dre: Use hardware/oplus/sepolicy/qti
Keep certain policies here for now. Change-Id: I8d1f4c402a4e9ce8d97cf315d32148f88089c4c5
This commit is contained in:
LuK1337
Albert Tang
parent
0edc4e9c42
commit
211108ed5e
38 changed files with 4 additions and 465 deletions
|
|
@ -186,6 +186,7 @@ VENDOR_SECURITY_PATCH := $(BOOT_SECURITY_PATCH)
|
|||
|
||||
# SEPolicy
|
||||
include device/qcom/sepolicy_vndr/SEPolicy.mk
|
||||
include hardware/oplus/sepolicy/qti/SEPolicy.mk
|
||||
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/vendor
|
||||
|
||||
|
|
|
|||
12
sepolicy/vendor/attributes
vendored
12
sepolicy/vendor/attributes
vendored
|
|
@ -1,12 +0,0 @@
|
|||
# HALs
|
||||
attribute hal_cameraHIDL;
|
||||
attribute hal_cameraHIDL_client;
|
||||
attribute hal_cameraHIDL_server;
|
||||
|
||||
attribute hal_display;
|
||||
attribute hal_display_client;
|
||||
attribute hal_display_server;
|
||||
|
||||
attribute hal_param;
|
||||
attribute hal_param_client;
|
||||
attribute hal_param_server;
|
||||
1
sepolicy/vendor/cameraserver.te
vendored
1
sepolicy/vendor/cameraserver.te
vendored
|
|
@ -1 +0,0 @@
|
|||
binder_call(cameraserver, hal_cameraHIDL_default)
|
||||
8
sepolicy/vendor/device.te
vendored
8
sepolicy/vendor/device.te
vendored
|
|
@ -1,8 +0,0 @@
|
|||
type byte_cntr_device, dev_type;
|
||||
type dash_device, dev_type;
|
||||
type fingerprintd_device, dev_type;
|
||||
type fragment_monitor_device, dev_type;
|
||||
type param_block_device, dev_type;
|
||||
type param_device, dev_type;
|
||||
type reserve2_block_device, dev_type;
|
||||
type therm_device, dev_type;
|
||||
1
sepolicy/vendor/domain.te
vendored
1
sepolicy/vendor/domain.te
vendored
|
|
@ -1 +0,0 @@
|
|||
allow domain opf_file:file r_file_perms;
|
||||
21
sepolicy/vendor/file.te
vendored
21
sepolicy/vendor/file.te
vendored
|
|
@ -1,22 +1 @@
|
|||
# files
|
||||
type oem_file, file_type;
|
||||
type op1_file, file_type;
|
||||
type op2_file, file_type;
|
||||
type opf_file, file_type;
|
||||
|
||||
# procfs
|
||||
type proc_direct_swappiness, fs_type, proc_type;
|
||||
type proc_flash_light_file, fs_type, proc_type;
|
||||
type proc_swappiness, fs_type, proc_type;
|
||||
type proc_touchpanel, fs_type, proc_type;
|
||||
type proc_watermark_boost_factor, fs_type, proc_type;
|
||||
|
||||
# sysfs
|
||||
type sysfs_dbg, fs_type, sysfs_type;
|
||||
type sysfs_fsc, fs_type, sysfs_type;
|
||||
type sysfs_fuse, fs_type, sysfs_type;
|
||||
type sysfs_memplus, fs_type, sysfs_type;
|
||||
type sysfs_ois_control, fs_type, sysfs_type;
|
||||
type sysfs_project_info, fs_type, sysfs_type;
|
||||
type sysfs_tof_control, fs_type, sysfs_type;
|
||||
type sysfs_tpd, fs_type, sysfs_type;
|
||||
|
|
|
|||
83
sepolicy/vendor/file_contexts
vendored
83
sepolicy/vendor/file_contexts
vendored
|
|
@ -1,85 +1,4 @@
|
|||
# Binaries
|
||||
/(vendor|system/vendor)/bin/opf-service u:object_r:opf_exec:s0
|
||||
/(vendor|system/vendor)/bin/wifi-mac-generator-dre u:object_r:wifi-mac-generator_exec:s0
|
||||
|
||||
# Block devices
|
||||
/dev/block/platform/soc/4804000\.ufshc/by-name/fw_ufs1_[ab] u:object_r:vendor_custom_ab_block_device:s0
|
||||
/dev/block/platform/soc/4804000\.ufshc/by-name/fw_ufs2_[ab] u:object_r:vendor_custom_ab_block_device:s0
|
||||
/dev/block/platform/soc/4804000\.ufshc/by-name/logo_[ab] u:object_r:vendor_custom_ab_block_device:s0
|
||||
/dev/block/platform/soc/4804000\.ufshc/by-name/oplusdycnvbk u:object_r:vendor_modem_efs_partition_device:s0
|
||||
/dev/block/platform/soc/4804000\.ufshc/by-name/oplusreserve4 u:object_r:reserve2_block_device:s0
|
||||
/dev/block/platform/soc/4804000\.ufshc/by-name/oplusstanvbk_[ab] u:object_r:vendor_modem_efs_partition_device:s0
|
||||
/dev/block/platform/soc/4804000\.ufshc/by-name/opproduct_[ab] u:object_r:vendor_custom_ab_block_device:s0
