Merge tag 'LA.QSSI.14.0.r1-15700-qssi.0' into staging/lineage-21.0_merge-LA.QSSI.14.0.r1-15700-qssi.0
LA.QSSI.14.0.r1-15700-qssi.0 # By Ashutosh Das (1) and vidyalak (1) # Via Linux Build Service Account (2) and others * tag 'LA.QSSI.14.0.r1-15700-qssi.0': sepolicy: Add sepolicy for newly added qspa prop Added SE-Policy rules for usbudev on Vendor-14 Change-Id: If373a0c5767e57a63f41401ecb68a82a7332ebe4
This commit is contained in:
Michael Bestas
commit
f1f3174931
6 changed files with 57 additions and 0 deletions
|
|
@ -35,6 +35,8 @@
|
|||
|
||||
/(product|system/product)/etc/init\.qcom\.testscripts\.sh u:object_r:qti-testscripts_exec:s0
|
||||
|
||||
/(system_ext|system/system_ext)/bin/init\.qti\.qspa\.sh u:object_r:vendor_qspa_exec:s0
|
||||
|
||||
/storage/emulated(/.*)? u:object_r:media_rw_data_file:s0
|
||||
|
||||
####### device files ##############
|
||||
|
|
@ -69,6 +71,7 @@
|
|||
/(system_ext|system/system_ext)/bin/qxrsplitauxservice u:object_r:vendor_sys_sxrauxd_exec:s0
|
||||
/(system_ext|system/system_ext)/bin/qsguard u:object_r:qsguard_exec:s0
|
||||
/system_ext/bin/virtual_keyboard u:object_r:vendor_virtual_keyboard_exec:s0
|
||||
/system_ext/bin/usbudev u:object_r:vendor_usbudev_qti_exec:s0
|
||||
|
||||
####### data files ################
|
||||
/data/dpm(/.*)? u:object_r:vendor_dpmd_data_file:s0
|
||||
|
|
|
|||
|
|
@ -49,3 +49,6 @@ system_internal_prop(vendor_xrcb_prop)
|
|||
|
||||
#bootreceiver property
|
||||
system_public_prop(vendor_bootreceiver_prop)
|
||||
|
||||
#QSPA property
|
||||
system_internal_prop(vendor_qspa_prop)
|
||||
|
|
|
|||
|
|
@ -25,6 +25,12 @@
|
|||
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
||||
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
#
|
||||
# Changes from Qualcomm Innovation Center, Inc. are provided under the following license:
|
||||
#
|
||||
# Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
# SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
ro.vendor.qti.va_aosp.support u:object_r:vendor_exported_system_prop:s0 exact bool
|
||||
ro.vendor.qti.va_odm.support u:object_r:vendor_exported_odm_prop:s0 exact bool
|
||||
ro.vendor.perf.scroll_opt u:object_r:vendor_exported_system_prop:s0 exact bool
|
||||
|
|
@ -100,3 +106,7 @@ ro.vendor.bootreceiver.enable u:object_r:vendor_bootreceiver_prop:s
|
|||
|
||||
#Power Module
|
||||
ro.vendor.power.tuning.support u:object_r:vendor_exported_system_prop:s0 exact bool
|
||||
|
||||
# qspa
|
||||
ro.vendor.config.qspa. u:object_r:vendor_qspa_prop:s0
|
||||
|
||||
|
|
|
|||
15
generic/private/qspa.te
Normal file
15
generic/private/qspa.te
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
# Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
# SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
type vendor_qspa, domain;
|
||||
type vendor_qspa_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
typeattribute vendor_qspa coredomain;
|
||||
|
||||
init_daemon_domain(vendor_qspa)
|
||||
|
||||
allow vendor_qspa shell_exec:file {map read execute getattr};
|
||||
allow vendor_qspa toolbox_exec:file {getattr execute read open execute_no_trans map};
|
||||
|
||||
set_prop(vendor_qspa, vendor_qspa_prop)
|
||||
|
||||
|
|
@ -25,6 +25,12 @@
|
|||
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
||||
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
#
|
||||
# Changes from Qualcomm Innovation Center, Inc. are provided under the following license:
|
||||
#
|
||||
# Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
# SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
add_service(system_server, vendor_izat_service)
|
||||
|
||||
# Ant ipc
|
||||
|
|
@ -74,3 +80,7 @@ allow system_server binderfs_logs:file r_file_perms;
|
|||
|
||||
# Allow system server to access for rcs service
|
||||
get_prop(system_server, vendor_persist_rcs_prop)
|
||||
|
||||
# Allow system server to access for qspa prop
|
||||
get_prop(system_server, vendor_qspa_prop)
|
||||
|
||||
|
|
|
|||
16
generic/private/usbudev.te
Normal file
16
generic/private/usbudev.te
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
# Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
# SPDX-License-Identifier: BSD-3-Clause-Clear
|
||||
|
||||
#============= vendor_usbudev_qti ==============
|
||||
type vendor_usbudev_qti, domain, coredomain;
|
||||
type vendor_usbudev_qti_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(vendor_usbudev_qti)
|
||||
allow vendor_usbudev_qti self:netlink_kobject_uevent_socket { bind create getopt read setopt };
|
||||
allow vendor_usbudev_qti toolbox_exec:file rx_file_perms;
|
||||
allow vendor_usbudev_qti self:capability net_admin;
|
||||
allow vendor_usbudev_qti self:netlink_route_socket { bind create getattr setopt nlmsg_write read write };
|
||||
allow vendor_usbudev_qti self:udp_socket {create_socket_perms};
|
||||
allowxperm vendor_usbudev_qti self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFADDR SIOCSIFNETMASK };
|
||||
allow vendor_usbudev_qti shell_exec:file { rx_file_perms };
|
||||
allow vendor_usbudev_qti system_file:file execute_no_trans;
|
||||
Loading…
Reference in a new issue