From f9c9767e3b839638ac20bd0c68cbfd532b304527 Mon Sep 17 00:00:00 2001 From: LuK1337 Date: Tue, 5 Jan 2021 20:04:57 +0100 Subject: [PATCH] sm8250-common: sepolicy: Initial vendor sepolicy Change-Id: I28ae7907209b5aae9806466556dc49639dd7c9e4 --- sepolicy/vendor/attributes | 20 ++++ sepolicy/vendor/cameraserver.te | 1 + sepolicy/vendor/dashd.te | 12 ++ sepolicy/vendor/device.te | 18 +++ sepolicy/vendor/domain.te | 1 + sepolicy/vendor/file.te | 23 ++++ sepolicy/vendor/file_contexts | 105 ++++++++++++++++++ sepolicy/vendor/genfs_contexts | 91 +++++++++++++++ sepolicy/vendor/hal_bluetooth_default.te | 3 + sepolicy/vendor/hal_cameraHIDL.te | 4 + sepolicy/vendor/hal_cameraHIDL_default.te | 22 ++++ sepolicy/vendor/hal_camera_default.te | 22 ++++ sepolicy/vendor/hal_display.te | 4 + sepolicy/vendor/hal_display_default.te | 18 +++ sepolicy/vendor/hal_display_iris.te | 4 + sepolicy/vendor/hal_fingerprint_device.te | 19 ++++ .../vendor/hal_graphics_composer_default.te | 10 ++ sepolicy/vendor/hal_hdcpkey.te | 4 + sepolicy/vendor/hal_hdcpkey_default.te | 7 ++ sepolicy/vendor/hal_lineage_fod_default.te | 10 ++ .../vendor/hal_lineage_livedisplay_qti.te | 8 ++ .../vendor/hal_lineage_powershare_default.te | 2 + sepolicy/vendor/hal_lineage_touch_default.te | 2 + sepolicy/vendor/hal_nfc_default.te | 2 + sepolicy/vendor/hal_param.te | 4 + sepolicy/vendor/hal_param_default.te | 18 +++ sepolicy/vendor/hal_power_default.te | 2 + sepolicy/vendor/hwservice.te | 5 + sepolicy/vendor/hwservice_contexts | 10 ++ sepolicy/vendor/init.te | 1 + sepolicy/vendor/kernel.te | 2 + sepolicy/vendor/opf.te | 11 ++ sepolicy/vendor/property.te | 11 ++ sepolicy/vendor/property_contexts | 51 +++++++++ sepolicy/vendor/rild.te | 15 +++ .../vendor/vendor_init-qcom-sensors-sh.te | 2 + sepolicy/vendor/vendor_init.te | 14 +++ sepolicy/vendor/vendor_mdm_helper.te | 1 + sepolicy/vendor/vendor_qti_init_shell.te | 26 +++++ sepolicy/vendor/wlchgd.te | 3 + 40 files changed, 588 insertions(+) create mode 100644 sepolicy/vendor/attributes create mode 100644 sepolicy/vendor/cameraserver.te create mode 100644 sepolicy/vendor/device.te create mode 100644 sepolicy/vendor/domain.te create mode 100644 sepolicy/vendor/file.te create mode 100644 sepolicy/vendor/file_contexts create mode 100644 sepolicy/vendor/genfs_contexts create mode 100644 sepolicy/vendor/hal_bluetooth_default.te create mode 100644 sepolicy/vendor/hal_cameraHIDL.te create mode 100644 sepolicy/vendor/hal_cameraHIDL_default.te create mode 100644 sepolicy/vendor/hal_camera_default.te create mode 100644 sepolicy/vendor/hal_display.te create mode 100644 sepolicy/vendor/hal_display_default.te create mode 100644 sepolicy/vendor/hal_display_iris.te create mode 100644 sepolicy/vendor/hal_fingerprint_device.te create mode 100644 sepolicy/vendor/hal_graphics_composer_default.te create mode 100644 sepolicy/vendor/hal_hdcpkey.te create mode 100644 sepolicy/vendor/hal_hdcpkey_default.te create mode 100644 sepolicy/vendor/hal_lineage_fod_default.te create mode 100644 sepolicy/vendor/hal_lineage_livedisplay_qti.te create mode 100644 sepolicy/vendor/hal_lineage_powershare_default.te create mode 100644 sepolicy/vendor/hal_lineage_touch_default.te create mode 100644 sepolicy/vendor/hal_nfc_default.te create mode 100644 sepolicy/vendor/hal_param.te create mode 100644 sepolicy/vendor/hal_param_default.te create mode 100644 sepolicy/vendor/hal_power_default.te create mode 100644 sepolicy/vendor/hwservice.te create mode 100644 sepolicy/vendor/hwservice_contexts create mode 100644 sepolicy/vendor/init.te create mode 100644 sepolicy/vendor/kernel.te create mode 100644 sepolicy/vendor/opf.te create mode 100644 sepolicy/vendor/property.te create mode 100644 sepolicy/vendor/property_contexts create mode 100644 sepolicy/vendor/rild.te create mode 100644 sepolicy/vendor/vendor_init-qcom-sensors-sh.te create mode 100644 sepolicy/vendor/vendor_init.te create mode 100644 sepolicy/vendor/vendor_mdm_helper.te create mode 100644 sepolicy/vendor/vendor_qti_init_shell.te diff --git a/sepolicy/vendor/attributes b/sepolicy/vendor/attributes new file mode 100644 index 0000000..cb3186c --- /dev/null +++ b/sepolicy/vendor/attributes @@ -0,0 +1,20 @@ +# HALs +attribute hal_cameraHIDL; +attribute hal_cameraHIDL_client; +attribute hal_cameraHIDL_server; + +attribute hal_display; +attribute hal_display_client; +attribute hal_display_server; + +attribute hal_display_iris; +attribute hal_display_iris_client; +attribute hal_display_iris_server; + +attribute hal_hdcpkey; +attribute hal_hdcpkey_client; +attribute hal_hdcpkey_server; + +attribute hal_param; +attribute hal_param_client; +attribute hal_param_server; diff --git a/sepolicy/vendor/cameraserver.te b/sepolicy/vendor/cameraserver.te new file mode 100644 index 0000000..08b17e0 --- /dev/null +++ b/sepolicy/vendor/cameraserver.te @@ -0,0 +1 @@ +binder_call(cameraserver, hal_cameraHIDL_default) diff --git a/sepolicy/vendor/dashd.te b/sepolicy/vendor/dashd.te index 80fc0ba..1e8c01f 100644 --- a/sepolicy/vendor/dashd.te +++ b/sepolicy/vendor/dashd.te @@ -2,3 +2,15 @@ type dashd, domain; type dashd_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(dashd) + +allow dashd vendor_sysfs_battery_supply:file w_file_perms; +allow dashd