sdm845-common: Fix neverallows
Change-Id: I9a73f72b9c5c01afbaf6c2f960c7e25ca923d90c
This commit is contained in:
Luca Stefani
parent
983f553701
commit
eaa9bbce92
5 changed files with 23 additions and 7 deletions
|
|
@ -5,7 +5,7 @@ type op1_file, file_type;
|
|||
type op2_file, file_type;
|
||||
type persist_file, file_type;
|
||||
type proc_touchpanel, fs_type;
|
||||
type sysfs_livedisplay, sysfs_type, fs_type;
|
||||
type sysfs_fpc_proximity, sysfs_type, fs_type;
|
||||
type sysfs_oem, sysfs_type, fs_type;
|
||||
type sysfs_graphics, sysfs_type, fs_type;
|
||||
type sysfs_battery_supply, sysfs_type, fs_type;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/dc u:object_r:sysfs_battery_supply:s0
|
||||
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/main u:object_r:sysfs_battery_supply:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display@18/hbm u:object_r:sysfs_livedisplay:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display@18/display_mode u:object_r:sysfs_livedisplay:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display@18/hbm u:object_r:sysfs_livedisplay_tuneable:s0
|
||||
genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display@18/display_mode u:object_r:sysfs_livedisplay_tuneable:s0
|
||||
|
|
|
|||
|
|
@ -1,7 +1,20 @@
|
|||
type hal_light_sdm845, coredomain, domain;
|
||||
hal_server_domain(hal_light_sdm845, hal_light)
|
||||
|
||||
# Allow a base set of permissions required for a domain to offer a
|
||||
# HAL implementation of the specified type over HwBinder.
|
||||
typeattribute hal_light_sdm845 halserverdomain;
|
||||
typeattribute hal_light_sdm845 hal_light_server;
|
||||
|
||||
# HwBinder IPC from client to server, and callbacks
|
||||
binder_call(hal_light_client, hal_light_server)
|
||||
binder_call(hal_light_server, hal_light_client)
|
||||
|
||||
add_hwservice(hal_light_server, hal_light_hwservice)
|
||||
allow hal_light_client hal_light_hwservice:hwservice_manager find;
|
||||
|
||||
type hal_light_sdm845_exec, exec_type, file_type;
|
||||
init_daemon_domain(hal_light_sdm845)
|
||||
|
||||
allow hal_light_sdm845 sysfs_oem:file rw_file_perms;
|
||||
allow hal_light_sdm845 { sysfs_graphics sysfs_oem }:lnk_file read;
|
||||
allow hal_light_sdm845 { sysfs_graphics sysfs_oem }:file rw_file_perms;
|
||||
allow hal_light_sdm845 { sysfs_graphics sysfs_leds sysfs_oem }:dir r_dir_perms;
|
||||
|
|
|
|||
|
|
@ -5,4 +5,7 @@ allow init vendor_file:file mounton;
|
|||
allow init vendor_configs_file:file mounton;
|
||||
|
||||
# Allow init to chown/chmod on pseudo files in /sys
|
||||
allow init sysfs_type:file { open read setattr };
|
||||
allow init {
|
||||
sysfs_fpc_proximity
|
||||
sysfs_graphics
|
||||
}:file { open read setattr };
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
# Allow access to LiveDisplay tuning nodes
|
||||
allow system_server sysfs_livedisplay:file rw_file_perms;
|
||||
allow system_server sysfs_livedisplay_tuneable:file rw_file_perms;
|
||||
|
|
|
|||
Loading…
Reference in a new issue