sm8450-common: sepolicy: Overall cleanup
Change-Id: I0d6282ea0315774fa29e8155cb0e113123025623
This commit is contained in:
Arian
parent
14be88afd4
commit
30c8d6c293
35 changed files with 184 additions and 273 deletions
|
|
@ -1,5 +0,0 @@
|
|||
# MIUI
|
||||
ro.miui. u:object_r:exported_system_prop:s0
|
||||
ro.product.mod_device u:object_r:exported_default_prop:s0 exact string
|
||||
ro.cust.test u:object_r:exported_system_prop:s0
|
||||
ro.carrier u:object_r:exported_default_prop:s0 exact string
|
||||
1
sepolicy/vendor/agmservice_qti.te
vendored
1
sepolicy/vendor/agmservice_qti.te
vendored
|
|
@ -1 +0,0 @@
|
|||
allow vendor_agmservice_qti debugfs:dir r_dir_perms;
|
||||
2
sepolicy/vendor/audioadsprpcd.te
vendored
2
sepolicy/vendor/audioadsprpcd.te
vendored
|
|
@ -1,2 +0,0 @@
|
|||
allow vendor_audioadsprpcd vendor_audio_data_file:dir search;
|
||||
allow vendor_audioadsprpcd vendor_audio_data_file:file { append create getattr open read setattr write };
|
||||
8
sepolicy/vendor/audioserver.te
vendored
8
sepolicy/vendor/audioserver.te
vendored
|
|
@ -1,8 +0,0 @@
|
|||
allow audioserver system_server:dir search;
|
||||
allow audioserver mediaserver:dir search;
|
||||
allow audioserver mediaserver:file { open read };
|
||||
allow audioserver system_app:dir search;
|
||||
allow audioserver hal_audio_default:process signal;
|
||||
allow audioserver sound_device:chr_file rw_file_perms;
|
||||
get_prop(audioserver, bootanim_system_prop)
|
||||
set_prop(audioserver, audio_prop)
|
||||
17
sepolicy/vendor/batterysecret.te
vendored
17
sepolicy/vendor/batterysecret.te
vendored
|
|
@ -1,3 +1,11 @@
|
|||
type batterysecret, domain;
|
||||
type batterysecret_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
hwbinder_use(batterysecret)
|
||||
init_daemon_domain(batterysecret)
|
||||
|
||||
binder_call(batterysecret, system_suspend_server)
|
||||
|
||||
allow batterysecret rootfs:dir write;
|
||||
allow batterysecret self:capability sys_tty_config;
|
||||
allow batterysecret self:capability sys_boot;
|
||||
|
|
@ -12,8 +20,6 @@ allow batterysecret vendor_sysfs_qcom_battery:file rw_file_perms;
|
|||
allow batterysecret vendor_sysfs_qcom_battery:file write;
|
||||
allow batterysecret vendor_sysfs_qcom_battery:file { open read write };
|
||||
allow batterysecret vendor_sysfs_qcom_battery:dir r_dir_perms;
|
||||
allow batterysecret system_suspend_server:binder { call transfer };
|
||||
allow batterysecret system_suspend_server:fd *;
|
||||
allow batterysecret system_suspend_hwservice:hwservice_manager find;
|
||||
allow batterysecret hidl_manager_hwservice:hwservice_manager find;
|
||||
allow batterysecret sysfs:file write;
|
||||
|
|
@ -22,14 +28,13 @@ allow batterysecret vendor_sysfs_usb_supply:file write;
|
|||
allow batterysecret sysfs_batteryinfo:file r_file_perms;
|
||||
allow batterysecret kmsg_device:chr_file rw_file_perms;
|
||||
allow batterysecret mnt_vendor_file:dir rw_dir_perms;
|
||||
init_daemon_domain(batterysecret)
|
||||
|
||||
r_dir_file(batterysecret, sysfs_type)
|
||||
r_dir_file(batterysecret, rootfs)
|
||||
r_dir_file(batterysecret, cgroup)
|
||||
r_dir_file(batterysecret, vendor_sysfs_usb_supply)
|
||||
|
||||
get_prop(batterysecret, hwservicemanager_prop)
|
||||
get_prop(batterysecret, vendor_default_prop)
|
||||
set_prop(batterysecret, vendor_system_prop)
|
||||
hwbinder_use(batterysecret)
|
||||
type batterysecret, domain;
|
||||
type batterysecret_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
|
|
|
|||
27
sepolicy/vendor/bluetooth.te
vendored
27
sepolicy/vendor/bluetooth.te
vendored
|
|
@ -1,27 +0,0 @@
|
|||
allow bluetooth hal_audio:binder { call transfer };
|
||||
allow bluetooth hal_audio:fd *;
|
||||
allow bluetooth sysfs_bluetooth_writable:file w_file_perms;
|
||||
allow bluetooth media_rw_data_file:dir create_dir_perms;
|
||||
allow bluetooth media_rw_data_file:file create_file_perms;
|
||||
allow bluetooth serial_device:chr_file rw_file_perms;
|
||||
allow bluetooth uhid_device:chr_file rw_file_perms;
|
||||
allow bluetooth vendor_bt_device:chr_file rw_file_perms;
|
||||