|
||||
/dev/block/platform/soc/4804000\.ufshc/by-name/param u:object_r:param_block_device:s0
|
||||
/dev/block/platform/soc/4804000\.ufshc/by-name/rawdump u:object_r:vendor_rawdump_block_device:s0
|
||||
|
||||
# Data files
|
||||
/data/reserve-lib(/.*)? u:object_r:apk_data_file:s0
|
||||
|
||||
# Devices
|
||||
/dev/byte-cntr u:object_r:byte_cntr_device:s0
|
||||
/dev/cc_ctl u:object_r:graphics_device:s0
|
||||
/dev/fragment_monitor u:object_r:fragment_monitor_device:s0
|
||||
/dev/goodix_fp u:object_r:fingerprintd_device:s0
|
||||
/dev/ht_ctl u:object_r:graphics_device:s0
|
||||
/dev/mmw0_thermal u:object_r:therm_device:s0
|
||||
/dev/mmw1_thermal u:object_r:therm_device:s0
|
||||
/dev/mmw2_thermal u:object_r:therm_device:s0
|
||||
/dev/opfeature u:object_r:opf_file:s0
|
||||
/dev/param u:object_r:param_device:s0
|
||||
/dev/skin_thermal u:object_r:therm_device:s0
|
||||
/dev/st21nfc u:object_r:nfc_device:s0
|
||||
|
||||
# HALs
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.1-service\.oneplus u:object_r:hal_lineage_livedisplay_qti_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.oneplus u:object_r:hal_lineage_touch_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.camera@1\.0-service u:object_r:hal_cameraHIDL_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.CameraMDMHIDL@1\.0-service u:object_r:hal_cameraHIDL_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.display@1\.0-service u:object_r:hal_display_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.param@1\.0-service u:object_r:hal_param_default_exec:s0
|
||||
|
||||
# OP1, OP2 files
|
||||
/mnt/vendor/op1(/.*)? u:object_r:op1_file:s0
|
||||
/mnt/vendor/op2(/.*)? u:object_r:op2_file:s0
|
||||
|
||||
# Persist files
|
||||
/mnt/vendor/persist u:object_r:vendor_data_file:s0
|
||||
/mnt/vendor/persist/camera(/.*)? u:object_r:oem_file:s0
|
||||
/mnt/vendor/persist/camera_ae_sync(/.*)? u:object_r:oem_file:s0
|
||||
/mnt/vendor/persist/dual_camera_calibration(/.*)? u:object_r:oem_file:s0
|
||||
/mnt/vendor/persist/engineermode(/.*)? u:object_r:oem_file:s0
|
||||
/mnt/vendor/persist/OPDiagnose(/.*)? u:object_r:oem_file:s0
|
||||
|
||||
# Sys files
|
||||
/sys/module/fsc(/.*)? u:object_r:sysfs_fsc:s0
|
||||
/sys/module/fuse(/.*)? u:object_r:sysfs_fuse:s0
|
||||
/sys/module/proc(/.*)? u:object_r:sysfs_dbg:s0
|
||||
/sys/module/tpd(/.*)? u:object_r:sysfs_tpd:s0
|
||||
# Battery
|
||||
/sys/module/qpnp_smb5(/.*)? u:object_r:vendor_sysfs_battery_supply:s0
|
||||
|
||||
# Sys files (health)
|
||||
/sys/devices/platform/soc/4c90000.i2c/i2c-1/1-006b/iio:device5/name u:object_r:vendor_sysfs_battery_supply:s0
|
||||
/sys/devices/platform/soc/4c90000.i2c/i2c-1/1-006b/power_supply/parallel/model_name u:object_r:vendor_sysfs_battery_supply:s0
|
||||
|
||||
# Sys files (wakeup)
|
||||
/sys/devices(/platform)?/soc/[0-9a-f]+.qcom,spmi/spmi-[0-9]+/spmi[0-9]+-[0-9]+/[0-9a-f]+.qcom,spmi:qcom,pmk[0-9]+@[0-9]+:pon_hlos@[0-9]+/wakeup/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices(/platform)?/soc/[0-9a-f]+.qcom,spmi/spmi-[0-9]+/spmi[0-9]+-[0-9]+/[0-9a-f]+.qcom,spmi:qcom,pmk[0-9]+@[0-9]+:pon_pbs@[0-9]+/wakeup/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices(/platform)?/soc/[0-9a-f]+.qcom,spmi/spmi-[0-9]+/spmi[0-9]+-[0-9]+/[0-9a-f]+.qcom,spmi:qcom,pmk[0-9]+@[0-9]+:rtc@[0-9]+/rtc/rtc[0-9]+/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices(/platform)?