vendor_sysfs_usb_supply:file w_file_perms; + +allow dashd proc_cmdline:file r_file_perms; + +allow dashd dash_device:chr_file rw_file_perms; +allow dashd kmsg_device:chr_file rw_file_perms; + +r_dir_file(dashd, vendor_sysfs_battery_supply) +r_dir_file(dashd, vendor_sysfs_usb_supply) +r_dir_file(dashd, sysfs_dash_charger) diff --git a/sepolicy/vendor/device.te b/sepolicy/vendor/device.te new file mode 100644 index 0000000..8fb72b0 --- /dev/null +++ b/sepolicy/vendor/device.te @@ -0,0 +1,18 @@ +type backuprestore_socket, dev_type; +type byte_cntr_device, dev_type; +type dash_device, dev_type; +type fingerprintd_device, dev_type; +type fragment_monitor_device, dev_type; +type memplus_device, dev_type; +type oemlogkit_socket, dev_type; +type op1_block_device, dev_type; +type op2_block_device, dev_type; +type param_block_device, dev_type; +type param_device, dev_type; +type ramboost_socket, dev_type; +type reserve1_block_device, dev_type; +type reserve2_block_device, dev_type; +type therm_device, dev_type; +type vendor_rawdump_block_device, dev_type; +type vl53l1_device, dev_type; +type wlchg_device, dev_type; diff --git a/sepolicy/vendor/domain.te b/sepolicy/vendor/domain.te new file mode 100644 index 0000000..6d7bdfb --- /dev/null +++ b/sepolicy/vendor/domain.te @@ -0,0 +1 @@ +allow domain opf_file:file r_file_perms; diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te new file mode 100644 index 0000000..799d7cb --- /dev/null +++ b/sepolicy/vendor/file.te @@ -0,0 +1,23 @@ +# files +type oem_file, file_type; +type op1_file, file_type; +type op2_file, file_type; +type opf_file, file_type; + +# procfs +type proc_direct_swappiness, fs_type, proc_type; +type proc_swappiness, fs_type, proc_type; +type proc_touchpanel, fs_type, proc_type; +type proc_watermark_boost_factor, fs_type, proc_type; +type procfs_oem_wireless, fs_type, proc_type; + +# sysfs +type sysfs_dash_charger, fs_type, proc_type, sysfs_type; +type sysfs_dbg, fs_type, sysfs_type; +type sysfs_fod, fs_type, sysfs_type; +type sysfs_fsc, fs_type, sysfs_type; +type sysfs_fuse, fs_type, sysfs_type; +type sysfs_memplus, fs_type, sysfs_type; +type sysfs_project_info, fs_type, sysfs_type; +type sysfs_tpd, fs_type, sysfs_type; +type vendor_sysfs_video_call_on, fs_type, sysfs_type; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts new file mode 100644 index 0000000..4477900 --- /dev/null +++ b/sepolicy/vendor/file_contexts @@ -0,0 +1,105 @@ +# Binaries +/(vendor|system/vendor)/bin/dashd u:object_r:dashd_exec:s0 +/(vendor|system/vendor)/bin/opf-service u:object_r:opf_exec:s0 +/(vendor|system/vendor)/bin/wlchgd u:object_r:wlchgd_exec:s0 + +# Block devices +/dev/block/platform/soc/1d84000.ufshc/by-name/config u:object_r:frp_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/fw_ufs1_[ab] u:object_r:vendor_custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/fw_ufs2_[ab] u:object_r:vendor_custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/logo_[ab] u:object_r:vendor_custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/mdm1oemnvbktmp u:object_r:vendor_efs_boot_dev:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/mdm_oem_dycnvbk u:object_r:vendor_efs_boot_dev:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/mdm_oem_stanvbk u:object_r:vendor_efs_boot_dev:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/oem_cust1_[ab] u:object_r:vendor_custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/oem_cust2_[ab] u:object_r:vendor_custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/oem_dycnvbk u:object_r:vendor_modem_efs_partition_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/oem_stanvbk u:object_r:vendor_modem_efs_partition_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/op1 u:object_r:op1_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/op2 u:object_r:op2_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/opproduct_[ab] u:object_r:vendor_custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/param u:object_r:param_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/rawdump u:object_r:vendor_rawdump_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/reserve1 u:object_r:reserve1_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/reserve2 u:object_r:reserve2_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/spunvm u:object_r:vendor_efs_boot_dev:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/storsec_[ab] u:object_r:vendor_custom_ab_block_device:s0 + +# Data files +#/data/fpc_images(/.