allow bluetooth vendor_smd_device:chr_file rw_file_perms;
|
||||
allow bluetooth vendor_hal_iop_hwservice:hwservice_manager find;
|
||||
allow bluetooth vendor_default_prop:file { getattr map };
|
||||
allow bluetooth vendor_bt_data_file:dir search;
|
||||
allow bluetooth vendor_bt_data_file:file { getattr open read };
|
||||
allow bluetooth system_app_data_file:dir getattr;
|
||||
allow bluetooth system_app_data_file:file { getattr open read };
|
||||
allow bluetooth self:socket { create getopt read write };
|
||||
#allow bluetooth self:socket ioctl;
|
||||
allow bluetooth servicemanager:fd *;
|
||||
allow bluetooth system_app:binder { call transfer };
|
||||
allow bluetooth system_app:fd *;
|
||||
allow bluetooth vendor_dun_service:service_manager find;
|
||||
allow bluetooth hal_audio_hwservice:hwservice_manager find;
|
||||
#allowxperm bluetooth self:ioctl socket ((range 0xc300 0xc305));
|
||||
dontaudit bluetooth netd_service:service_manager find;
|
||||
get_prop(bluetooth, vendor_display_prop)
|
||||
get_prop(bluetooth, vendor_audio_prop)
|
||||
binder_use(bluetooth)
|
||||
2
sepolicy/vendor/bootanim.te
vendored
2
sepolicy/vendor/bootanim.te
vendored
|
|
@ -1,2 +0,0 @@
|
|||
allow bootanim vendor_audio_prop:file read;
|
||||
allow bootanim vendor_proc_audiod:file read;
|
||||
21
sepolicy/vendor/device.te
vendored
21
sepolicy/vendor/device.te
vendored
|
|
@ -1,9 +1,20 @@
|
|||
type vendor_displayfeature_device, dev_type;
|
||||
# Audio
|
||||
type sound_device, dev_type, mlstrustedobject;
|
||||
|
||||
# Camera
|
||||
type stmvl53l5_device, dev_type;
|
||||
|
||||
# Display
|
||||
type vendor_displayfeature_device, dev_type;
|
||||
|
||||
# Fingerprint
|
||||
type vendor_fingerprint_device, dev_type;
|
||||
type touchfeature_device, dev_type;
|
||||
type vendor_radio_smd_device, dev_type;
|
||||
|
||||
# IR
|
||||
type ir_spi_device, dev_type;
|
||||
type ddr_partition, dev_type;
|
||||
type minidump_data_file, data_file_type, file_type;
|
||||
|
||||
# Modem
|
||||
type vendor_radio_smd_device, dev_type;
|
||||
|
||||
# Touchscreen
|
||||
type touchfeature_device, dev_type;
|
||||
|
|
|
|||
5
sepolicy/vendor/file_contexts
vendored
5
sepolicy/vendor/file_contexts
vendored
|
|
@ -11,7 +11,6 @@
|
|||
# Camera
|
||||
/(vendor|system/vendor)/bin/hw/vendor.xiaomi.hardware.quickcamera@1.0-service u:object_r:hal_quickcamera_default_exec:s0
|
||||
/mnt/vendor/persist/camera(/.*)? u:object_r:camera_persist_file:s0
|
||||
#/vendor/bin/camera_cal u:object_r:DualCameraCal_exec:s0
|
||||
/vendor/lib(64)?/libQnnHtpV69Stub\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/libQnnHtp\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/libSNPE\.so u:object_r:same_process_hal_file:s0
|
||||
|
|
@ -64,6 +63,7 @@
|
|||
|
||||
# Mac Address
|
||||
/data/vendor/mac_addr(/.*)? u:object_r:vendor_mac_vendor_data_file:s0
|
||||
/mnt/vendor/persist/qca6490/wlan_mac\.bin u:object_r:vendor_mac_vendor_data_file:s0
|
||||
/vendor/bin/nv_mac u:object_r:vendor_wcnss_service_exec:s0
|
||||
|
||||
# Mlipay
|
||||
|
|
@ -86,9 +86,6 @@
|
|||
# QRTR
|
||||
/(vendor|system/vendor)/bin/qrtr-lookup u:object_r:vendor_qrtr_exec:s0
|
||||
|
||||
# RIL
|
||||
/data/vendor/diag(/.*)? u:object_r:minidump_data_file:s0
|
||||
|
||||
# Sensors
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@2.1-service\.xiaomi-multihal u:object_r:hal_sensors_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor.xiaomi.sensor.communicate@1.0-service u:object_r:vendor_hal_sensorcommunicate_default_exec:s0
|
||||
|
|
|
|||
1
sepolicy/vendor/genfs_contexts
vendored
1
sepolicy/vendor/genfs_contexts
vendored
|
|
@ -6,6 +6,7 @@ genfscon sysfs /devices/platform/soc/soc:spf_core_platform/soc:spf_core_platform
|
|||
# Suspend
|
||||
