tequilaOS/platform_device_qcom_sepolicy-legacy-um
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Address denials and cleanup

Browse source 
Change-Id: Id83d5c31fc168834b3cb89e7b32691770c4b7914
This commit is contained in:
Sridhar Parasuram 2018-01-25 13:50:16 -08:00 committed by Gerrit - the friendly Code Review server
parent f607fe78fe
commit ea1eb0b08c
31 changed files with 60 additions and 91 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
vendor/common/audioserver.te vendored
View file

@ -1,6 +1,4 @@
binder_call(audioserver, bootanim)
allow audioserver perfd_socket:sock_file write;
allow audioserver sysfs_soc:file r_file_perms;
allow audioserver sysfs_soc:dir search;

2
vendor/common/diag.te vendored
View file

@ -6,7 +6,7 @@ userdebug_or_eng(`
allow diag {
diag_device
devpts
console_device
tty_device
# allow access to qseecom for drmdiagapp
tee_device
}:chr_file rw_file_perms;

3
vendor/common/file.te vendored
View file

@ -1,5 +1,7 @@
type sysfs_battery_supply, sysfs_type, fs_type;
type sysfs_camera, sysfs_type, fs_type;
type sysfs_cpu_boost, fs_type, sysfs_type;
type sysfs_devfreq, fs_type, sysfs_type;
type sysfs_easel, sysfs_type, fs_type;
type sysfs_esoc, sysfs_type, fs_type;
type sysfs_fingerprint, sysfs_type, fs_type;
@ -42,7 +44,6 @@ type proc_wifi_dbg, fs_type;
type qmuxd_socket, file_type;
type netmgrd_socket, file_type;
type thermal_socket, file_type;
type perfd_socket, file_type;
type ims_socket, file_type;
type ipacm_socket, file_type;

6
vendor/common/file_contexts vendored
View file

@ -54,7 +54,6 @@
/dev/socket/thermal-send-client u:object_r:thermal_socket:s0
/dev/socket/thermal-recv-client u:object_r:thermal_socket:s0
/dev/socket/thermal-recv-passive-client u:object_r:thermal_socket:s0
/dev/socket/perfd u:object_r:perfd_socket:s0
/dev/socket/netmgr(/.*)? u:object_r:netmgrd_socket:s0
/dev/nq-nci u:object_r:nfc_device:s0
/dev/ttyHS0 u:object_r:hci_attach_dev:s0
@ -79,7 +78,6 @@
/vendor/bin/hw/android\.hardware\.vr@1\.0-service.crosshatch u:object_r:hal_vr_default_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:hal_fingerprint_default_exec:s0
/vendor/bin/perfd u:object_r:perfd_exec:s0
/vendor/bin/thermal-engine u:object_r:thermal-engine_exec:s0
/vendor/bin/sensors.qcom u:object_r:sensors_exec:s0
/vendor/bin/ssr_setup u:object_r:ssr_setup_exec:s0
@ -221,6 +219,9 @@
/sys/devices(/platform)?/soc/[0-9a-z]+.qcom,spmi/spmi-[0-9]+/spmi[0-9]+-[0-9]+/[0-9a-z]+.qcom,spmi:qcom,pm[0-9a-z]+@[0-9]+:qcom,leds@[a-z0-9]+(/.*)? u:object_r:sysfs_leds:s0
/sys/devices/platform/soc/[a-z0-9]+.qcom,spmi/spmi-0/spmi0-0[0-9]/[a-z0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,haptics@c000/leds/vibrator(/.*)? u:object_r:sysfs_leds:s0
# sysfs_devfreq
/sys/devices(/platform)?/soc/soc:qcom,l3-cpu[0-9]/devfreq/soc:qcom,l3-cpu[0-9](/.*)? u:object_r:sysfs_devfreq:s0
#sysfs_data
/sys/devices/virtual/xt_hardidletimer/timers(/.*)? u:object_r:sysfs_data:s0
/sys/devices/virtual/xt_idletimer/timers(/.*)? u:object_r:sysfs_data:s0
@ -284,6 +285,7 @@
/sys/devices/platform/vfb.([0-3])+/graphics/fb([0-3])+/modes u:object_r:sysfs_graphics:s0
/sys/devices/platform/soc/[a-z0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/modes u:object_r:sysfs_graphics:s0
/sys/devices/platform/soc/[a-z0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/status u:object_r:sysfs_graphics:s0
/sys/class/graphics/fb([0-3])+/mdp/caps u:object_r:sysfs_graphics:s0
/sys/class/graphics/fb([0-3])+/ad u:object_r:sysfs_graphics:s0
/sys/devices(/platform)?/soc/[0-9a-z]+.qcom,spmi/spmi-[0-9]+/spmi[0-9]+-[0-9]+/[0-9a-z]+.qcom,spmi:qcom,pmi[0-9]+@[0-9]+:qcom,leds@[a-z0-9]+(/.*)? u:object_r:sysfs_graphics:s0