*)? u:object_r:fpc_images_file:s0 +#/data/vendor/oemnvitems/4678_0 u:object_r:wifi_nv_data_file:s0 +#/data/vendor/oemnvitems/4678_1 u:object_r:wifi_nv_data_file:s0 + +# Devices +/dev/byte-cntr u:object_r:byte_cntr_device:s0 +/dev/cc_ctl u:object_r:graphics_device:s0 +/dev/dash u:object_r:dash_device:s0 +/dev/fragment_monitor u:object_r:fragment_monitor_device:s0 +/dev/goodix_fp u:object_r:fingerprintd_device:s0 +/dev/ht_ctl u:object_r:graphics_device:s0 +/dev/memplus u:object_r:memplus_device:s0 +/dev/mmw0_thermal u:object_r:therm_device:s0 +/dev/mmw1_thermal u:object_r:therm_device:s0 +/dev/mmw2_thermal u:object_r:therm_device:s0 +/dev/opfeature u:object_r:opf_file:s0 +/dev/param u:object_r:param_device:s0 +/dev/skin_thermal u:object_r:therm_device:s0 +/dev/stmvl53l1_ranging u:object_r:vl53l1_device:s0 +/dev/wlchg u:object_r:wlchg_device:s0 + +# HALs +/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.oneplus_kona u:object_r:hal_fingerprint_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.lineage\.biometrics\.fingerprint\.inscreen@1\.0-service\.oneplus_kona u:object_r:hal_lineage_fod_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service\.oneplus_kona u:object_r:hal_lineage_livedisplay_qti_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.lineage\.powershare@1\.0-service\.oneplus_kona u:object_r:hal_lineage_powershare_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.oneplus_kona u:object_r:hal_lineage_touch_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.camera@1\.0-service u:object_r:hal_cameraHIDL_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.CameraMDMHIDL@1\.0-service u:object_r:hal_cameraHIDL_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.display@1\.0-service u:object_r:hal_display_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.hdcpkey@1\.0-service u:object_r:hal_hdcpkey_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.param@1\.0-service u:object_r:hal_param_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.pixelworks\.hardware\.display\.iris-service u:object_r:hal_graphics_composer_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.pixelworks\.hardware\.feature\.irisfeature-service u:object_r:hal_graphics_composer_default_exec:s0 + +# OP1, OP2 files +/mnt/vendor/op1(/.*)? u:object_r:op1_file:s0 +/mnt/vendor/op2(/.*)? u:object_r:op2_file:s0 + +# Persist files +/mnt/vendor/persist u:object_r:vendor_data_file:s0 +/mnt/vendor/persist/camera(/.*)? u:object_r:oem_file:s0 +/mnt/vendor/persist/camera_ae_sync(/.*)? u:object_r:oem_file:s0 +/mnt/vendor/persist/dual_camera_calibration(/.*)? u:object_r:oem_file:s0 +/mnt/vendor/persist/engineermode(/.*)? u:object_r:oem_file:s0 +/mnt/vendor/persist/OPDiagnose(/.*)? u:object_r:oem_file:s0 + +# Socket files +/dev/socket/backuprestore u:object_r:backuprestore_socket:s0 +/dev/socket/oemlogkit u:object_r:oemlogkit_socket:s0 +/dev/socket/ramboost u:object_r:ramboost_socket:s0 + +# Sys files +/sys/module/fsc(/.*)? u:object_r:sysfs_fsc:s0 +/sys/module/fuse(/.*)? u:object_r:sysfs_fuse:s0 +/sys/module/proc(/.*)? u:object_r:sysfs_dbg:s0 +/sys/module/tpd(/.*)? u:object_r:sysfs_tpd:s0 +/sys/project_info(/.*)? u:object_r:sysfs_project_info:s0 + +# Sys files (wakeup) +/sys/devices/platform/soc/c440000\.qcom,spmi/spmi-0/spmi0-00/c440000\.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/rtc/rtc0/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/platform/soc/soc:oneplus_wlchg/power_supply/wireless/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/diag/diag/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_aac/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_alac/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_amrnb/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_amrwb/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_amrwbplus/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_ape/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_evrc/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_g711alaw/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_g711mlaw/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_mp3/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_multi_aac/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_qcelp/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_wma/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 +/sys/devices/virtual/misc/msm_wmapro/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts new file mode 100644 index 0000000..11b8200 --- /dev/null +++ b/sepolicy/vendor/genfs_contexts @@ -0,0 +1,91 @@ +# procfs +genfscon proc /dash_4300_4p45_exit u:object_r:sysfs_dash_charger:s0 +genfscon proc /dash_4320_4p45_exit u:object_r:sysfs_dash_charger:s0 +genfscon proc /dash_4510_4p45_exit u:object_r:sysfs_dash_charger:s0 +genfscon proc /dash_firmware_ok u:object_r:sysfs_dash_charger:s0 +genfscon proc /enhance_dash u:object_r:sysfs_dash_charger:s0 +genfscon proc /n76e_exit u:object_r:sysfs_dash_charger:s0 +genfscon proc /ship_mode u:object_r:sysfs_dash_charger:s0 +genfscon proc /skin_temp_thrd/fastchg_lcdoff_thd u:object_r:procfs_oem_wireless:s0 +genfscon proc /skin_temp_thrd/fastchg_thd u:object_r:procfs_oem_wireless:s0 +genfscon proc /skin_temp_thrd/norchg_lcdoff_thd u:object_r:procfs_oem_wireless:s0 +genfscon proc /skin_temp_thrd/norchg_thd u:object_r:procfs_oem_wireless:s0 +genfscon proc /swarp_chg_exist u:object_r:sysfs_dash_charger:s0 +genfscon proc /touchpanel u:object_r:proc_touchpanel:s0 +genfscon proc /warp_chg_exit u:object_r:sysfs_dash_charger:s0 +genfscon proc /wireless/charge_pump_en u:object_r:procfs_oem_wireless:s0 +genfscon proc /wireless/current_out u:object_r:procfs_oem_wireless:s0 +genfscon proc /wireless/deviated u:object_r:procfs_oem_wireless:s0 +genfscon proc /wireless/enable_rx u:object_r:procfs_oem_wireless:s0 +genfscon proc /wireless/enable_tx u:object_r:procfs_oem_wireless:s0 +genfscon proc /wireless/epp_or_bpp u:object_r:procfs_oem_wireless:s0 +genfscon proc /wireless/fast_skin_threld