genfscon sysfs /devices/platform/soc/3000000.remoteproc-adsp/remoteproc/remoteproc2/3000000.remoteproc-adsp:glink-edge/3000000.remoteproc-adsp:glink-edge.adsp_apps.-1.-1/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/884000.i2c/i2c-3/3-005a/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/88c000.i2c/i2c-6/6-005a/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/990000.spi/spi_master/spi0/spi0.0/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c42d000.qcom,spmi/spmi-0/0-00/c42d000.qcom,spmi:qcom,pmk8350@0:pon_hlos@1300/c42d000.qcom,spmi:qcom,pmk8350@0:pon_hlos@1300:pwrkey-bark/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/soc/c42d000.qcom,spmi/spmi-0/0-00/c42d000.qcom,spmi:qcom,pmk8350@0:pon_hlos@1300/c42d000.qcom,spmi:qcom,pmk8350@0:pon_hlos@1300:pwrkey-resin-bark/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
|
|
|||
8
sepolicy/vendor/hal_audio.te
vendored
8
sepolicy/vendor/hal_audio.te
vendored
|
|
@ -1,10 +1,6 @@
|
|||
allow hal_audio_default vendor_persist_audio_file:file rw_file_perms;
|
||||
allow hal_audio_default mnt_vendor_file:dir r_dir_perms;
|
||||
allow hal_audio_default vendor_audio_prop:property_service set;
|
||||
allow hal_audio_default audio_socket:sock_file rw_file_perms;
|
||||
allow hal_audio_default sound_device:chr_file rw_file_perms;
|
||||
allow hal_audio_default sysfs_f0_value:file rw_file_perms;
|
||||
allow hal_audio_default sysfs:file rw_file_perms;
|
||||
unix_socket_connect(hal_audio_default, property, init)
|
||||
|
||||
unix_socket_connect(hal_audio_default, property, hal_sensors_default)
|
||||
|
||||
set_prop(hal_audio_default, vendor_audio_prop)
|
||||
|
|
|
|||
35
sepolicy/vendor/hal_camera_default.te
vendored
35
sepolicy/vendor/hal_camera_default.te
vendored
|
|
@ -1,38 +1,25 @@
|
|||
attribute vendor_hal_camerapostproc_xiaomi;
|
||||
attribute vendor_hal_camerapostproc_xiaomi_client;
|
||||
attribute vendor_hal_camerapostproc_xiaomi_server;
|
||||
|
||||
type vendor_hal_camerapostproc_xiaomi_hwservice, hwservice_manager_type;
|
||||
|
||||
allow vendor_hal_camerapostproc_xiaomi_client vendor_hal_camerapostproc_xiaomi_server:binder { call transfer };
|
||||
allow vendor_hal_camerapostproc_xiaomi_client vendor_hal_camerapostproc_xiaomi_server:binder transfer;
|
||||
allow vendor_hal_camerapostproc_xiaomi_client vendor_hal_camerapostproc_xiaomi_server:fd *;
|
||||
allow vendor_hal_camerapostproc_xiaomi_client vendor_hal_camerapostproc_xiaomi_hwservice:hwservice_manager find;
|
||||
allow vendor_hal_camerapostproc_xiaomi_server vendor_hal_camerapostproc_xiaomi_client:binder transfer;
|
||||
allow vendor_hal_camerapostproc_xiaomi_server vendor_hal_camerapostproc_xiaomi_client:binder { call transfer };
|
||||
allow vendor_hal_camerapostproc_xiaomi_server vendor_hal_camerapostproc_xiaomi_client:fd *;
|
||||
allow vendor_hal_camerapostproc_xiaomi platform_app:binder transfer;
|
||||
allow vendor_hal_camerapostproc_xiaomi platform_app:binder { call transfer };
|
||||
allow vendor_hal_camerapostproc_xiaomi platform_app:fd *;
|
||||
allow vendor_hal_camerapostproc_xiaomi priv_app:binder transfer;
|
||||
allow vendor_hal_camerapostproc_xiaomi priv_app:binder { call transfer };
|
||||
allow vendor_hal_camerapostproc_xiaomi priv_app:fd *;
|
||||
allow vendor_hal_camerapostproc_xiaomi system_app:binder transfer;
|
||||
allow vendor_hal_camerapostproc_xiaomi system_app:binder { call transfer };
|
||||
allow vendor_hal_camerapostproc_xiaomi system_app:fd *;
|
||||
add_hwservice(vendor_hal_camerapostproc_xiaomi_server, vendor_hal_camerapostproc_xiaomi_hwservice)
|
||||
binder_call(vendor_hal_camerapostproc_xiaomi_client, vendor_hal_camerapostproc_xiaomi_server)
|
||||
binder_call(vendor_hal_camerapostproc_xiaomi_server, vendor_hal_camerapostproc_xiaomi_client)
|
||||
|
||||
hal_server_domain(hal_camera_default, vendor_hal_camerapostproc_xiaomi)
|
||||
hal_attribute_hwservice(hal_camera, vendor_hal_camerapostproc_xiaomi_hwservice)
|
||||
|
||||
allow hal_camera_client vendor_hal_camerapostproc_xiaomi_hwservice:hwservice_manager find;
|
||||
allow hal_camera_default mnt_vendor_file:dir search;
|
||||
allow hal_camera_default camera_persist_file:dir search;
|
||||
allow hal_camera_default vendor_persist_sensors_file:dir search;
|
||||
allow hal_camera_default stmvl53l5_device:chr_file { ioctl open read write };
|
||||
allow hal_camera_default hal_quickcamera_hwservice:hwservice_manager { add find };
|