8
vendor/common/genfs_contexts vendored
View file

@ -19,7 +19,9 @@ genfscon sysfs /class/uio u:object
genfscon sysfs /devices/soc/soc:bt_wcn3990 u:object_r:sysfs_bluetooth_writable:s0
genfscon sysfs /devices/soc/a1800000.qcom,rmtfs_rtel_sharedmem u:object_r:sysfs_rmtfs:s0
genfscon sysfs /devices/soc/c17a000.i2c u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /devices/platform/soc/soc:qcom,gpubw u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /devices/platform/soc/soc:qcom,cpubw u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,gpubw u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,llccbw u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /devices/platform/soc/4080000.qcom,mss u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /devices/platform/soc/17300000.qcom,lpass u:object_r:sysfs_msm_subsys:s0
@ -42,6 +44,7 @@ genfscon sysfs /devices/platform/soc/0.qcom,rmtfs_sharedmem
genfscon sysfs /devices/platform/soc/soc:fp_fpc1020 u:object_r:sysfs_fingerprint:s0
genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_thermal:s0
genfscon sysfs /devices/virtual/wahoo_laser u:object_r:sysfs_laser:s0
genfscon sysfs /module/cpu_boost u:object_r:sysfs_cpu_boost:s0
genfscon sysfs /module/msm_thermal u:object_r:sysfs_thermal:s0
genfscon sysfs /module/tcp_cubic/parameters u:object_r:sysfs_net:s0
genfscon sysfs /module/diagchar/parameters/timestamp_switch u:object_r:sysfs_timestamp_switch:s0
@ -66,17 +69,16 @@ genfscon sysfs /devices/soc/a800000.ssusb/a800000.dwc3/xhci-hcd.0.auto/usb2 u:ob
genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qcom,usb-pdphy@1700/usbpd0/typec u:object_r:sysfs_usb_c:s0
genfscon sysfs /module/diagchar u:object_r:sysfs_diag:s0
genfscon sysfs /devices/virtual/workqueue/kgsl-events/cpumask u:object_r:sysfs_kgsl:s0
genfscon sysfs /devices/virtual/workqueue/kgsl-events/nice u:object_r:sysfs_kgsl:s0
genfscon sysfs /devices/virtual/workqueue/kgsl-workqueue/cpumask u:object_r:sysfs_kgsl:s0
genfscon sysfs /devices/virtual/workqueue/kgsl-workqueue/nice u:object_r:sysfs_kgsl:s0
genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_graphics:s0
genfscon sysfs /class/sensors u:object_r:sysfs_sensors:s0
genfscon sysfs /bus/esoc u:object_r:sysfs_esoc:s0
genfscon sysfs /devices/soc/soc:hbtp/secure_touch u:object_r:hbtp_kernel_sysfs:s0
genfscon sysfs /devices/soc/soc:hbtp/secure_touch_enable u:object_r:hbtp_kernel_sysfs:s0
genfscon sysfs /sys/devices/soc/soc:hbtp/secure_touch_userspace u:object_r:hbtp_kernel_sysfs:s0

4
vendor/common/hal_audio_default.te vendored
View file

@ -1,13 +1,11 @@
r_dir_file(hal_audio_default, sysfs_soc)
allow hal_audio_default perfd:unix_stream_socket connectto;
allow hal_audio_default perfd_socket:sock_file write;
userdebug_or_eng(`
allow hal_audio diag_device:chr_file rw_file_perms;
')
hal_client_domain(hal_audio_default, hal_perf)
hal_client_domain(hal_audio_default, hal_power)
# read-only permission to obtain the calibration data
r_dir_file(hal_audio_default, persist_audio_file);