/soc/[0-9a-f]+.qcom,spmi/spmi-[0-9]+/spmi[0-9]+-[0-9]+/[0-9a-f]+.qcom,spmi:qcom,pmk[0-9]+@[0-9]+:rtc@[0-9]+/wakeup/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/fastrpc/adsprpc-smd-secure/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/fastrpc/adsprpc-smd/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_aac/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_alac/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_amrnb/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_amrwb/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_amrwbplus/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_ape/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_evrc/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_g711alaw/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_g711mlaw/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_mp3/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_multi_aac/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_qcelp/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_wma/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
/sys/devices/virtual/misc/msm_wmapro/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
|
||||
|
|
|
|||
33
sepolicy/vendor/genfs_contexts
vendored
33
sepolicy/vendor/genfs_contexts
vendored
|
|
@ -1,34 +1 @@
|
|||
# procfs
|
||||
genfscon proc /qcom_flash u:object_r:proc_flash_light_file:s0
|
||||
genfscon proc /touchpanel u:object_r:proc_touchpanel:s0
|
||||
|
||||
# sysfs
|
||||
genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/dimlayer_bl_en u:object_r:sysfs_livedisplay_tuneable:s0
|
||||
genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/hbm u:object_r:sysfs_livedisplay_tuneable:s0
|
||||
genfscon sysfs /kernel/ois_control u:object_r:sysfs_ois_control:s0
|
||||
genfscon sysfs /kernel/tof_control u:object_r:sysfs_tof_control:s0
|
||||
genfscon sysfs /module/memplus_core/parameters u:object_r:sysfs_memplus:s0
|
||||
genfscon sysfs /project_info u:object_r:sysfs_project_info:s0
|
||||
|
||||
# sysfs (wakeup)
|
||||
genfscon sysfs /devices/platform/soc/1628000.qcom,msm-eud/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/4a84000.qcom,qup_uart/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/4c88000.i2c/i2c-0/0-0008/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/5800000.qcom,ipa/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/5ab0000.qcom,venus/subsys5/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/5ab0000.qcom,venus/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/6000000.qcom,mss/subsys2/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/6000000.qcom,mss/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/a400000.qcom,lpass/subsys0/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/a400000.qcom,lpass/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/b000000.qcom,turing/subsys1/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/b000000.qcom,turing/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c800000.qcom,icnss/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys3/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys4/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-adsp/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-dsps/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-modem/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,smp2p_sleepstate/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
|
|
|||
3
sepolicy/vendor/hal_bluetooth_default.te
vendored
3
sepolicy/vendor/hal_bluetooth_default.te
vendored
|
|
@ -1,3 +0,0 @@
|
|||
allow hal_bluetooth_default vendor_data_file:file r_file_perms;
|
||||
|
||||
allow hal_bluetooth_default vendor_diag_device:chr_file rw_file_perms;
|
||||
1
sepolicy/vendor/hal_bootctl.te
vendored
1
sepolicy/vendor/hal_bootctl.te
vendored
|
|
@ -1 +0,0 @@
|
|||
allow hal_bootctl vendor_modem_efs_partition_device:blk_file getattr;
|
||||
4
sepolicy/vendor/hal_cameraHIDL.te
vendored
4
sepolicy/vendor/hal_cameraHIDL.te
vendored
|
|
@ -1,4 +0,0 @@
|
|||