||||
dontaudit hal_camera graphics_device:dir search;
|
||||
dontaudit hal_camera_default default_prop:file read;
|
||||
|
||||
r_dir_file(hal_camera_default, mnt_vendor_file)
|
||||
r_dir_file(hal_camera_default, camera_persist_file)
|
||||
r_dir_file(hal_camera_default, vendor_persist_sensors_file)
|
||||
hal_server_domain(hal_camera_default, vendor_hal_camerapostproc_xiaomi)
|
||||
add_hwservice(hal_camera_server, vendor_hal_camerapostproc_xiaomi_hwservice)
|
||||
|
||||
set_prop(hal_camera_default, vendor_camera_p3enable_prop)
|
||||
set_prop(hal_camera_default, vendor_camera_sensor_prop)
|
||||
|
||||
dontaudit hal_camera graphics_device:dir search;
|
||||
dontaudit hal_camera_default default_prop:file read;
|
||||
|
|
|
|||
45
sepolicy/vendor/hal_citsensorservice_xiaomi.te
vendored
45
sepolicy/vendor/hal_citsensorservice_xiaomi.te
vendored
|
|
@ -1,50 +1,39 @@
|
|||
type vendor_hal_citsensorservice_xiaomi_default, domain;
|
||||
type vendor_hal_citsensorservice_xiaomi_default_exec, exec_type, file_type, vendor_file_type;
|
||||
type vendor_hal_citsensorservice_xiaomi_hwservice, hwservice_manager_type;
|
||||
attribute vendor_hal_citsensorservice_xiaomi;
|
||||
attribute vendor_hal_citsensorservice_xiaomi_client;
|
||||
attribute vendor_hal_citsensorservice_xiaomi_server;
|
||||
|
||||
type vendor_hal_citsensorservice_xiaomi_default, domain;
|
||||
type vendor_hal_citsensorservice_xiaomi_default_exec, exec_type, file_type, vendor_file_type;
|
||||
type vendor_hal_citsensorservice_xiaomi_hwservice, hwservice_manager_type;
|
||||
|
||||
init_daemon_domain(vendor_hal_citsensorservice_xiaomi_default)
|
||||
r_dir_file(vendor_hal_citsensorservice_xiaomi_default, mnt_vendor_file)
|
||||
#set_prop(vendor_hal_citsensorservice_xiaomi_default, vendor_cct_prop)
|
||||
vndbinder_use(vendor_hal_citsensorservice_xiaomi)
|
||||
|
||||
hal_server_domain(vendor_hal_citsensorservice_xiaomi_default, vendor_hal_citsensorservice_xiaomi)
|
||||
hal_client_domain(vendor_hal_citsensorservice_xiaomi_default, hal_graphics_allocator)
|
||||
|
||||
add_hwservice(vendor_hal_citsensorservice_xiaomi_server, vendor_hal_citsensorservice_xiaomi_hwservice)
|
||||
allow vendor_hal_citsensorservice_xiaomi_client vendor_hal_citsensorservice_xiaomi_server:binder { call transfer };
|
||||
allow vendor_hal_citsensorservice_xiaomi_client vendor_hal_citsensorservice_xiaomi_server:binder transfer;
|
||||
allow vendor_hal_citsensorservice_xiaomi_client vendor_hal_citsensorservice_xiaomi_server:fd *;
|
||||
allow vendor_hal_citsensorservice_xiaomi_client vendor_hal_citsensorservice_xiaomi_hwservice:hwservice_manager find;
|
||||
allow vendor_hal_citsensorservice_xiaomi_server vendor_hal_citsensorservice_xiaomi_client:binder transfer;
|
||||
allow vendor_hal_citsensorservice_xiaomi_server vendor_hal_citsensorservice_xiaomi_client:binder { call transfer };
|
||||
allow vendor_hal_citsensorservice_xiaomi_server vendor_hal_citsensorservice_xiaomi_client:fd *;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default input_device:dir rw_dir_perms;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default input_device:chr_file rw_file_perms;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_data:file r_file_perms;
|
||||
|
||||
vndbinder_use(vendor_hal_citsensorservice_xiaomi)
|
||||
binder_call(vendor_hal_citsensorservice_xiaomi_client, vendor_hal_citsensorservice_xiaomi_server)
|
||||
binder_call(vendor_hal_citsensorservice_xiaomi_server, vendor_hal_citsensorservice_xiaomi_client)
|
||||
binder_call(vendor_hal_citsensorservice_xiaomi_default, vendor_hal_display_config_hwservice)
|
||||
binder_call(vendor_hal_citsensorservice_xiaomi_default, hal_graphics_composer)
|
||||
|
||||