u:object_r:procfs_oem_wireless:s0 +genfscon proc /wireless/ftm_mode u:object_r:procfs_oem_wireless:s0 +genfscon proc /wireless/ftm_test u:object_r:procfs_oem_wireless:s0 +genfscon proc /wireless/quiet_mode u:object_r:procfs_oem_wireless:s0 +genfscon proc /wireless/rx_voltage u:object_r:procfs_oem_wireless:s0 + +# sysfs +genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-3/3-005a/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/DCI_P3 u:object_r:sysfs_livedisplay_tuneable:s0 +genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/dim_alpha u:object_r:sysfs_fod:s0 +genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/hbm u:object_r:sysfs_livedisplay_tuneable:s0 +genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_loading_effect_mode u:object_r:sysfs_livedisplay_tuneable:s0 +genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_p3_mode u:object_r:sysfs_livedisplay_tuneable:s0 +genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_srgb_color_mode u:object_r:sysfs_livedisplay_tuneable:s0 +genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_wide_color_mode u:object_r:sysfs_livedisplay_tuneable:s0 +genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/night_mode u:object_r:sysfs_livedisplay_tuneable:s0 +genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_dim u:object_r:sysfs_fod:s0 +genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_fppress u:object_r:sysfs_fod:s0 +genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/op_friginer_print_hbm u:object_r:sysfs_fod:s0 +genfscon sysfs /devices/platform/soc/soc:oneplus_wlchg/power_supply/wireless u:object_r:vendor_sysfs_battery_supply:s0 +genfscon sysfs /module/memplus_core/parameters u:object_r:sysfs_memplus:s0 +genfscon sysfs /module/qpnp_smb5/parameters/call_on u:object_r:sysfs_dash_charger:s0 +genfscon sysfs /module/qpnp_smb5/parameters/video_call_on u:object_r:vendor_sysfs_video_call_on:s0 + +# sysfs (wakeup) +genfscon sysfs /devices/0306_02.01.00/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/17300000.qcom,lpass/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/188101c.qcom,spss/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/1c00000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/1101_00.01.00/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/1c00000.qcom,pcie/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/1c10000.qcom,pcie/pci0002:00/0002:00:00.0/0002:01:00.0/0306_02.01.00_EFS/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/1c10000.qcom,pcie/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/1e00000.qcom,ipa/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/5c00000.qcom,ssc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/8300000.qcom,turing/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/888000.i2c/i2c-8/8-0026/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/888000.i2c/i2c-8/8-0055/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/888000.i2c/i2c-8/8-0055/wakeup/wakeup44 u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/9800000.qcom,npu/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/984000.i2c/i2c-5/5-0018/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/984000.i2c/i2c-5/5-0019/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/984000.i2c/i2c-5/5-0028/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/994000.i2c/i2c-7/7-003b/994000.i2c:op,wlchg_rx@3b:idt,p9415/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/994000.i2c/i2c-7/7-0066/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/998000.qcom,qup_uart/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-3/3-005a/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/a94000.i2c/i2c-4/4-0048/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/aab0000.qcom,venus/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/abb0000.qcom,cvpss/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6390/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qpnp,fg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm8150l@4:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-08/c440000.qcom,spmi:qcom,pmxprairie@8:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:goodix_fp/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:gpio_keys/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:oem_rf_cable/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:oneplus_wlchg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,ipa_uc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,msm-audio-apr/soc:qcom,msm-audio-apr:qcom,q6core-audio/soc:qcom,msm-audio-apr:qcom,q6core-audio:bolero-cdc/rx-macro/rx_swr_ctrl/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,msm-audio-apr/soc:qcom,msm-audio-apr:qcom,q6core-audio/soc:qcom,msm-audio-apr:qcom,q6core-audio:bolero-cdc/tx-macro/tx_swr_ctrl/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-adsp/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-cdsp/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-dsps/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-npu/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,smp2p_sleepstate/wakeup u:object_r:sysfs_wakeup:s0 diff --git a/sepolicy/vendor/hal_bluetooth_default.te b/sepolicy/vendor/hal_bluetooth_default.te new file mode 