binder_call(hal_cameraHIDL_client, hal_cameraHIDL_server)
|
||||
binder_call(hal_cameraHIDL_server, hal_cameraHIDL_client)
|
||||
|
||||
hal_attribute_hwservice(hal_cameraHIDL, hal_cameraHIDL_hwservice)
|
||||
22
sepolicy/vendor/hal_cameraHIDL_default.te
vendored
22
sepolicy/vendor/hal_cameraHIDL_default.te
vendored
|
|
@ -1,22 +0,0 @@
|
|||
type hal_cameraHIDL_default, domain;
|
||||
hal_server_domain(hal_cameraHIDL_default, hal_cameraHIDL)
|
||||
|
||||
type hal_cameraHIDL_default_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_cameraHIDL_default)
|
||||
|
||||
add_hwservice(hal_cameraHIDL_default, hal_cameraHIDL_hwservice)
|
||||
|
||||
hwbinder_use(hal_cameraHIDL_default)
|
||||
|
||||
binder_call(hal_cameraHIDL_default, vendor_hal_perf_default)
|
||||
|
||||
allow hal_cameraHIDL_default vendor_hal_perf_hwservice:hwservice_manager find;
|
||||
|
||||
allow hal_cameraHIDL_default ion_device:chr_file r_file_perms;
|
||||
allow hal_cameraHIDL_default tee_device:chr_file rw_file_perms;
|
||||
|
||||
allow hal_cameraHIDL_default vendor_camera_data_file:dir create_dir_perms;
|
||||
|
||||
r_dir_file(hal_cameraHIDL_default, firmware_file)
|
||||
|
||||
get_prop(hal_cameraHIDL_default, hwservicemanager_prop)
|
||||
26
sepolicy/vendor/hal_camera_default.te
vendored
26
sepolicy/vendor/hal_camera_default.te
vendored
|
|
@ -1,27 +1 @@
|
|||
hal_client_domain(hal_camera_default, hal_cameraHIDL)
|
||||
|
||||
allow hal_camera_default mnt_vendor_file:dir w_dir_perms;
|
||||
allow hal_camera_default mnt_vendor_file:file create_file_perms;
|
||||
|
||||
allow hal_camera_default oem_file:dir w_dir_perms;
|
||||
allow hal_camera_default oem_file:file create_file_perms;
|
||||
|
||||
allow hal_camera_default vendor_persist_file:dir w_dir_perms;
|
||||
allow hal_camera_default vendor_persist_file:file create_file_perms;
|
||||
|
||||
allow hal_camera_default input_device:dir r_dir_perms;
|
||||
allow hal_camera_default input_device:chr_file r_file_perms;
|
||||
|
||||
allow hal_camera_default proc_meminfo:file r_file_perms;
|
||||
allow hal_camera_default proc_flash_light_file:file rw_file_perms;
|
||||
|
||||
allow hal_camera_default sysfs_ois_control:dir r_dir_perms;
|
||||
allow hal_camera_default sysfs_ois_control:file rw_file_perms;
|
||||
|
||||
allow hal_camera_default sysfs_tof_control:dir r_dir_perms;
|
||||
allow hal_camera_default sysfs_tof_control:file rw_file_perms;
|
||||
|
||||
get_prop(hal_camera_default, ctl_default_prop)
|
||||
get_prop(hal_camera_default, vendor_db_security_prop)
|
||||
get_prop(hal_camera_default, vendor_mmi_prop)
|
||||
set_prop(hal_camera_default, vendor_sys_op_prop)
|
||||
|
|
|
|||
4
sepolicy/vendor/hal_display.te
vendored
4
sepolicy/vendor/hal_display.te
vendored
|
|
@ -1,4 +0,0 @@
|
|||
binder_call(hal_display_client, hal_display_server)
|
||||
binder_call(hal_display_server, hal_display_client)
|
||||
|
||||
hal_attribute_hwservice(hal_display, hal_display_hwservice)
|
||||
17
sepolicy/vendor/hal_display_default.te
vendored
17
sepolicy/vendor/hal_display_default.te
vendored
|
|
@ -1,17 +0,0 @@
|
|||
type hal_display_default, domain;
|
||||
hal_server_domain(hal_display_default, hal_display)
|
||||
|
||||
type hal_display_default_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_display_default)
|
||||
|
||||
add_hwservice(hal_display_default, hal_display_hwservice)
|
||||
|
||||
hwbinder_use(hal_display_default)
|
||||
|
||||
binder_call(hal_display_default, vendor_hal_display_color)
|
||||
|
||||
allow hal_display_default vendor_hal_display_postproc_hwservice:hwservice_manager find;
|
||||
|
||||
allow hal_display_default sysfs:file rw_file_perms;
|
||||
|
||||
get_prop(hal_display_default, hwservicemanager_prop)
|
||||
21
sepolicy/vendor/hal_fingerprint_device.te