allow vendor_hal_citsensorservice_xiaomi_default self:socket create_socket_perms;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default self:qipcrtr_socket create_socket_perms;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_graphics:dir r_dir_perms;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_graphics:file r_file_perms;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_persist_sensors_file:dir create_dir_perms;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_persist_sensors_file:file create_file_perms;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default fwk_sensor_hwservice:hwservice_manager find;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default system_server:binder call;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default system_server:binder transfer;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default system_server:binder { call transfer };
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_displayfeature:dir search;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_displayfeature:file { open read };
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_displayfeature_device:chr_file { ioctl open read write };
|
||||
allow vendor_hal_citsensorservice_xiaomi_default hal_graphics_mapper_hwservice:hwservice_manager find;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_display_config_hwservice:hwservice_manager find;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_display_config_hwservice:binder { call transfer };
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_display_config_hwservice:fd *;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default hal_graphics_composer:binder { call transfer };
|
||||
allow vendor_hal_citsensorservice_xiaomi_default hal_graphics_composer:fd *;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_qdisplay_service:service_manager find;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default hal_graphics_composer_default:binder transfer;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_sensorcommunicate_default:binder call;
|
||||
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_sensorcommunicate_default:binder transfer;
|
||||
allowxperm vendor_hal_citsensorservice_xiaomi_default self:socket ioctl { 0xc300 0xc301 0xc302 0xc303 0xc304 0xc305 };
|
||||
allowxperm vendor_hal_citsensorservice_xiaomi_default self:qipcrtr_socket ioctl { 0xc300 0xc301 0xc302 0xc303 0xc304 0xc305 };
|
||||
allowxperm vendor_hal_citsensorservice_xiaomi_default self:socket ioctl msm_sock_ipc_ioctls;
|
||||
allowxperm vendor_hal_citsensorservice_xiaomi_default self:qipcrtr_socket ioctl msm_sock_ipc_ioctls;
|
||||
|
||||
get_prop(vendor_hal_citsensorservice_xiaomi_default, vendor_sensors_prop)
|
||||
userdebug_or_eng(`get_prop(vendor_hal_citsensorservice_xiaomi_default, vendor_sensors_debug_prop)');
|
||||
|
|
|
|||
4
sepolicy/vendor/hal_fingerprint.te
vendored
4
sepolicy/vendor/hal_fingerprint.te
vendored
|
|
@ -1,9 +1,7 @@
|
|||
type vendor_hal_fingerprint_hwservice_xiaomi, hwservice_manager_type;
|
||||
|
||||
allow hal_fingerprint_default dmabuf_system_heap_device:chr_file r_file_perms;
|
||||
allow hal_fingerprint_default input_device:chr_file rwx_file_perms;
|
||||
allow hal_fingerprint_default input_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default input_device:dir r_dir_perms;
|
||||
allow hal_fingerprint_default mnt_vendor_file:dir search;
|
||||
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
|
||||
allow hal_fingerprint_default sysfs_tp_fodstatus:chr_file r_file_perms;
|
||||
allow hal_fingerprint_default sysfs_tp_fodstatus:file r_file_perms;
|
||||
|
|
|
|||
22
sepolicy/vendor/hal_mfidoca.te
vendored
22
sepolicy/vendor/hal_mfidoca.te
vendored
|
|
@ -1,13 +1,17 @@
|
|||
type hal_mfidoca_default, domain;
|
||||
type hal_mfidoca_default_exec, exec_type, file_type, vendor_file_type;
|
||||
type hal_mfidoca_hwservice, hwservice_manager_type;
|
||||
|
||||
hal_attribute(mfidoca)
|
||||
allow hal_mfidoca_client hal_mfidoca_server:binder { call transfer };
|
||||
allow hal_mfidoca_client hal_mfidoca_server:binder transfer;
|
||||
allow hal_mfidoca_client hal_mfidoca_server:fd *;
|
||||
allow hal_mfidoca_server hal_mfidoca_client:binder transfer;
|
||||
allow hal_mfidoca_server hal_mfidoca_client:binder { call transfer };
|
||||
allow hal_mfidoca_server hal_mfidoca_client:fd *;
|
||||
init_daemon_domain(hal_mfidoca_default)
|
||||
|
||||
hwbinder_use(hal_mfidoca_default)