100644 index 0000000..6bdf685 --- /dev/null +++ b/sepolicy/vendor/hal_bluetooth_default.te @@ -0,0 +1,3 @@ +allow hal_bluetooth_default vendor_data_file:file r_file_perms; + +allow hal_bluetooth_default vendor_diag_device:chr_file rw_file_perms; diff --git a/sepolicy/vendor/hal_cameraHIDL.te b/sepolicy/vendor/hal_cameraHIDL.te new file mode 100644 index 0000000..fc6f13c --- /dev/null +++ b/sepolicy/vendor/hal_cameraHIDL.te @@ -0,0 +1,4 @@ +binder_call(hal_cameraHIDL_client, hal_cameraHIDL_server) +binder_call(hal_cameraHIDL_server, hal_cameraHIDL_client) + +hal_attribute_hwservice(hal_cameraHIDL, hal_cameraHIDL_hwservice) diff --git a/sepolicy/vendor/hal_cameraHIDL_default.te b/sepolicy/vendor/hal_cameraHIDL_default.te new file mode 100644 index 0000000..2f5dd6d --- /dev/null +++ b/sepolicy/vendor/hal_cameraHIDL_default.te @@ -0,0 +1,22 @@ +type hal_cameraHIDL_default, domain; +hal_server_domain(hal_cameraHIDL_default, hal_cameraHIDL) + +type hal_cameraHIDL_default_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_cameraHIDL_default) + +add_hwservice(hal_cameraHIDL_default, hal_cameraHIDL_hwservice) + +hwbinder_use(hal_cameraHIDL_default) + +binder_call(hal_cameraHIDL_default, vendor_hal_perf_default) + +allow hal_cameraHIDL_default vendor_hal_perf_hwservice:hwservice_manager find; + +allow hal_cameraHIDL_default ion_device:chr_file r_file_perms; +allow hal_cameraHIDL_default tee_device:chr_file rw_file_perms; + +allow hal_cameraHIDL_default vendor_camera_data_file:dir create_dir_perms; + +r_dir_file(hal_cameraHIDL_default, firmware_file) + +get_prop(hal_cameraHIDL_default, hwservicemanager_prop) diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te new file mode 100644 index 0000000..35487cc --- /dev/null +++ b/sepolicy/vendor/hal_camera_default.te @@ -0,0 +1,22 @@ +hal_client_domain(hal_camera_default, hal_cameraHIDL) + +allow hal_camera_default mnt_vendor_file:dir w_dir_perms; +allow hal_camera_default mnt_vendor_file:file create_file_perms; + +allow hal_camera_default oem_file:dir w_dir_perms; +allow hal_camera_default oem_file:file create_file_perms; + +allow hal_camera_default vendor_persist_file:dir w_dir_perms; +allow hal_camera_default vendor_persist_file:file create_file_perms; + +allow hal_camera_default input_device:dir r_dir_perms; +allow hal_camera_default input_device:chr_file r_file_perms; + +allow hal_camera_default vl53l1_device:chr_file rw_file_perms; + +allow hal_camera_default proc_meminfo:file r_file_perms; +allow hal_camera_default vendor_sysfs_video_call_on:file rw_file_perms; + +get_prop(hal_camera_default, ctl_default_prop) +get_prop(hal_camera_default, vendor_db_security_prop) +get_prop(hal_camera_default, vendor_mmi_prop) diff --git a/sepolicy/vendor/hal_display.te b/sepolicy/vendor/hal_display.te new file mode 100644 index 0000000..f9f233d --- /dev/null +++ b/sepolicy/vendor/hal_display.te @@ -0,0 +1,4 @@ +binder_call(hal_display_client, hal_display_server) +binder_call(hal_display_server, hal_display_client) + +hal_attribute_hwservice(hal_display, hal_display_hwservice) diff --git a/sepolicy/vendor/hal_display_default.te b/sepolicy/vendor/hal_display_default.te new file mode 100644 index 0000000..1dc242b --- /dev/null +++ b/sepolicy/vendor/hal_display_default.te @@ -0,0 +1,18 @@ +type hal_display_default, domain; +hal_server_domain(hal_display_default, hal_display) + +type hal_display_default_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_display_default) + +add_hwservice(hal_display_default, hal_display_hwservice) + +hwbinder_use(hal_display_default) + +binder_call(hal_display_default, vendor_hal_display_color) + +allow hal_display_default vendor_hal_display_postproc_hwservice:hwservice_manager find; + +allow hal_display_default sysfs:file rw_file_perms; +allow hal_display_default sysfs_fod:file rw_file_perms; + +get_prop(hal_display_default, hwservicemanager_prop) diff --git a/sepolicy/vendor/hal_display_iris.te b/sepolicy/vendor/hal_display_iris.te new file mode 100644 index 0000000..5f95ce6 --- /dev/null +++ b/sepolicy/vendor/hal_display_iris.te @@ -0,0 +1,4 @@ +binder_call(hal_display_iris_client, hal_display_iris_server) +binder_call(hal_display_iris_server, hal_display_iris_client) + +hal_attribute_hwservice(hal_display_iris, hal_display_iris_hwservice) diff --git a/sepolicy/vendor/hal_fingerprint_device.te b/sepolicy/vendor/hal_fingerprint_device.te new file mode 100644 index 0000000..1d207b5 --- /dev/null +++ b/sepolicy/vendor/hal_fingerprint_device.te @@ -0,0 +1,19 @@ +allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl; + +binder_call(hal_fingerprint_default, hal_perf_default) + +allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find; + +allow hal_fingerprint_default fingerprintd_device:chr_file rw_file_perms; +allow hal_fingerprint_default tee_device:chr_file rw_file_perms; +allow hal_fingerprint_default vendor_qdsp_device:chr_file rw_file_perms; +allow hal_fingerprint_default vendor_xdsp_device:chr_file rw_file_perms; + +allow hal_fingerprint_default proc_touchpanel:dir search; +allow hal_fingerprint_default proc_touchpanel:file rw_file_perms; + +allow hal_fingerprint_default sysfs_fod:file