vendored
21
sepolicy/vendor/hal_fingerprint_device.te
vendored
|
|
@ -1,21 +0,0 @@
|
|||
hal_client_domain(hal_fingerprint_default, hal_display)
|
||||
|
||||
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
|
||||
|
||||
binder_call(hal_fingerprint_default, vendor_hal_perf_default)
|
||||
|
||||
allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find;
|
||||
|
||||
allow hal_fingerprint_default fingerprintd_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default vendor_qdsp_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default vendor_xdsp_device:chr_file rw_file_perms;
|
||||
|
||||
allow hal_fingerprint_default proc_touchpanel:dir search;
|
||||
allow hal_fingerprint_default proc_touchpanel:file rw_file_perms;
|
||||
|
||||
allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
|
||||
|
||||
get_prop(hal_fingerprint_default, vendor_adsprpc_prop)
|
||||
get_prop(hal_fingerprint_default, vendor_default_prop)
|
||||
set_prop(hal_fingerprint_default, vendor_fingerprint_prop)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
allow hal_graphics_composer_default vendor_persist_file:file rw_file_perms;
|
||||
|
||||
allow hal_graphics_composer_default sysfs_devices_system_cpu:file rw_file_perms;
|
||||
|
||||
allow hal_graphics_composer_default vendor_diag_device:chr_file rw_file_perms;
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
allow hal_lineage_livedisplay_qti vendor_display_vendor_data_file:dir rw_dir_perms;
|
||||
allow hal_lineage_livedisplay_qti vendor_display_vendor_data_file:file create_file_perms;
|
||||
|
||||
allow hal_lineage_livedisplay_qti vendor_sysfs_graphics:dir r_dir_perms;
|
||||
allow hal_lineage_livedisplay_qti sysfs_livedisplay_tuneable:file rw_file_perms;
|
||||
2
sepolicy/vendor/hal_lineage_touch_default.te
vendored
2
sepolicy/vendor/hal_lineage_touch_default.te
vendored
|
|
@ -1,2 +0,0 @@
|
|||
allow hal_lineage_touch_default proc_touchpanel:dir search;
|
||||
allow hal_lineage_touch_default proc_touchpanel:file rw_file_perms;
|
||||
4
sepolicy/vendor/hal_nfc_default.te
vendored
4
sepolicy/vendor/hal_nfc_default.te
vendored
|
|
@ -1,4 +0,0 @@
|
|||
allow hal_nfc_default vendor_nfc_vendor_data_file:dir create_dir_perms;
|
||||
allow hal_nfc_default vendor_nfc_vendor_data_file:file create_file_perms;
|
||||
|
||||
get_prop(hal_nfc_default, vendor_nfc_prop)
|
||||
4
sepolicy/vendor/hal_param.te
vendored
4
sepolicy/vendor/hal_param.te
vendored
|
|
@ -1,4 +0,0 @@
|
|||
binder_call(hal_param_client, hal_param_server)
|
||||
binder_call(hal_param_server, hal_param_client)
|
||||
|
||||
hal_attribute_hwservice(hal_param, hal_param_hwservice)
|
||||
17
sepolicy/vendor/hal_param_default.te
vendored
17
sepolicy/vendor/hal_param_default.te
vendored
|
|
@ -1,17 +0,0 @@
|
|||
type hal_param_default, domain;
|
||||
hal_server_domain(hal_param_default, hal_param)
|
||||
|
||||
type hal_param_default_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_param_default)
|
||||
|
||||
allow hal_param_default self:qipcrtr_socket create_socket_perms_no_ioctl;
|
||||
|
||||
allow hal_param_default block_device:dir search;
|
||||
|
||||
allow hal_param_default param_block_device:blk_file rw_file_perms;
|
||||
|
||||
allow hal_param_default param_device:chr_file rw_file_perms;
|
||||
|
||||
r_dir_file(hal_param_default, sysfs_project_info)
|
||||
|
||||
get_prop(hal_param_default, exported_default_prop)
|
||||
2
sepolicy/vendor/hal_power_default.te
vendored
2
sepolicy/vendor/hal_power_default.te
vendored
|
|
@ -1,2 +0,0 @@
|
|||
allow hal_power_default proc_touchpanel:dir search;
|
||||
allow hal_power_default proc_touchpanel:file rw_file_perms;
|
||||
4
sepolicy/vendor/hwservice.te
vendored
4
sepolicy/vendor/hwservice.te
vendored
|