10
vendor/common/hal_bootctl.te vendored
View file

@ -20,8 +20,11 @@ allow hal_bootctl_server misc_block_device:blk_file rw_file_perms;
# A/B slot selection for the XBL partition. Allow also to issue a
# UFS_IOCTL_QUERY ioctl.
allow hal_bootctl sg_device:chr_file rw_file_perms;
allow hal_bootctl self:capability sys_admin;
allow hal_bootctl tmpfs:lnk_file r_file_perms;
# The sys_rawio denial message is benign, and shows up due to a capability()
# call made by the scsi driver to check for CAP_SYS_RAWIO. Not having this
# does not result in a error
dontaudit hal_bootctl self:capability sys_rawio;
# Read the sysfs to lookup what /dev/sgN device
# corresponds to the XBL partitions.
@ -29,6 +32,3 @@ allow hal_bootctl sysfs:dir r_dir_perms;
# Write to the XBL devices.
allow hal_bootctl xbl_block_device:blk_file rw_file_perms;
# Expose a socket for brokered boot message access for hal_oemlock.
allow hal_bootctl hal_bootctl_socket:sock_file create_file_perms;

12
vendor/common/hal_camera.te vendored
View file

@ -1,7 +1,3 @@
# communicate with perfd
allow hal_camera perfd:unix_stream_socket connectto;
allow hal_camera perfd_socket:sock_file write;
allow hal_camera self:capability sys_nice;
# communicate with camera
@ -11,8 +7,6 @@ allow hal_camera self:capability sys_nice;
allow hal_camera gpu_device:chr_file rw_file_perms;
allow hal_camera perfd_socket:sock_file w_file_perms;
# access to /dev/input/event{5,10}
allow hal_camera input_device:dir r_dir_perms;
allow hal_camera input_device:chr_file r_file_perms;
@ -51,3 +45,9 @@ allow hal_camera sysfs_easel:file rw_file_perms;
# access hexagon
allow hal_camera qdsp_device:chr_file r_file_perms;
#needed for full_treble
hal_client_domain(hal_camera_default, hal_graphics_composer)
allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find;
hal_client_domain(hal_camera_default, hal_perf)

1
vendor/common/hal_imsrtp.te vendored
View file

@ -27,6 +27,5 @@ r_dir_file(hal_imsrtp, sysfs_msm_subsys)
r_dir_file(hal_imsrtp, sysfs_diag)
r_dir_file(hal_imsrtp, sysfs_soc)
allow hal_imsrtp ion_device:chr_file r_file_perms;
get_prop(hal_imsrtp, ims_prop)
binder_call(hal_imsrtp, radio)

5
vendor/common/hal_perf_default.te vendored
View file

@ -43,6 +43,8 @@ allow hal_perf_default proc:file rw_file_perms;
allow hal_perf {
sysfs_devices_system_cpu
sysfs_devfreq
sysfs_cpu_boost
sysfs_kgsl
sysfs_graphics
sysfs
@ -51,11 +53,14 @@ allow hal_perf {
allow hal_perf {
sysfs_devices_system_cpu
sysfs_devfreq
sysfs_cpu_boost
sysfs_kgsl
sysfs_graphics
sysfs_battery_supply
}:file rw_file_perms;
allow hal_perf {
sysfs_devfreq
sysfs_kgsl
}:lnk_file r_file_perms;

2
vendor/common/hal_sensors_default.te vendored
View file

@ -13,5 +13,3 @@ allow hal_sensors sysfs_data:file r_file_perms;
allow hal_sensors sysfs_sensors:dir r_dir_perms;
allow hal_sensors sysfs_sensors:file rw_file_perms;
allow hal_sensors sysfs_sensors:lnk_file read;
allow hal_sensors_default sysfs:file r_file_perms;

1
vendor/common/ims.te vendored
View file

@ -6,6 +6,7 @@ net_domain(ims)
get_prop(ims, hwservicemanager_prop)
set_prop(ims, ims_prop)
get_prop(ims, ims_prop)
unix_socket_connect(ims, netmgrd, netmgrd)