|
||||
binder_call(hal_mfidoca_client, hal_mfidoca_server)
|
||||
binder_call(hal_mfidoca_server, hal_mfidoca_client)
|
||||
|
||||
add_hwservice(hal_mfidoca_server, hal_mfidoca_hwservice)
|
||||
hal_server_domain(hal_mfidoca_default, hal_mfidoca)
|
||||
|
||||
allow hal_mfidoca_default tee_device:chr_file rw_file_perms;
|
||||
allow hal_mfidoca_default firmware_file:dir r_dir_perms;
|
||||
allow hal_mfidoca_default firmware_file:file r_file_perms;
|
||||
|
|
@ -15,10 +19,8 @@ allow hal_mfidoca_default ion_device:chr_file rw_file_perms;
|
|||
allow hal_mfidoca_default vendor_dmabuf_qseecom_heap_device:chr_file { ioctl open read };
|
||||
allow hal_mfidoca_default vendor_dmabuf_qseecom_ta_heap_device:chr_file { ioctl open read };
|
||||
allow hal_mfidoca_default hal_mtdservice_default:binder transfer;
|
||||
init_daemon_domain(hal_mfidoca_default)
|
||||
|
||||
get_prop(hal_mfidoca_default, vendor_fp_prop)
|
||||
get_prop(hal_mfidoca_default, vendor_system_prop)
|
||||
set_prop(hal_mfidoca_default, vendor_payment_security_prop)
|
||||
hwbinder_use(hal_mfidoca_default)
|
||||
hal_server_domain(hal_mfidoca_default, hal_mfidoca)
|
||||
add_hwservice(hal_mfidoca_server, hal_mfidoca_hwservice)
|
||||
|
||||
|
|
|
|||
24
sepolicy/vendor/hal_mlipay.te
vendored
24
sepolicy/vendor/hal_mlipay.te
vendored
|
|
@ -1,27 +1,25 @@
|
|||
type hal_mlipay_default, domain;
|
||||
type hal_mlipay_default_exec, exec_type, file_type, vendor_file_type;
|
||||
type hal_mlipay_hwservice, hwservice_manager_type;
|
||||
|
||||
hal_attribute(mlipay)
|
||||
allow hal_mlipay_client hal_mlipay_server:binder { call transfer };
|
||||
allow hal_mlipay_client hal_mlipay_server:binder transfer;
|
||||
allow hal_mlipay_client hal_mlipay_server:fd *;
|
||||
allow hal_mlipay_client hal_mlipay_hwservice:hwservice_manager find;
|
||||
allow hal_mlipay_server hal_mlipay_client:binder transfer;
|
||||
allow hal_mlipay_server hal_mlipay_client:binder { call transfer };
|
||||
allow hal_mlipay_server hal_mlipay_client:fd *;
|
||||
allow hal_mlipay_default hal_mlipay_hwservice:hwservice_manager add;
|
||||
init_daemon_domain(hal_mlipay_default)
|
||||
|
||||
hwbinder_use(hal_mlipay_default)
|
||||
binder_call(hal_mlipay_client, hal_mlipay_server)
|
||||
binder_call(hal_mlipay_server, hal_mlipay_client)
|
||||
|
||||
add_hwservice(hal_mlipay_server, hal_mlipay_hwservice)
|
||||
hal_server_domain(hal_mlipay_default, hal_mlipay)
|
||||
|
||||
allow hal_mlipay_default tee_device:chr_file rw_file_perms;
|
||||
allow hal_mlipay_default firmware_file:dir r_dir_perms;
|
||||
allow hal_mlipay_default firmware_file:file r_file_perms;
|
||||
allow hal_mlipay_default ion_device:chr_file rw_file_perms;
|
||||
allow hal_mlipay_default rootfs:lnk_file r_file_perms;
|
||||
allow hal_mlipay_default vendor_dmabuf_qseecom_heap_device:chr_file { ioctl open read };
|
||||
allow hal_mlipay_default vendor_dmabuf_qseecom_ta_heap_device:chr_file { ioctl open read };
|
||||
allow hal_mlipay_default hal_mtdservice_default:binder transfer;
|
||||
init_daemon_domain(hal_mlipay_default)
|
||||
|
||||
get_prop(hal_mlipay_default, vendor_fp_prop)
|
||||
get_prop(hal_mlipay_default, vendor_system_prop)
|
||||
set_prop(hal_mlipay_default, vendor_payment_security_prop)
|
||||
hwbinder_use(hal_mlipay_default)
|
||||
hal_server_domain(hal_mlipay_default, hal_mlipay)
|
||||
add_hwservice(hal_mlipay_server, hal_mlipay_hwservice)
|
||||
|
|
|
|||
30
sepolicy/vendor/hal_mtdservice.te
vendored
30
sepolicy/vendor/hal_mtdservice.te
vendored
|
|
@ -1,17 +1,20 @@
|
|||
type hal_mtdservice_default, domain;
|
||||
type hal_mtdservice_default_exec, exec_type, file_type, vendor_file_type;
|
||||
type hal_mtdservice_hwservice, hwservice_manager_type;
|
||||
|
||||
hal_attribute(mtdservice)
|
||||
allow hal_mtdservice_client hal_mtdservice_server:binder { call transfer };
|
||||
allow hal_mtdservice_client hal_mtdservice_server:binder transfer;
|
||||
allow hal_mtdservice_client hal_mtdservice_server:fd *;
|
||||
allow hal_mtdservice_server hal_mtdservice_client:binder transfer;
|
||||
