diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index 9c72b13..8e15af9 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -139,6 +139,7 @@ TARGET_PROVIDES_QTI_TELEPHONY_JAR := true # Sepolicy BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(COMMON_PATH)/sepolicy/private +BOARD_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \ device/qcom/sepolicy/generic/private \ diff --git a/common.mk b/common.mk index 6c98259..83cd038 100644 --- a/common.mk +++ b/common.mk @@ -109,6 +109,10 @@ PRODUCT_PACKAGES += \ PRODUCT_PACKAGES += \ OnePlusDoze +# fastbootd +PRODUCT_PACKAGES += \ + fastbootd + # Fingerprint PRODUCT_PACKAGES += \ android.hardware.biometrics.fingerprint@2.1-service.oneplus_kona \ diff --git a/sepolicy/vendor/device.te b/sepolicy/vendor/device.te new file mode 100644 index 0000000..24db6e6 --- /dev/null +++ b/sepolicy/vendor/device.te @@ -0,0 +1,12 @@ +type custom_ab_block_device, dev_type; +type efs_boot_dev, dev_type; +type gpt_block_device, dev_type; +type limits_block_device, dev_type; +type mdtp_device, dev_type; +type modem_block_device, dev_type; +type modem_efs_partition_device, dev_type; +type persist_block_device, dev_type; +type rpmb_device, dev_type; +type ssd_block_device, dev_type; +type uefi_block_device, dev_type; +type xbl_block_device, dev_type; diff --git a/sepolicy/vendor/fastbootd.te b/sepolicy/vendor/fastbootd.te new file mode 100644 index 0000000..dcc0a18 --- /dev/null +++ b/sepolicy/vendor/fastbootd.te @@ -0,0 +1,12 @@ +recovery_only(` +allow fastbootd { + custom_ab_block_device + recovery_block_device + xbl_block_device + uefi_block_device + modem_block_device + mdtp_device +}:blk_file { rw_file_perms }; +') + +allow fastbootd tmpfs:lnk_file { getattr read }; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts new file mode 100644 index 0000000..4ea962f --- /dev/null +++ b/sepolicy/vendor/file_contexts @@ -0,0 +1,73 @@ +# UFS Devices +/dev/block/platform/soc/1d84000\.ufshc/by-name/system u:object_r:system_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/vendor u:object_r:system_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/product u:object_r:system_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/odm u:object_r:system_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/metadata u:object_r:metadata_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/boot u:object_r:boot_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/fsc u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/fsg u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/modemst1 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/modemst2 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/ssd u:object_r:ssd_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/rpm u:object_r:rpmb_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/recovery u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/cache u:object_r:cache_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/mdtp u:object_r:mdtp_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/mdm1m9kefs1 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/mdm1m9kefs2 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/mdm1m9kefs3 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/mdmddr u:object_r:efs_boot_dev:s0 + +# A/B partitions. +/dev/block/platform/soc/1d84000\.ufshc/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/aop_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/apdp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/bluetooth_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/core_nhlos_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/featenabler_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/mdtp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/multiimgqti_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/persist u:object_r:persist_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/system_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/vendor_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/product_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/odm_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/imagefv_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/multiimgoem_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/uefisecapp_[ab] u:object_r:uefi_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/recovery_[ab] u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/vbmeta_product_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/super u:object_r:super_block_device:s0 + +# Block device holding the GPT, where the A/B attributes are stored. +/dev/block/platform/soc/1d84000\.ufshc/sd[ade] u:object_r:gpt_block_device:s0 + +# Block devices for the drive that holds the xbl_a and xbl_b partitions. +/dev/block/platform/soc/1d84000\.ufshc/sd[bc] u:object_r:xbl_block_device:s0 + +# limits Partitions +/dev/block/platform/soc/1d84000\.ufshc/by-name/limits u:object_r:limits_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/limits-cdsp u:object_r:limits_block_device:s0