6
vendor/common/init-qti-ims-sh.te vendored
View file

@ -33,4 +33,8 @@ init_daemon_domain(init-qti-ims-sh)
allow init-qti-ims-sh vendor_shell_exec:file rx_file_perms;
allow init-qti-ims-sh vendor_toolbox_exec:file rx_file_perms;
set_prop(init-qti-ims-sh, system_prop)
set_prop(init-qti-ims-sh, ims_prop)
get_prop(init-qti-ims-sh, ims_prop)
# for ro.build.product
get_prop(init-qti-ims-sh, default_prop)

6
vendor/common/init.te vendored
View file

@ -7,7 +7,6 @@ allow init {
# symlink /sdcard to backing block
allow init tmpfs:lnk_file create;
allow init debugfs_clk:file w_file_perms;
allow init tty_device:chr_file rw_file_perms;
@ -26,7 +25,6 @@ dontaudit init kernel:system module_request;
allow init sysfs_leds:lnk_file r_file_perms;
# need to check
allow init socket_device:sock_file create_file_perms;
#Needed for restorecon. Init already has these permissions
@ -40,3 +38,7 @@ allow init {
modem_block_device
mdtp_device
}:{ blk_file lnk_file } relabelto;
#Allow /sys access to write zram disksize
allow init sysfs_zram:dir r_dir_perms;
allow init sysfs_zram:file r_file_perms;

13
vendor/common/init_shell.te vendored
View file

@ -28,6 +28,9 @@ allow qti_init_shell { system_file rootfs vendor_shell_exec }:file execute_no_tr
allow qti_init_shell gpu_device:chr_file getattr;
allow qti_init_shell sysfs_cpu_boost:dir r_dir_perms;
allow qti_init_shell sysfs_cpu_boost:file rw_file_perms;
# for insmod of iris ko, this is needed.
# dac_read/override is needed for scripts to do chown/mkdir which is
# needed by most of the services
@ -60,6 +63,8 @@ allow qti_init_shell {
r_dir_file(qti_init_shell, sysfs_thermal)
r_dir_file(qti_init_shell, sysfs_type)
r_dir_file(qti_init_shell, sysfs_devfreq)
allow qti_init_shell sysfs_devfreq:file w_file_perms;
allow qti_init_shell sysfs_soc:file write;
allow qti_init_shell sysfs:{ dir file lnk_file } relabelfrom;
allow qti_init_shell sysfs_devices_system_cpu: { dir file lnk_file } relabelto;
@ -92,7 +97,7 @@ allow qti_init_shell configfs:file rw_file_perms;
#Allow /sys access to write zram disksize
allow qti_init_shell sysfs_zram:dir r_dir_perms;
allow qti_init_shell sysfs_zram:file w_file_perms;
allow qti_init_shell sysfs_zram:file rw_file_perms;
# To get GPU frequencies
allow qti_init_shell sysfs_kgsl:file r_file_perms;
@ -120,10 +125,4 @@ allow qti_init_shell {
allow qti_init_shell sysfs_battery_supply:file setattr;
allow qti_init_shell sysfs_usb_supply:file setattr;
allow qti_init_shell proc:dir w_file_perms;
allow qti_init_shell post_boot_prop:property_service set;
allow qti_init_shell proc:dir add_name;
allow qti_init_shell sysfs:file w_file_perms;
allow qti_init_shell sysfs_devices_system_cpu:dir w_dir_perms;
allow qti_init_shell sysfs_devices_system_cpu:file w_file_perms;

2
vendor/common/kernel.te vendored Executable file → Normal file
View file

@ -2,6 +2,7 @@
userdebug_or_eng(`
allow kernel self:socket create;
allow kernel debugfs_wlan:dir search;
allow kernel debugfs_ipc:dir search;
')
allow kernel vendor_firmware_file:dir search;
@ -10,5 +11,4 @@ allow kernel vendor_firmware_file:lnk_file read;
dontaudit kernel kernel:system module_request;
allow kernel debugfs_ipc:dir search;
allow kernel persist_file:dir search;