allow hal_mtdservice_server hal_mtdservice_client:binder { call transfer };
|
||||
allow hal_mtdservice_server hal_mtdservice_client:fd *;
|
||||
allow hal_mtdservice_default hal_mlipay_default:binder { call transfer };
|
||||
allow hal_mtdservice_default hal_mlipay_default:fd *;
|
||||
allow hal_mtdservice_default hal_mfidoca_default:binder { call transfer };
|
||||
allow hal_mtdservice_default hal_mfidoca_default:fd *;
|
||||
|
||||
init_daemon_domain(hal_mtdservice_default)
|
||||
|
||||
hwbinder_use(hal_mtdservice_default)
|
||||
binder_call(hal_mtdservice_client, hal_mtdservice_server)
|
||||
binder_call(hal_mtdservice_server, hal_mtdservice_client)
|
||||
binder_call(hal_mtdservice_default, hal_mlipay_default)
|
||||
binder_call(hal_mtdservice_default, hal_mfidoca_default)
|
||||
|
||||
add_hwservice(hal_mtdservice_server, hal_mtdservice_hwservice)
|
||||
hal_server_domain(hal_mtdservice_default, hal_mtdservice)
|
||||
|
||||
allow hal_mtdservice_default hal_mtdservice_hwservice:hwservice_manager add;
|
||||
allow hal_mtdservice_default firmware_file:dir r_dir_perms;
|
||||
allow hal_mtdservice_default firmware_file:file r_file_perms;
|
||||
|
|
@ -43,13 +46,8 @@ allow hal_mtdservice_default system_server:binder transfer;
|
|||
allow hal_mtdservice_default block_device:dir r_dir_perms;
|
||||
allow hal_mtdservice_default vendor_dmabuf_qseecom_heap_device:chr_file { ioctl open read };
|
||||
allow hal_mtdservice_default vendor_dmabuf_qseecom_ta_heap_device:chr_file { ioctl open read };
|
||||
allow hal_mtdservice_default hal_tidaservice_default:binder transfer;
|
||||
allow hal_mtdservice_default hal_secure_element_default:binder transfer;
|
||||
type_transition hal_mtdservice mnt_vendor_file:dir vendor_persist_drm_file "fdsd";
|
||||
init_daemon_domain(hal_mtdservice_default)
|
||||
|
||||
get_prop(hal_mtdservice_default, vendor_system_prop)
|
||||
get_prop(hal_mtdservice_default, vendor_cpuid_prop)
|
||||
set_prop(hal_mtdservice_default, vendor_payment_security_prop)
|
||||
hwbinder_use(hal_mtdservice_default)
|
||||
hal_server_domain(hal_mtdservice_default, hal_mtdservice)
|
||||
add_hwservice(hal_mtdservice_server, hal_mtdservice_hwservice)
|
||||
|
|
|
|||
4
sepolicy/vendor/hal_nfc.te
vendored
4
sepolicy/vendor/hal_nfc.te
vendored
|
|
@ -1,4 +1,4 @@
|
|||
allow hal_nfc_default vendor_nfc_vendor_data_file:dir create_dir_perms;
|
||||
allow hal_nfc_default vendor_data_file:dir rw_dir_perms;
|
||||
allow hal_nfc_default vendor_data_file:file { create rw_file_perms };
|
||||
allow hal_nfc_default vendor_nfc_vendor_data_file:file create_file_perms;
|
||||
|
||||
get_prop(hal_nfc_default, vendor_nfc_mi_prop)
|
||||
|
|
|
|||
28
sepolicy/vendor/hal_quickcamera.te
vendored
28
sepolicy/vendor/hal_quickcamera.te
vendored
|
|
@ -1,27 +1,13 @@
|
|||
type hal_quickcamera_default, domain;
|
||||
type hal_quickcamera_default_exec, exec_type, file_type, vendor_file_type;
|
||||
type hal_quickcamera_hwservice, hwservice_manager_type;
|
||||
|
||||
hal_attribute(quickcamera)
|
||||
allow hal_quickcamera_client hal_quickcamera_server:binder { call transfer };
|
||||
allow hal_quickcamera_client hal_quickcamera_server:binder transfer;
|
||||
allow hal_quickcamera_client hal_quickcamera_server:fd *;
|
||||
allow hal_quickcamera_client hal_quickcamera_hwservice:hwservice_manager find;
|
||||
allow hal_quickcamera_server hal_quickcamera_client:binder transfer;
|
||||
allow hal_quickcamera_server hal_quickcamera_client:binder { call transfer };
|
||||
allow hal_quickcamera_server hal_quickcamera_client:fd *;
|
||||
allow hal_quickcamera_server hidl_base_hwservice:hwservice_manager add;
|
||||
allow hal_quickcamera_server hal_quickcamera_hwservice:hwservice_manager { add find };
|
||||
allow hal_quickcamera_default platform_app:binder transfer;
|
||||
allow hal_quickcamera_default platform_app:binder { call transfer };
|
||||
allow hal_quickcamera_default platform_app:fd *;
|
||||
allow hal_quickcamera_default system_app:binder transfer;
|
||||
allow hal_quickcamera_default system_app:binder { call transfer };
|
||||
