Merge "Sepolicy: add rules for qsguard"
This commit is contained in:
qctecmdr
Gerrit - the friendly Code Review server
commit
d941db11bd
5 changed files with 60 additions and 1 deletions
|
|
@ -6,4 +6,5 @@
|
|||
(typeattributeset new_objects
|
||||
( new_objects
|
||||
vendor_hal_minkipc_service
|
||||
vendor_afp_prop))
|
||||
vendor_afp_prop
|
||||
qsguard))
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
(expandtypeattribute (vendor_fm_app_33_0) true)
|
||||
(expandtypeattribute (vendor_hal_atfwd_hwservice_33_0) true)
|
||||
(expandtypeattribute (vendor_hal_displayconfig_service_33_0) true)
|
||||
(expandtypeattribute (qsguard_33_0) true)
|
||||
(expandtypeattribute (vendor_hal_telephony_service_33_0) true)
|
||||
(expandtypeattribute (vendor_location_app_33_0) true)
|
||||
(expandtypeattribute (vendor_mm_parser_prop_33_0) true)
|
||||
|
|
@ -52,6 +53,7 @@
|
|||
(typeattribute vendor_fm_app_33_0)
|
||||
(typeattribute vendor_hal_atfwd_hwservice_33_0)
|
||||
(typeattribute vendor_hal_displayconfig_service_33_0)
|
||||
(typeattribute qsguard_33_0)
|
||||
(typeattribute vendor_hal_telephony_service_33_0)
|
||||
(typeattribute vendor_location_app_33_0)
|
||||
(typeattribute vendor_mm_parser_prop_33_0)
|
||||
|
|
@ -96,6 +98,7 @@
|
|||
(typeattributeset vendor_fm_app_33_0 (vendor_fm_app))
|
||||
(typeattributeset vendor_hal_atfwd_hwservice_33_0 (vendor_hal_atfwd_hwservice))
|
||||
(typeattributeset vendor_hal_displayconfig_service_33_0 (vendor_hal_displayconfig_service))
|
||||
(typeattributeset qsguard_33_0 (qsguard))
|
||||
(typeattributeset vendor_hal_telephony_service_33_0 (vendor_hal_telephony_service))
|
||||
(typeattributeset vendor_location_app_33_0 (vendor_location_app))
|
||||
(typeattributeset vendor_mm_parser_prop_33_0 (vendor_mm_parser_prop))
|
||||
|
|
|
|||
|
|
@ -24,6 +24,12 @@
|
|||
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
||||
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
||||
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
#Changes from Qualcomm Innovation Center are provided under the following license:
|
||||
|
||||
#Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
#SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
/data/misc/elabel(/.*)? u:object_r:vendor_elabel_data_file:s0
|
||||
/data/misc/seemp(/.*)? u:object_r:vendor_seemp_data_file:s0
|
||||
|
||||
|
|
@ -61,6 +67,7 @@
|
|||
/(system_ext|system/system_ext)/bin/qspmsvc u:object_r:vendor_qspmsvc_exec:s0
|
||||
/(system_ext|system/system_ext)/bin/perfetto_dump\.sh u:object_r:vendor_perfetto_dump_exec:s0
|
||||
/(system_ext|system/system_ext)/bin/qxrsplitauxservice u:object_r:vendor_sys_sxrauxd_exec:s0
|
||||
/(system_ext|system/system_ext)/bin/qsguard u:object_r:qsguard_exec:s0
|
||||
|
||||
####### data files ################
|
||||
/data/dpm(/.*)? u:object_r:vendor_dpmd_data_file:s0
|
||||
|
|
|
|||
43
generic/private/qsguard.te
Normal file
43
generic/private/qsguard.te
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
#Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
#SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
typeattribute qsguard coredomain;
|
||||
typeattribute qsguard mlstrustedsubject;
|
||||
type qsguard_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(qsguard)
|
||||
userdebug_or_eng(`
|
||||
allow qsguard surfaceflinger_service:service_manager find;
|
||||
allow qsguard dropbox_service:service_manager find;
|
||||
|
||||
allow qsguard surfaceflinger:unix_stream_socket { read write };
|
||||
binder_call(qsguard, servicemanager)
|
||||
binder_call(qsguard, surfaceflinger)
|
||||
# allow use dropbox
|
||||
binder_call(qsguard, system_server)
|
||||
|
||||
allow qsguard { shell_exec logcat_exec }:file rx_file_perms;
|
||||
|
||||
allow qsguard self:global_capability_class_set kill;
|
||||
allow qsguard kmsg_device:chr_file w_file_perms;
|
||||
allow qsguard domain:process { signal sigstop sigkill };
|
||||
|
||||
# write into sysrq
|
||||
allow qsguard proc_sysrq:file w_file_perms;
|
||||
|
||||
unix_socket_connect(qsguard, logdr, logd)
|
||||
|
||||
allow qsguard domain:dir r_dir_perms;
|
||||
allow qsguard domain:file r_file_perms;
|
||||
allow qsguard domain:lnk_file read;
|
||||
|
||||
allow qsguard misc_user_data_file:dir create_dir_perms;
|
||||
allow qsguard misc_user_data_file:file create_file_perms;
|
||||
allow system_server misc_user_data_file:file r_file_perms;
|
||||
allow system_server qsguard:fd use;
|
||||
# reboot
|
||||
set_prop(qsguard, powerctl_prop);
|
||||
|
||||
dontaudit qsguard default_prop:file read;
|
||||
|
||||
')
|
||||
5
generic/public/qsguard.te
Normal file
5
generic/public/qsguard.te
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
#Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
#SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
type qsguard, domain, coredomain;
|
||||
|
||||
Loading…
Reference in a new issue