sdm845-common: sepolicy: Copy over public_vendor_default_prop rules from qcom sepolicy

* This addresses many denials introduced by enabling vendor and system property isolation. Change-Id: I24e04fc24be32698c7fdae4b28e90e9c20161a77
2019-02-12 15:50:09 +01:00 · 2019-02-12 15:50:09 +01:00 · 8936a7fda0
commit 8936a7fda0
parent 26cf3e0528
4 changed files with 13 additions and 0 deletions
--- a/sepolicy/private/domain.te
+++ b/sepolicy/private/domain.te
@ -0,0 +1,2 @@
 # Allow domain to get public_vendor_default_prop
 get_prop(domain, public_vendor_default_prop)
--- a/sepolicy/private/property.te
+++ b/sepolicy/private/property.te
@ -1 +1,2 @@
 type public_vendor_default_prop, property_type;
 type vendor_camera_prop, property_type;
--- a/sepolicy/private/property_contexts
+++ b/sepolicy/private/property_contexts
@ -0,0 +1,7 @@
 ro.vendor.graphics.memory             u:object_r:public_vendor_default_prop:s0
 vendor.debug.egl.changepixelformat    u:object_r:public_vendor_default_prop:s0
 vendor.debug.egl.profiler             u:object_r:public_vendor_default_prop:s0
 vendor.debug.egl.swapinterval         u:object_r:public_vendor_default_prop:s0
 vendor.debug.prerotation.disable      u:object_r:public_vendor_default_prop:s0
 vendor.debug.rs.                      u:object_r:public_vendor_default_prop:s0
 vendor.dump.gpu.output                u:object_r:public_vendor_default_prop:s0
--- a/sepolicy/private/vendor_init.te
+++ b/sepolicy/private/vendor_init.te
@ -1,2 +1,5 @@
 # Allow vendor_init to set public_vendor_default_prop
 set_prop(vendor_init, public_vendor_default_prop)
 # Allow vendor_init to set vendor_camera_prop
 set_prop(vendor_init, vendor_camera_prop)
		`@ -0,0 +1,2 @@`
							`# Allow domain to get public_vendor_default_prop`
							`get_prop(domain, public_vendor_default_prop)`
`@ -1 +1,2 @@`
		`type public_vendor_default_prop, property_type;`
	`type vendor_camera_prop, property_type;`	`type vendor_camera_prop, property_type;`