rw_file_perms; + +get_prop(hal_fingerprint_default, vendor_adsprpc_prop) +get_prop(hal_fingerprint_default, vendor_default_prop) +set_prop(hal_fingerprint_default, vendor_fingerprint_prop) diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te new file mode 100644 index 0000000..b9d1e69 --- /dev/null +++ b/sepolicy/vendor/hal_graphics_composer_default.te @@ -0,0 +1,10 @@ +hal_client_domain(hal_graphics_composer_default, hal_display_iris) +hal_server_domain(hal_graphics_composer_default, hal_display_iris) + +add_hwservice(hal_graphics_composer_default, hal_display_iris_hwservice) + +allow hal_graphics_composer_default vendor_persist_file:file rw_file_perms; + +allow hal_graphics_composer_default sysfs_devices_system_cpu:file rw_file_perms; + +allow hal_graphics_composer_default vendor_diag_device:chr_file rw_file_perms; diff --git a/sepolicy/vendor/hal_hdcpkey.te b/sepolicy/vendor/hal_hdcpkey.te new file mode 100644 index 0000000..0d3ca18 --- /dev/null +++ b/sepolicy/vendor/hal_hdcpkey.te @@ -0,0 +1,4 @@ +binder_call(hal_hdcpkey_client, hal_hdcpkey_server) +binder_call(hal_hdcpkey_server, hal_hdcpkey_client) + +hal_attribute_hwservice(hal_hdcpkey, hal_hdcpkey_hwservice) diff --git a/sepolicy/vendor/hal_hdcpkey_default.te b/sepolicy/vendor/hal_hdcpkey_default.te new file mode 100644 index 0000000..6e5f6a3 --- /dev/null +++ b/sepolicy/vendor/hal_hdcpkey_default.te @@ -0,0 +1,7 @@ +type hal_hdcpkey_default, domain; +hal_server_domain(hal_hdcpkey_default, hal_hdcpkey) + +type hal_hdcpkey_default_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_hdcpkey_default) + +allow hal_hdcpkey_default param_block_device:blk_file rw_file_perms; diff --git a/sepolicy/vendor/hal_lineage_fod_default.te b/sepolicy/vendor/hal_lineage_fod_default.te new file mode 100644 index 0000000..27a4bef --- /dev/null +++ b/sepolicy/vendor/hal_lineage_fod_default.te @@ -0,0 +1,10 @@ +hal_client_domain(hal_lineage_fod_default, hal_display) +hal_client_domain(hal_lineage_fod_default, hal_fingerprint) + +#binder_call(hal_lineage_fod_default, hal_display_default) +#binder_call(hal_lineage_fod_default, hal_fingerprint) + +#allow hal_lineage_fod_default hal_display_hwservice:hwservice_manager find; +#allow hal_lineage_fod_default hal_fingerprint_hwservice:hwservice_manager find; + +allow hal_lineage_fod_default sysfs_fod:file rw_file_perms; diff --git a/sepolicy/vendor/hal_lineage_livedisplay_qti.te b/sepolicy/vendor/hal_lineage_livedisplay_qti.te new file mode 100644 index 0000000..d804951 --- /dev/null +++ b/sepolicy/vendor/hal_lineage_livedisplay_qti.te @@ -0,0 +1,8 @@ +allow hal_lineage_livedisplay_qti vendor_display_vendor_data_file:dir rw_dir_perms; +allow hal_lineage_livedisplay_qti vendor_display_vendor_data_file:file create_file_perms; + +allow hal_lineage_livedisplay_qti sysfs_graphics:dir r_dir_perms; +allow hal_lineage_livedisplay_qti sysfs_fod:file rw_file_perms; +allow hal_lineage_livedisplay_qti sysfs_livedisplay_tuneable:file rw_file_perms; + +set_prop(hal_lineage_livedisplay_qti, vendor_display_prop) diff --git a/sepolicy/vendor/hal_lineage_powershare_default.te b/sepolicy/vendor/hal_lineage_powershare_default.te new file mode 100644 index 0000000..3194416 --- /dev/null +++ b/sepolicy/vendor/hal_lineage_powershare_default.te @@ -0,0 +1,2 @@ +allow hal_lineage_powershare_default procfs_oem_wireless:dir search; +allow hal_lineage_powershare_default procfs_oem_wireless:file rw_file_perms; diff --git a/sepolicy/vendor/hal_lineage_touch_default.te b/sepolicy/vendor/hal_lineage_touch_default.te new file mode 100644 index 0000000..2782309 --- /dev/null +++ b/sepolicy/vendor/hal_lineage_touch_default.te @@ -0,0 +1,2 @@ +allow hal_lineage_touch_default proc_touchpanel:dir search; +allow hal_lineage_touch_default proc_touchpanel:file rw_file_perms; diff --git a/sepolicy/vendor/hal_nfc_default.te b/sepolicy/vendor/hal_nfc_default.te new file mode 100644 index 0000000..9486137 --- /dev/null +++ b/sepolicy/vendor/hal_nfc_default.te @@ -0,0 +1,2 @@ +allow hal_nfc_default vendor_nfc_vendor_data_file:dir create_dir_perms; +allow hal_nfc_default vendor_nfc_vendor_data_file:file create_file_perms; diff --git a/sepolicy/vendor/hal_param.te b/sepolicy/vendor/hal_param.te new file mode 100644 index 0000000..27a3543 --- /dev/null +++ b/sepolicy/vendor/hal_param.te @@ -0,0 +1,4 @@ +binder_call(hal_param_client, hal_param_server) +binder_call(hal_param_server, hal_param_client) + +hal_attribute_hwservice(hal_param, hal_param_hwservice) diff --git a/sepolicy/vendor/hal_param_default.te b/sepolicy/vendor/hal_param_default.te new file mode 100644 index 0000000..ea77c46 --- /dev/null +++ b/sepolicy/vendor/hal_param_default.te @@ -0,0 +1,18 @@ +type hal_param_default, domain; +hal_server_domain(hal_param_default, hal_param) + +type hal_param_default_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_param_default) + +allow hal_param_default self:qipcrtr_socket create_socket_perms_no_ioctl; + +allow hal_param_default block_device:dir search; + +allow hal_param_default param_block_device:blk_file rw_file_perms; + +allow hal_param_default param_device:chr_file rw_file_perms; + +r_dir_file(hal_param_default, sysfs_project_info) + +get_prop(hal_param_default, exported_default_prop) +get_prop(hal_param_default, exported2_default_prop) diff --git a/sepolicy/vendor/hal_power_default.te