|
@ -1,4 +0,0 @@
|
|||
type hal_cameraHIDL_hwservice, hwservice_manager_type;
|
||||
type hal_charger_hwservice, hwservice_manager_type;
|
||||
type hal_display_hwservice, hwservice_manager_type;
|
||||
type hal_param_hwservice, hwservice_manager_type;
|
||||
10
sepolicy/vendor/hwservice_contexts
vendored
10
sepolicy/vendor/hwservice_contexts
vendored
|
|
@ -1,10 +0,0 @@
|
|||
vendor.goodix3626.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_hwservice:s0
|
||||
vendor.goodix3626.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonExt u:object_r:hal_fingerprint_hwservice:s0
|
||||
vendor.goodix3626.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonHbd u:object_r:hal_fingerprint_hwservice:s0
|
||||
vendor.goodix3626.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonFido u:object_r:hal_fingerprint_hwservice:s0
|
||||
vendor.oneplus.camera.CameraHIDL::IOnePlusCameraProvider u:object_r:hal_cameraHIDL_hwservice:s0
|
||||
vendor.oneplus.fingerprint.extension::IVendorFingerprintExtensions u:object_r:hal_fingerprint_hwservice:s0
|
||||
vendor.oneplus.hardware.camera::IOnePlusCameraProvider u:object_r:hal_cameraHIDL_hwservice:s0
|
||||
vendor.oneplus.hardware.CameraMDMHIDL::IOnePlusCameraMDM u:object_r:hal_cameraHIDL_hwservice:s0
|
||||
vendor.oneplus.hardware.display::IOneplusDisplay u:object_r:hal_display_hwservice:s0
|
||||
vendor.oneplus.hardware.param::IOneplusParam u:object_r:hal_param_hwservice:s0
|
||||
2
sepolicy/vendor/kernel.te
vendored
2
sepolicy/vendor/kernel.te
vendored
|
|
@ -1,2 +0,0 @@
|
|||
allow kernel param_block_device:dir search;
|
||||
allow kernel param_block_device:blk_file rw_file_perms;
|
||||
11
sepolicy/vendor/opf.te
vendored
11
sepolicy/vendor/opf.te
vendored
|
|
@ -1,11 +0,0 @@
|
|||
type opf, domain;
|
||||
type opf_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(opf)
|
||||
|
||||
type_transition opf device:file opf_file;
|
||||
|
||||
allow opf device:dir create_dir_perms;
|
||||
allow opf device:file create_file_perms;
|
||||
|
||||
allow opf opf_file:file create_file_perms;
|
||||
11
sepolicy/vendor/property.te
vendored
11
sepolicy/vendor/property.te
vendored
|
|
@ -1,11 +0,0 @@
|
|||
vendor_internal_prop(vendor_db_security_prop)
|
||||
vendor_internal_prop(vendor_fingerprint_prop)
|
||||
vendor_internal_prop(vendor_gps_prop)
|
||||
vendor_internal_prop(vendor_memplus_prop)
|
||||
vendor_internal_prop(vendor_nfc_prop)
|
||||
vendor_internal_prop(vendor_oem_bluetooth_prop)
|
||||
vendor_internal_prop(vendor_oem_wifi_prop)
|
||||
vendor_internal_prop(vendor_rild_prop)
|
||||
vendor_internal_prop(vendor_set_wlan_prop)
|
||||
vendor_internal_prop(vendor_shell_prop)
|
||||
vendor_internal_prop(vendor_sys_op_prop)
|
||||
51
sepolicy/vendor/property_contexts
vendored
51
sepolicy/vendor/property_contexts
vendored
|
|
@ -1,51 +0,0 @@
|
|||
persist.vendor.bluetooth.bt.uart.log u:object_r:vendor_oem_bluetooth_prop:s0
|
||||
persist.vendor.ese. u:object_r:vendor_nfc_prop:s0
|
||||
persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0
|
||||
persist.vendor.oem.bt.debug u:object_r:vendor_oem_bluetooth_prop:s0
|
||||
persist.vendor.oem.btenhanced.debug u:object_r:vendor_oem_bluetooth_prop:s0
|
||||
persist.vendor.oem.btsnoop.debug u:object_r:vendor_oem_bluetooth_prop:s0
|
||||
persist.vendor.oem.fp.version u:object_r:vendor_fingerprint_prop:s0
|
||||
persist.vendor.oem.gps.debug u:object_r:vendor_gps_prop:s0
|
||||
persist.vendor.oem.wifi.chain u:object_r:vendor_oem_wifi_prop:s0
|
||||
persist.vendor.oem.wifi.cnssdiag u:object_r:vendor_oem_wifi_prop:s0
|
||||
persist.vendor.oem.wifi.copytosd u:object_r:vendor_oem_wifi_prop:s0
|
||||
persist.vendor.oem.wifi.debug u:object_r:vendor_oem_wifi_prop:s0
|
||||
