r:vendor_oem_wifi_prop:s0 -persist.vendor.oneplus.bt u:object_r:vendor_oem_bluetooth_prop:s0 -persist.vendor.oneplus.bttestmode u:object_r:vendor_oem_bluetooth_prop:s0 -persist.vendor.sdx50m.online u:object_r:vendor_usb_prop:s0 -persist.vendor.service.bdroid.snooplog u:object_r:vendor_bluetooth_prop:s0 -persist.vendor.service.bdroid.soclog u:object_r:vendor_bluetooth_prop:s0 -persist.vendor.tcpdump.copy u:object_r:vendor_oem_wifi_prop:s0 -persist.vendor.tcpdump.dir u:object_r:vendor_oem_wifi_prop:s0 -persist.vendor.tcpdump.location u:object_r:vendor_oem_wifi_prop:s0 -persist.vendor.tcpdump.mdpermission u:object_r:vendor_oem_wifi_prop:s0 -ro.vendor.build.display.full_id u:object_r:vendor_rild_prop:s0 -ro.vendor.product.device.db u:object_r:vendor_db_security_prop:s0 -ro.vendor.product.manufacturer.db u:object_r:vendor_db_security_prop:s0 -vendor.calibration.fingerprint u:object_r:vendor_fingerprint_prop:s0 -vendor.copy.opdiagnose.data u:object_r:vendor_shell_prop:s0 -vendor.nfc. u:object_r:vendor_nfc_prop:s0 -vendor.oem.rbr.log.clean u:object_r:vendor_default_prop:s0 -vendor.oem.wifi.socket.quit u:object_r:vendor_set_wlan_prop:s0 -vendor.service.wifi.socket.enable u:object_r:vendor_oem_wifi_prop:s0 -vendor.service.wifi.socket.mdm.enable u:object_r:vendor_oem_wifi_prop:s0 -vendor.sys.memplus.postboot u:object_r:vendor_memplus_prop:s0 -vendor.sys.op.disable_ufstw u:object_r:vendor_sys_op_prop:s0 -vendor.wcn.firmware.version u:object_r:vendor_set_wlan_prop:s0 -vendor.wcn.bdf.version u:object_r:vendor_set_wlan_prop:s0 -vendor.wlan.driver.status u:object_r:vendor_set_wlan_prop:s0 -vendor.wlan.ftm.daemon u:object_r:vendor_set_wlan_prop:s0 -vendor.wlan.ftm.up u:object_r:vendor_set_wlan_prop:s0 -vendor.wlan.hotspot.forceChannel u:object_r:vendor_oem_wifi_prop:s0 -vendor.wlan.sniffer.bandwidth u:object_r:vendor_oem_wifi_prop:s0 -vendor.wlan.sniffer.channel u:object_r:vendor_oem_wifi_prop:s0 -vendor.wlan.sniffer.dump u:object_r:vendor_oem_wifi_prop:s0 -vendor.wlan.sniffer.enabled u:object_r:vendor_oem_wifi_prop:s0 -vendor.wlan.sniffer.file u:object_r:vendor_oem_wifi_prop:s0 -vendor.wlan.sniffer.iface u:object_r:vendor_oem_wifi_prop:s0 -vendor.wlan.sniffer.output_dir u:object_r:vendor_oem_wifi_prop:s0 -vendor.wlan.sniffer.status u:object_r:vendor_oem_wifi_prop:s0 -vendor.wlan.sniffer.vendor_dir u:object_r:vendor_oem_wifi_prop:s0 -vendor.wlan.write.con_mode u:object_r:vendor_set_wlan_prop:s0 diff --git a/sepolicy/vendor/rild.te b/sepolicy/vendor/rild.te deleted file mode 100644 index 126d025..0000000 --- a/sepolicy/vendor/rild.te +++ /dev/null @@ -1,15 +0,0 @@ -hal_client_domain(rild, hal_param) - -allow rild vendor_data_file:dir rw_dir_perms; -allow rild vendor_data_file:file create_file_perms; - -allow rild block_device:dir search; - -allow rild param_block_device:blk_file rw_file_perms; - -allow rild vendor_diag_device:chr_file rw_file_perms; - -allow rild proc:file w_file_perms; -allow rild proc_net:file w_file_perms; - -set_prop(rild, vendor_rild_prop) diff --git a/sepolicy/vendor/seapp_contexts b/sepolicy/vendor/seapp_contexts deleted file mode 100644 index 48be461..0000000 --- a/sepolicy/vendor/seapp_contexts +++ /dev/null @@ -1 +0,0 @@ -user=system seinfo=platform name=com.qualcomm.qti.poweroffalarm domain=vendor_poweroffalarm_app type=system_app_data_file diff --git a/sepolicy/vendor/update_engine_common.te b/sepolicy/vendor/update_engine_common.te deleted file mode 100644 index bde8371..0000000 --- a/sepolicy/vendor/update_engine_common.te +++ /dev/null @@ -1 +0,0 @@ -allow update_engine_common vendor_modem_efs_partition_device:blk_file rw_file_perms; diff --git a/sepolicy/vendor/vendor_init-qcom-sensors-sh.te b/sepolicy/vendor/vendor_init-qcom-sensors-sh.te deleted file mode 100644 index 2363a4e..0000000 --- a/sepolicy/vendor/vendor_init-qcom-sensors-sh.te +++ /dev/null @@ -1,2 +0,0 @@ -allow vendor_init-qcom-sensors-sh vendor_persist_sensors_file:dir setattr; -allow vendor_init-qcom-sensors-sh vendor_persist_sensors_file:file setattr; diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te deleted file mode 100644 index 5a1d5d8..0000000 --- a/sepolicy/vendor/vendor_init.te +++ /dev/null @@ -1,13 +0,0 @@ -allow vendor_init tmpfs:chr_file { read open }; -allow vendor_init tmpfs:dir { create_dir_perms mounton }; - -allow vendor_init op2_file:file create_file_perms; - -allow vendor_init proc_direct_swappiness:file w_file_perms; -allow vendor_init proc_hung_task:file w_file_perms; -allow vendor_init proc_swappiness:file w_file_perms; -allow vendor_init proc_watermark_boost_factor:file rw_file_perms; - -get_prop(vendor_init, vendor_db_security_prop) -set_prop(vendor_init, vendor_oem_bluetooth_prop) -set_prop(vendor_init, vendor_oem_wifi_prop) diff --git a/sepolicy/vendor/vendor_qti_init_shell.te b/sepolicy/vendor/vendor_qti_init_shell.te deleted file mode 100644 index 48c6ad6..0000000 --- a/sepolicy/vendor/vendor_qti_init_shell.te +++ /dev/null @@ -1,30 +0,0 @@ -allow vendor_qti_init_shell proc_modules:file r_file_perms; - -allow vendor_qti_init_shell sysfs:file write; - -allow vendor_qti_init_shell sysfs_devices_system_cpu:file setattr; -allow vendor_qti_init_shell sysfs_project_info:file write; - -allow vendor_qti_init_shell sysfs_fsc:dir r_dir_perms; -allow vendor_qti_init_shell sysfs_fsc:file rw_file_perms; - -allow vendor_qti_init_shell sysfs_memplus:file rw_file_perms; - -allow vendor_qti_init_shell vendor_data_file:dir create_dir_perms; -allow vendor_qti_init_shell vendor_data_file:file create_file_perms; - -allow vendor_qti_init_shell vendor_file:file execute_no_trans; -allow vendor_qti_init_shell vendor_file:system module_load; - -allow vendor_qti_init_shell vendor_sysfs_scsi_host:dir r_dir_perms; -allow vendor_qti_init_shell vendor_sysfs_scsi_host:file rw_file_perms; - -allow vendor_qti_init_shell vendor_wcnss_service_exec:file execute_no_trans; - -allow vendor_qti_init_shell kmsg_device:chr_file w_file_perms; -allow vendor_qti_init_shell loop_control_device:chr_file rw_file_perms; - -get_prop(vendor_qti_init_shell, exported_system_prop) -set_prop(vendor_qti_init_shell, ctl_default_prop) -set_prop(vendor_qti_init_shell, vendor_memplus_prop) -set_prop(vendor_qti_init_shell, vendor_set_wlan_prop) diff --git a/sepolicy/vendor/vendor_sensors.te b/sepolicy/vendor/vendor_sensors.te deleted file mode 100644 index 24e46e0..0000000 --- a/sepolicy/vendor/vendor_sensors.te +++ /dev/null @@ -1,2 +0,0 @@ -r_dir_file(vendor_sensors, oem_file) -r_dir_file(vendor_sensors, sysfs_project_info) diff --git a/sepolicy/vendor/vendor_wcnss_service.te b/sepolicy/vendor/vendor_wcnss_service.te deleted file mode 100644 index 98e5d9c..0000000 --- a/sepolicy/vendor/vendor_wcnss_service.te +++ /dev/null @@ -1,3 +0,0 @@ -allow vendor_wcnss_service init:unix_stream_socket connectto; -allow vendor_wcnss_service property_socket:sock_file write; -allow vendor_wcnss_service vendor_set_wlan_prop:property_service set; diff --git a/sepolicy/vendor/wifi-mac-generator.te b/sepolicy/vendor/wifi-mac-generator.te deleted file mode 100644 index ced7309..0000000 --- a/sepolicy/vendor/wifi-mac-generator.te +++ /dev/null @@ -1,12 +0,0 @@ -type wifi-mac-generator, domain; -type wifi-mac-generator_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(wifi-mac-generator) - -allow wifi-mac-generator vendor_shell_exec:file rx_file_perms; -allow wifi-mac-generator vendor_toolbox_exec:file rx_file_perms; - -r_dir_file(wifi-mac-generator, vendor_data_file) - -allow wifi-mac-generator mnt_vendor_file:dir search; -allow wifi-mac-generator mnt_vendor_file:file w_file_perms;