b/sepolicy/vendor/hal_power_default.te new file mode 100644 index 0000000..63b5b0f --- /dev/null +++ b/sepolicy/vendor/hal_power_default.te @@ -0,0 +1,2 @@ +allow hal_power_default proc_touchpanel:dir search; +allow hal_power_default proc_touchpanel:file rw_file_perms; diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te new file mode 100644 index 0000000..ae955d7 --- /dev/null +++ b/sepolicy/vendor/hwservice.te @@ -0,0 +1,5 @@ +type hal_cameraHIDL_hwservice, hwservice_manager_type; +type hal_display_hwservice, hwservice_manager_type; +type hal_display_iris_hwservice, hwservice_manager_type; +type hal_hdcpkey_hwservice, hwservice_manager_type; +type hal_param_hwservice, hwservice_manager_type; diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts new file mode 100644 index 0000000..038141a --- /dev/null +++ b/sepolicy/vendor/hwservice_contexts @@ -0,0 +1,10 @@ +vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_hwservice:s0 +vendor.oneplus.camera.CameraHIDL::IOnePlusCameraProvider u:object_r:hal_cameraHIDL_hwservice:s0 +vendor.oneplus.fingerprint.extension::IVendorFingerprintExtensions u:object_r:hal_fingerprint_hwservice:s0 +vendor.oneplus.hardware.camera::IOnePlusCameraProvider u:object_r:hal_cameraHIDL_hwservice:s0 +vendor.oneplus.hardware.CameraMDMHIDL::IOnePlusCameraMDM u:object_r:hal_cameraHIDL_hwservice:s0 +vendor.oneplus.hardware.display::IOneplusDisplay u:object_r:hal_display_hwservice:s0 +vendor.oneplus.hardware.hdcpkey::IOneplusHdcpKey u:object_r:hal_hdcpkey_hwservice:s0 +vendor.oneplus.hardware.param::IOneplusParam u:object_r:hal_param_hwservice:s0 +vendor.pixelworks.hardware.display::IIris u:object_r:hal_display_iris_hwservice:s0 +vendor.pixelworks.hardware.feature::IIrisFeature u:object_r:hal_display_iris_hwservice:s0 diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te new file mode 100644 index 0000000..88a2cbf --- /dev/null +++ b/sepolicy/vendor/init.te @@ -0,0 +1 @@ +allow hal_hdcpkey_default param_block_device:blk_file rw_file_perms; diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te new file mode 100644 index 0000000..03ad952 --- /dev/null +++ b/sepolicy/vendor/kernel.te @@ -0,0 +1,2 @@ +allow kernel param_block_device:dir search; +allow kernel param_block_device:blk_file rw_file_perms; diff --git a/sepolicy/vendor/opf.te b/sepolicy/vendor/opf.te new file mode 100644 index 0000000..07f319d --- /dev/null +++ b/sepolicy/vendor/opf.te @@ -0,0 +1,11 @@ +type opf, domain; +type opf_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(opf) + +type_transition opf device:file opf_file; + +allow opf device:dir create_dir_perms; +allow opf device:file create_file_perms; + +allow opf opf_file:file create_file_perms; diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te new file mode 100644 index 0000000..c96f389 --- /dev/null +++ b/sepolicy/vendor/property.te @@ -0,0 +1,11 @@ +type vendor_cwb_prop, property_type; +type vendor_db_security_prop, property_type; +type vendor_fingerprint_prop, property_type; +type vendor_gps_prop, property_type; +type vendor_memplus_prop, property_type; +type vendor_nfc_prop, property_type; +type vendor_oem_bluetooth_prop, property_type; +type vendor_oem_wifi_prop, property_type; +type vendor_rild_prop, property_type; +type vendor_set_wlan_prop, property_type; +type vendor_shell_prop, property_type; diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts new file mode 100644 index 0000000..3e8b219 --- /dev/null +++ b/sepolicy/vendor/property_contexts @@ -0,0 +1,51 @@ +persist.vendor.bluetooth.a2dp. u:object_r:vendor_bluetooth_prop:s0 +persist.vendor.bluetooth.bt.uart.log u:object_r:vendor_oem_bluetooth_prop:s0 +persist.vendor.cwb.debug u:object_r:vendor_cwb_prop:s0 +persist.vendor.cwb.dump u:object_r:vendor_cwb_prop:s0 +persist.vendor.ese. u:object_r:vendor_nfc_prop:s0 +persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0 +persist.vendor.oem.bt.debug u:object_r:vendor_oem_bluetooth_prop:s0 +persist.vendor.oem.btenhanced.debug u:object_r:vendor_oem_bluetooth_prop:s0 +persist.vendor.oem.btsnoop.debug u:object_r:vendor_oem_bluetooth_prop:s0 +persist.vendor.oem.fp.version u:object_r:vendor_fingerprint_prop:s0 +persist.vendor.oem.gps.debug u:object_r:vendor_gps_prop:s0 +persist.vendor.oem.wifi.chain u:object_r:vendor_oem_wifi_prop:s0 +persist.vendor.oem.wifi.cnssdiag u:object_r:vendor_oem_wifi_prop:s0 +persist.vendor.oem.wifi.copytosd u:object_r:vendor_oem_wifi_prop:s0 +persist.vendor.oem.wifi.debug u:object_r:vendor_oem_wifi_prop:s0 +persist.vendor.oem.wifi.logpath u:object_r:vendor_oem_wifi_prop:s0 +persist.vendor.oem.wifi.txenable u:object_r:vendor_oem_wifi_prop:s0 +persist.vendor.oneplus.bt u:object_r:vendor_oem_bluetooth_prop:s0 +persist.vendor.oneplus.bttestmode u:object_r:vendor_oem_bluetooth_prop:s0 +persist.vendor.sdx50m.online u:object_r:vendor_usb_prop:s0 +persist.vendor.service.bdroid.snooplog u:object_r:vendor_bluetooth_prop:s0 +persist.vendor.service.bdroid.soclog u:object_r:vendor_bluetooth_prop:s0 +persist.vendor.tcpdump.copy u:object_r:vendor_oem_wifi_prop:s0 +persist.vendor.tcpdump.dir u:object_r:vendor_oem_wifi_prop:s0 +persist.vendor.tcpdump.location u:object_r:vendor_oem_wifi_prop:s0 +persist.vendor.tcpdump.mdpermission u:object_r:vendor_oem_wifi_prop:s0 +ro.vendor.build.display.full_id u:object_r:vendor_rild_prop:s0 +ro.vendor.product.device.db u:object_r:vendor_db_security_prop:s0 +ro.vendor.product.manufacturer.db u:object_r:vendor_db_security_prop:s0 +vendor.calibration.fingerprint u:object_r:vendor_fingerprint_prop:s0 +vendor.copy.opdiagnose.data u:object_r:vendor_shell_prop:s0 +vendor.nfc. u:object_r:vendor_nfc_prop:s0 +vendor.oem.rbr.log.clean u:object_r:vendor_default_prop:s0 +vendor.oem.wifi.socket.quit u:object_r:vendor_set_wlan_prop:s0 +vendor.service.wifi.socket.enable u:object_r:vendor_oem_wifi_prop:s0 +vendor.service.wifi.socket.mdm.enable u:object_r:vendor_oem_wifi_prop:s0 +vendor.sys.memplus.postboot u:object_r:vendor_memplus_prop:s0 +vendor.wlan.driver.status u:object_r:vendor_set_wlan_prop:s0 +vendor.wlan.ftm.daemon u:object_r:vendor_set_wlan_prop:s0 +vendor.wlan.ftm.up u:object_r:vendor_set_wlan_prop:s0 +vendor.wlan.hotspot.forceChannel u:object_r:vendor_oem_wifi_prop:s0 +vendor.wlan.sniffer.bandwidth u:object_r:vendor_oem_wifi_prop:s0 +vendor.wlan.sniffer.channel u:object_r:vendor_oem_wifi_prop:s0 +vendor.wlan.sniffer.dump u:object_r:vendor_oem_wifi_prop:s0 +vendor.wlan.sniffer.enabled u:object_r:vendor_oem_wifi_prop:s0 +vendor.wlan.sniffer.file u:object_r:vendor_oem_wifi_prop:s0 +vendor.wlan.sniffer.iface u:object_r:vendor_oem_wifi_prop:s0 +vendor.wlan.sniffer.output_dir u:object_r:vendor_oem_wifi_prop:s0 +vendor.wlan.sniffer.status u:object_r:vendor_oem_wifi_prop:s0 +vendor.wlan.sniffer.vendor_dir u:object_r:vendor_oem_wifi_prop:s0 +vendor.wlan.write.con_mode u:object_r:vendor_set_wlan_prop:s0 diff --git a/sepolicy/vendor/rild.te b/sepolicy/vendor/rild.te new file mode 100644 index 0000000..126d025 --- /dev/null +++ b/sepolicy/vendor/rild.te @@ -0,0 +1,15 @@ +hal_client_domain(rild, hal_param) + +allow rild vendor_data_file:dir rw_dir_perms; +allow rild vendor_data_file:file create_file_perms; + +allow rild block_device:dir search; + +allow rild param_block_device:blk_file rw_file_perms; + +allow rild vendor_diag_device:chr_file rw_file_perms; + +allow rild proc:file w_file_perms; +allow rild proc_net:file w_file_perms; + +set_prop(rild, vendor_rild_prop) diff --git a/sepolicy/vendor/vendor_init-qcom-sensors-sh.te b/sepolicy/vendor/vendor_init-qcom-sensors-sh.te new file mode 100644 index 0000000..2363a4e --- /dev/null +++ b/sepolicy/vendor/vendor_init-qcom-sensors-sh.te @@ -0,0 +1,2 @@ +allow vendor_init-qcom-sensors-sh vendor_persist_sensors_file:dir setattr; +allow vendor_init-qcom-sensors-sh vendor_persist_sensors_file:file setattr; diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te new file mode 100644 index 0000000..6afd980 --- /dev/null +++ b/sepolicy/vendor/vendor_init.te @@ -0,0 +1,14 @@ +allow vendor_init tmpfs:chr_file { read open }; +allow vendor_init tmpfs:dir { create_dir_perms mounton }; + +allow vendor_init op2_file:file create_file_perms; + +allow vendor_init proc_direct_swappiness:file w_file_perms; +allow vendor_init proc_hung_task:file w_file_perms; +allow vendor_init proc_swappiness:file w_file_perms; +allow vendor_init proc_watermark_boost_factor:file rw_file_perms; + +get_prop(vendor_init, vendor_db_security_prop) +set_prop(vendor_init, vendor_oem_bluetooth_prop) +set_prop(vendor_init, vendor_oem_wifi_prop) +set_prop(vendor_init, vendor_persist_camera_prop) diff --git a/sepolicy/vendor/vendor_mdm_helper.te b/sepolicy/vendor/vendor_mdm_helper.te new file mode 100644 index 0000000..7885054 --- /dev/null +++ b/sepolicy/vendor/vendor_mdm_helper.te @@ -0,0 +1 @@ +r_dir_file(vendor_mdm_helper, sysfs_project_info) diff --git a/sepolicy/vendor/vendor_qti_init_shell.te b/sepolicy/vendor/vendor_qti_init_shell.te new file mode 100644 index 0000000..68725fb --- /dev/null +++ b/sepolicy/vendor/vendor_qti_init_shell.te @@ -0,0 +1,26 @@ +allow vendor_qti_init_shell proc_modules:file r_file_perms; + +allow vendor_qti_init_shell sysfs:file write; + +allow vendor_qti_init_shell sysfs_fsc:dir r_dir_perms; +allow vendor_qti_init_shell sysfs_fsc:file rw_file_perms; + +allow vendor_qti_init_shell sysfs_memplus:file rw_file_perms; + +allow vendor_qti_init_shell vendor_data_file:dir create_dir_perms; +allow vendor_qti_init_shell vendor_data_file:file create_file_perms; + +allow vendor_qti_init_shell vendor_debugfs_wlan:dir r_dir_perms; + +allow vendor_qti_init_shell vendor_file:file execute_no_trans; +allow vendor_qti_init_shell vendor_file:system module_load; + +allow vendor_qti_init_shell vendor_sysfs_scsi_host:dir r_dir_perms; +allow vendor_qti_init_shell vendor_sysfs_scsi_host:file rw_file_perms; + +allow vendor_qti_init_shell vendor_wcnss_service_exec:file execute_no_trans; + +get_prop(vendor_qti_init_shell, exported_system_prop) +set_prop(vendor_qti_init_shell, ctl_default_prop) +set_prop(vendor_qti_init_shell, vendor_memplus_prop) +set_prop(vendor_qti_init_shell, vendor_set_wlan_prop) diff --git a/sepolicy/vendor/wlchgd.te b/sepolicy/vendor/wlchgd.te index 6063476..ab98f5f 100644 --- a/sepolicy/vendor/wlchgd.te +++ b/sepolicy/vendor/wlchgd.te @@ -2,3 +2,6 @@ type wlchgd, domain; type wlchgd_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(wlchgd) + +allow wlchgd kmsg_device:chr_file rw_file_perms; +allow wlchgd wlchg_device:chr_file rw_file_perms;