persist.vendor.oem.wifi.logpath u:object_r:vendor_oem_wifi_prop:s0
|
||||
persist.vendor.oem.wifi.txenable u:object_r:vendor_oem_wifi_prop:s0
|
||||
persist.vendor.oneplus.bt u:object_r:vendor_oem_bluetooth_prop:s0
|
||||
persist.vendor.oneplus.bttestmode u:object_r:vendor_oem_bluetooth_prop:s0
|
||||
persist.vendor.sdx50m.online u:object_r:vendor_usb_prop:s0
|
||||
persist.vendor.service.bdroid.snooplog u:object_r:vendor_bluetooth_prop:s0
|
||||
persist.vendor.service.bdroid.soclog u:object_r:vendor_bluetooth_prop:s0
|
||||
persist.vendor.tcpdump.copy u:object_r:vendor_oem_wifi_prop:s0
|
||||
persist.vendor.tcpdump.dir u:object_r:vendor_oem_wifi_prop:s0
|
||||
persist.vendor.tcpdump.location u:object_r:vendor_oem_wifi_prop:s0
|
||||
persist.vendor.tcpdump.mdpermission u:object_r:vendor_oem_wifi_prop:s0
|
||||
ro.vendor.build.display.full_id u:object_r:vendor_rild_prop:s0
|
||||
ro.vendor.product.device.db u:object_r:vendor_db_security_prop:s0
|
||||
ro.vendor.product.manufacturer.db u:object_r:vendor_db_security_prop:s0
|
||||
vendor.calibration.fingerprint u:object_r:vendor_fingerprint_prop:s0
|
||||
vendor.copy.opdiagnose.data u:object_r:vendor_shell_prop:s0
|
||||
vendor.nfc. u:object_r:vendor_nfc_prop:s0
|
||||
vendor.oem.rbr.log.clean u:object_r:vendor_default_prop:s0
|
||||
vendor.oem.wifi.socket.quit u:object_r:vendor_set_wlan_prop:s0
|
||||
vendor.service.wifi.socket.enable u:object_r:vendor_oem_wifi_prop:s0
|
||||
vendor.service.wifi.socket.mdm.enable u:object_r:vendor_oem_wifi_prop:s0
|
||||
vendor.sys.memplus.postboot u:object_r:vendor_memplus_prop:s0
|
||||
vendor.sys.op.disable_ufstw u:object_r:vendor_sys_op_prop:s0
|
||||
vendor.wcn.firmware.version u:object_r:vendor_set_wlan_prop:s0
|
||||
vendor.wcn.bdf.version u:object_r:vendor_set_wlan_prop:s0
|
||||
vendor.wlan.driver.status u:object_r:vendor_set_wlan_prop:s0
|
||||
vendor.wlan.ftm.daemon u:object_r:vendor_set_wlan_prop:s0
|
||||
vendor.wlan.ftm.up u:object_r:vendor_set_wlan_prop:s0
|
||||
vendor.wlan.hotspot.forceChannel u:object_r:vendor_oem_wifi_prop:s0
|
||||
vendor.wlan.sniffer.bandwidth u:object_r:vendor_oem_wifi_prop:s0
|
||||
vendor.wlan.sniffer.channel u:object_r:vendor_oem_wifi_prop:s0
|
||||
vendor.wlan.sniffer.dump u:object_r:vendor_oem_wifi_prop:s0
|
||||
vendor.wlan.sniffer.enabled u:object_r:vendor_oem_wifi_prop:s0
|
||||
vendor.wlan.sniffer.file u:object_r:vendor_oem_wifi_prop:s0
|
||||
vendor.wlan.sniffer.iface u:object_r:vendor_oem_wifi_prop:s0
|
||||
vendor.wlan.sniffer.output_dir u:object_r:vendor_oem_wifi_prop:s0
|
||||
vendor.wlan.sniffer.status u:object_r:vendor_oem_wifi_prop:s0
|
||||
vendor.wlan.sniffer.vendor_dir u:object_r:vendor_oem_wifi_prop:s0
|
||||
vendor.wlan.write.con_mode u:object_r:vendor_set_wlan_prop:s0
|
||||
15
sepolicy/vendor/rild.te
vendored
15
sepolicy/vendor/rild.te
vendored
|
|
@ -1,15 +0,0 @@
|
|||
hal_client_domain(rild, hal_param)
|
||||
|
||||
allow rild vendor_data_file:dir rw_dir_perms;
|
||||
allow rild vendor_data_file:file create_file_perms;
|
||||
|
||||
allow rild block_device:dir search;
|
||||
|
||||
allow rild param_block_device:blk_file rw_file_perms;
|
||||
|
||||
allow rild vendor_diag_device:chr_file rw_file_perms;
|
||||
|
||||
allow rild proc:file w_file_perms;
|
||||
allow rild proc_net:file w_file_perms;
|
||||
|
||||
set_prop(rild, vendor_rild_prop)
|
||||
1
sepolicy/vendor/seapp_contexts
vendored
1
sepolicy/vendor/seapp_contexts
vendored
|
|
@ -1 +0,0 @@
|
|||
user=system seinfo=platform name=com.qualcomm.qti.poweroffalarm domain=vendor_poweroffalarm_app type=system_app_data_file
|
||||
1
sepolicy/vendor/update_engine_common.te
vendored
1
sepolicy/vendor/update_engine_common.te
vendored
|
|
@ -1 +0,0 @@
|
|||