6
vendor/common/location.te vendored
View file

@ -8,7 +8,6 @@ init_daemon_domain(location)
# STOPSHIP b/28340421
# Temporarily grant this permission (for LOWI) and log its use.
allow location self:capability { net_admin };
auditallow location self:capability { net_admin };
allow location self:capability { setgid setuid };
@ -30,9 +29,6 @@ allow location self:socket create_socket_perms;
# whitelist socket ioctl commands
allowxperm location self:socket ioctl msm_sock_ipc_ioctls;
# files in /sys
r_dir_file(location, sysfs_type)
dontaudit location kernel:system module_request;
allow location proc_net:file r_file_perms;
@ -46,4 +42,4 @@ allow location location_data_file:{ file sock_file } create_file_perms;
userdebug_or_eng(`
allow location diag_device:chr_file rw_file_perms;
')
')

3
vendor/common/mediacodec.te vendored
View file

@ -1,6 +1,3 @@
allow mediacodec perfd:unix_stream_socket connectto;
allow mediacodec perfd_socket:sock_file write;
allow mediacodec sysfs_soc:file r_file_perms;
allow mediacodec sysfs_soc:dir search;

2
vendor/common/netmgrd.te vendored
View file

@ -27,8 +27,6 @@ allow netmgrd sysfs_soc:file r_file_perms;
allow netmgrd sysfs_msm_subsys:dir r_dir_perms;
allow netmgrd sysfs_msm_subsys:file r_file_perms;
allow netmgrd system_file:file lock;
r_dir_file(netmgrd, sysfs_msm_subsys)
wakelock_use(netmgrd)

1
vendor/common/per_proxy.te vendored
View file

@ -5,7 +5,6 @@ type per_proxy_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(per_proxy)
allow per_proxy per_mgr_service:service_manager find;
r_dir_file(per_proxy, sysfs_type)
vndbinder_use(per_proxy)
binder_call(per_proxy, per_mgr)

31
vendor/common/perfd.te vendored
View file

@ -1,31 +0,0 @@
type perfd, domain;
type perfd_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(perfd)
r_dir_file(perfd, sysfs_msm_subsys)
# perfd uses kill(pid, 0) to determine if a process exists.
# Determining if a process exists does not require the kill capability
# since a permission denied indicates the process exists.
dontaudit perfd self:capability kill;
allow perfd mediacodec:process signull;
allow perfd hal_power_default:process signull;
allow perfd cgroup:file r_file_perms;
allow perfd post_boot_prop:file r_file_perms;
allow perfd proc:file rw_file_perms;
allow perfd sysfs_graphics:dir search;
allow perfd sysfs_graphics:file r_file_perms;
allow perfd sysfs_soc:dir search;
allow perfd sysfs_soc:file r_file_perms;
allow perfd sysfs_graphics:dir search;
allow perfd sysfs_graphics:file r_file_perms;
allow perfd sysfs_msm_subsys:file w_file_perms;
allow perfd sysfs_devices_system_cpu:file w_file_perms;
allow perfd perfd_socket:sock_file write;
allow perfd latency_device:chr_file w_file_perms;

1
vendor/common/peripheral_manager.te vendored
View file

@ -22,7 +22,6 @@ allowxperm per_mgr self:socket ioctl msm_sock_ipc_ioctls;
allow per_mgr ssr_device:chr_file { open read };
r_dir_file(per_mgr, sysfs_msm_subsys)
r_dir_file(per_mgr, sysfs)
# Set the peripheral state property
set_prop(per_mgr, per_mgr_state_prop);

3
vendor/common/property_contexts vendored
View file

@ -10,6 +10,7 @@ debug.ssrdump u:object_r:ssr_prop:s0
htc.camera. u:object_r:camera_prop:s0
net.r_rmnet_data0 u:object_r:net_rmnet_prop:s0
persist.camera. u:object_r:camera_prop:s0
persist.ims.disabled u:object_r:ims_prop:s0
persist.net.doxlat u:object_r:net_radio_prop:s0
persist.radio.enable_tel_mon u:object_r:tel_mon_prop:s0
persist.sys.cnd u:object_r:cnd_prop:s0
@ -21,6 +22,7 @@ persist.vendor.crash.cnt u:object_r:crash_cnt_prop:s0
persist.vendor.crash.detect u:object_r:crash_detect_prop:s0
radio. u:object_r:radio_prop:s0
rcs.publish.status u:object_r:radio_prop:s0
service.qti.ims.enabled u:object_r:ims_prop:s0
sys.ims. u:object_r:ims_prop:s0
sys.keymaster.loaded u:object_r:keymaster_prop:s0
sys.listeners.registered u:object_r:tee_listener_prop:s0
@ -32,4 +34,5 @@ sys.usb.tethering u:object_r:sys_usb_tethering_prop:s0
sys.usb.configfs u:object_r:sys_usb_configfs_prop:s0
sys.usb.controller u:object_r:sys_usb_controller_prop:s0
vendor.peripheral. u:object_r:per_mgr_state_prop:s0
vendor.ims. u:object_r:ims_prop:s0
wc_transport. u:object_r:wc_prop:s0

7
vendor/common/rmt_storage.te vendored
View file

@ -18,14 +18,17 @@ allow rmt_storage sysfs_rmtfs:dir search;
allow rmt_storage sysfs_rmtfs:file r_file_perms;
allow rmt_storage sysfs_rmtfs:dir search;
allow rmt_storage debugfs_rmt_storage:dir search;
allow rmt_storage debugfs_rmt_storage:file w_file_perms;
allow rmt_storage self:socket create_socket_perms;
allowxperm rmt_storage self:socket ioctl IPC_ROUTER_IOCTL_BIND_CONTROL_PORT;
allow rmt_storage kmsg_device:chr_file w_file_perms;
#debugfs access
userdebug_or_eng(`
allow rmt_storage debugfs_rmt_storage:dir search;
allow rmt_storage debugfs_rmt_storage:file w_file_perms;
')
r_dir_file(rmt_storage, sysfs_uio)
r_dir_file(rmt_storage, sysfs_uio_file)

3
vendor/common/shell.te vendored
View file

@ -1,2 +1 @@
# To allow non-root to find power_supply management info
allow shell sysfs_msm_subsys:dir search;

1
vendor/common/surfaceflinger.te vendored
View file

@ -1,3 +1,2 @@
dontaudit surfaceflinger firmware_file:dir search;
dontaudit surfaceflinger kernel:system module_request;
allow surfaceflinger debugfs_ion:dir search;

1
vendor/common/vndservice.te vendored
View file

@ -1,3 +1,2 @@
type citadeld_service, vndservice_manager_type;
type qdisplay_service, vndservice_manager_type;
type per_mgr_service, vndservice_manager_type;

1
vendor/common/vndservice_contexts vendored
View file

@ -1,3 +1,2 @@
android.hardware.citadel.ICitadeld u:object_r:citadeld_service:s0
display.qservice u:object_r:qdisplay_service:s0
vendor.qcom.PeripheralManager u:object_r:per_mgr_service:s0

2
vendor/common/vold.te vendored Executable file → Normal file
View file

@ -1,5 +1,3 @@
get_prop(vold, tee_listener_prop)
allow vold sysfs_scsi_devices_0000:file write;
allow vold persist_file:dir r_dir_perms;

4
vendor/common/wcnss_service.te vendored
View file

@ -41,8 +41,8 @@ userdebug_or_eng(`
userdebug_or_eng(`
allow wcnss_service sdcardfs:dir create_dir_perms;
allow wcnss_service sdcardfs:file create_file_perms;
')
# This is needed for ptt_socket_app to write logs file collected to sdcard
r_dir_file(wcnss_service, storage_file)
r_dir_file(wcnss_service, mnt_user_file)
')

2
vendor/sdm845/file_contexts vendored
View file

@ -60,6 +60,8 @@
/dev/block/platform/soc/1d84000\.ufshc/by-name/modem_[ab] u:object_r:modem_block_device:s0
/dev/block/platform/soc/1d84000\.ufshc/by-name/modemst[12] u:object_r:modem_block_device:s0
/dev/block/platform/soc/1d84000.ufshc/by-name/persist u:object_r:persist_block_device:s0
/dev/block/platform/soc/1d84000\.ufshc/by-name/ramdump u:object_r:ramdump_block_device:s0
/dev/block/platform/soc/1d84000\.ufshc/by-name/ssd u:object_r:ssd_block_device:s0