allow update_engine_common vendor_modem_efs_partition_device:blk_file rw_file_perms;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow vendor_init-qcom-sensors-sh vendor_persist_sensors_file:dir setattr;
|
||||
allow vendor_init-qcom-sensors-sh vendor_persist_sensors_file:file setattr;
|
||||
13
sepolicy/vendor/vendor_init.te
vendored
13
sepolicy/vendor/vendor_init.te
vendored
|
|
@ -1,13 +0,0 @@
|
|||
allow vendor_init tmpfs:chr_file { read open };
|
||||
allow vendor_init tmpfs:dir { create_dir_perms mounton };
|
||||
|
||||
allow vendor_init op2_file:file create_file_perms;
|
||||
|
||||
allow vendor_init proc_direct_swappiness:file w_file_perms;
|
||||
allow vendor_init proc_hung_task:file w_file_perms;
|
||||
allow vendor_init proc_swappiness:file w_file_perms;
|
||||
allow vendor_init proc_watermark_boost_factor:file rw_file_perms;
|
||||
|
||||
get_prop(vendor_init, vendor_db_security_prop)
|
||||
set_prop(vendor_init, vendor_oem_bluetooth_prop)
|
||||
set_prop(vendor_init, vendor_oem_wifi_prop)
|
||||
30
sepolicy/vendor/vendor_qti_init_shell.te
vendored
30
sepolicy/vendor/vendor_qti_init_shell.te
vendored
|
|
@ -1,30 +0,0 @@
|
|||
allow vendor_qti_init_shell proc_modules:file r_file_perms;
|
||||
|
||||
allow vendor_qti_init_shell sysfs:file write;
|
||||
|
||||
allow vendor_qti_init_shell sysfs_devices_system_cpu:file setattr;
|
||||
allow vendor_qti_init_shell sysfs_project_info:file write;
|
||||
|
||||
allow vendor_qti_init_shell sysfs_fsc:dir r_dir_perms;
|
||||
allow vendor_qti_init_shell sysfs_fsc:file rw_file_perms;
|
||||
|
||||
allow vendor_qti_init_shell sysfs_memplus:file rw_file_perms;
|
||||
|
||||
allow vendor_qti_init_shell vendor_data_file:dir create_dir_perms;
|
||||
allow vendor_qti_init_shell vendor_data_file:file create_file_perms;
|
||||
|
||||
allow vendor_qti_init_shell vendor_file:file execute_no_trans;
|
||||
allow vendor_qti_init_shell vendor_file:system module_load;
|
||||
|
||||
allow vendor_qti_init_shell vendor_sysfs_scsi_host:dir r_dir_perms;
|
||||
allow vendor_qti_init_shell vendor_sysfs_scsi_host:file rw_file_perms;
|
||||
|
||||
allow vendor_qti_init_shell vendor_wcnss_service_exec:file execute_no_trans;
|
||||
|
||||
allow vendor_qti_init_shell kmsg_device:chr_file w_file_perms;
|
||||
allow vendor_qti_init_shell loop_control_device:chr_file rw_file_perms;
|
||||
|
||||
get_prop(vendor_qti_init_shell, exported_system_prop)
|
||||
set_prop(vendor_qti_init_shell, ctl_default_prop)
|
||||
set_prop(vendor_qti_init_shell, vendor_memplus_prop)
|
||||
set_prop(vendor_qti_init_shell, vendor_set_wlan_prop)
|
||||
2
sepolicy/vendor/vendor_sensors.te
vendored
2
sepolicy/vendor/vendor_sensors.te
vendored
|
|
@ -1,2 +0,0 @@
|
|||
r_dir_file(vendor_sensors, oem_file)
|
||||
r_dir_file(vendor_sensors, sysfs_project_info)
|
||||
3
sepolicy/vendor/vendor_wcnss_service.te
vendored
3
sepolicy/vendor/vendor_wcnss_service.te
vendored
|
|
@ -1,3 +0,0 @@
|
|||
allow vendor_wcnss_service init:unix_stream_socket connectto;
|
||||
allow vendor_wcnss_service property_socket:sock_file write;
|
||||
allow vendor_wcnss_service vendor_set_wlan_prop:property_service set;
|
||||
12
sepolicy/vendor/wifi-mac-generator.te
vendored
12
sepolicy/vendor/wifi-mac-generator.te
vendored
|
|
@ -1,12 +0,0 @@
|
|||
type wifi-mac-generator, domain;
|
||||
type wifi-mac-generator_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(wifi-mac-generator)
|
||||
|
||||
allow wifi-mac-generator vendor_shell_exec:file rx_file_perms;
|
||||
allow wifi-mac-generator vendor_toolbox_exec:file rx_file_perms;
|
||||
|
||||
r_dir_file(wifi-mac-generator, vendor_data_file)
|
||||
|
||||
allow wifi-mac-generator mnt_vendor_file:dir search;
|
||||
allow wifi-mac-generator mnt_vendor_file:file w_file_perms;
|
||||
Loading…
Reference in a new issue