allow hal_quickcamera_default system_app:fd *;
|
||||
allow hal_quickcamera platform_app:binder transfer;
|
||||
allow hal_quickcamera platform_app:binder { call transfer };
|
||||
allow hal_quickcamera platform_app:fd *;
|
||||
allow hal_quickcamera system_app:binder transfer;
|
||||
allow hal_quickcamera system_app:binder { call transfer };
|
||||
allow hal_quickcamera system_app:fd *;
|
||||
|
||||
init_daemon_domain(hal_quickcamera_default)
|
||||
hal_server_domain(hal_quickcamera_default, hal_quickcamera)
|
||||
|
||||
binder_call(hal_quickcamera_client, hal_quickcamera_server)
|
||||
binder_call(hal_quickcamera_server, hal_quickcamera_client)
|
||||
|
||||
add_hwservice(hal_quickcamera_server, hal_quickcamera_hwservice)
|
||||
|
|
|
|||
4
sepolicy/vendor/hal_secure_element.te
vendored
4
sepolicy/vendor/hal_secure_element.te
vendored
|
|
@ -1,3 +1,3 @@
|
|||
binder_call(hal_secure_element_default, hal_mtdservice_default)
|
||||
|
||||
allow hal_secure_element_default hal_mtdservice_hwservice:hwservice_manager find;
|
||||
allow hal_secure_element_default hal_mtdservice_default:binder { call transfer };
|
||||
allow hal_secure_element_default hal_mtdservice_default:fd *;
|
||||
|
|
|
|||
26
sepolicy/vendor/hal_sensorcommunicate.te
vendored
26
sepolicy/vendor/hal_sensorcommunicate.te
vendored
|
|
@ -1,26 +1,24 @@
|
|||
type vendor_hal_sensorcommunicate_default, domain;
|
||||
type vendor_hal_sensorcommunicate_default_exec, exec_type, file_type, vendor_file_type;
|
||||
type vendor_hal_sensorcommunicate_hwservice, hwservice_manager_type;
|
||||
|
||||
attribute vendor_hal_sensorcommunicate;
|
||||
attribute vendor_hal_sensorcommunicate_client;
|
||||
attribute vendor_hal_sensorcommunicate_server;
|
||||
allow vendor_hal_sensorcommunicate_client vendor_hal_sensorcommunicate_server:binder { call transfer };
|
||||
allow vendor_hal_sensorcommunicate_client vendor_hal_sensorcommunicate_server:binder transfer;
|
||||
allow vendor_hal_sensorcommunicate_client vendor_hal_sensorcommunicate_server:fd *;
|
||||
|
||||
init_daemon_domain(vendor_hal_sensorcommunicate_default)
|
||||
|
||||
hwbinder_use(vendor_hal_sensorcommunicate_default)
|
||||
binder_call(vendor_hal_sensorcommunicate_client, vendor_hal_sensorcommunicate_server)
|
||||
binder_call(vendor_hal_sensorcommunicate_server, vendor_hal_sensorcommunicate_client)
|
||||
|
||||
add_hwservice(vendor_hal_sensorcommunicate_server, vendor_hal_sensorcommunicate_hwservice)
|
||||
hal_server_domain(vendor_hal_sensorcommunicate_default, vendor_hal_sensorcommunicate)
|
||||
|
||||
allow vendor_hal_sensorcommunicate_client vendor_hal_sensorcommunicate_hwservice:hwservice_manager find;
|
||||
allow vendor_hal_sensorcommunicate_server vendor_hal_sensorcommunicate_client:binder transfer;
|
||||
allow vendor_hal_sensorcommunicate_server vendor_hal_sensorcommunicate_client:binder { call transfer };
|
||||
allow vendor_hal_sensorcommunicate_server vendor_hal_sensorcommunicate_client:fd *;
|
||||
allow vendor_hal_sensorcommunicate_default fwk_sensor_hwservice:hwservice_manager find;
|
||||
allow vendor_hal_sensorcommunicate_default vendor_hal_citsensorservice_xiaomi_hwservice:hwservice_manager find;
|
||||
allow vendor_hal_sensorcommunicate_default system_server:binder call;
|
||||
allow vendor_hal_sensorcommunicate_default system_server:binder transfer;
|
||||
allow vendor_hal_sensorcommunicate_default vendor_hal_citsensorservice_xiaomi_default:binder call;
|
||||
allow vendor_hal_sensorcommunicate_default vendor_hal_citsensorservice_xiaomi_default:binder transfer;
|
||||
allow vendor_hal_sensorcommunicate_default mnt_vendor_file:dir search;
|
||||
allow vendor_hal_sensorcommunicate_default vendor_persist_sensors_file:dir search;
|
||||
allow vendor_hal_sensorcommunicate_default vendor_persist_sensors_file:file { getattr open read };
|
||||
init_daemon_domain(vendor_hal_sensorcommunicate_default)
|
||||
hwbinder_use(vendor_hal_sensorcommunicate_default)
|
||||
hal_server_domain(vendor_hal_sensorcommunicate_default, vendor_hal_sensorcommunicate)
|
||||
add_hwservice(vendor_hal_sensorcommunicate_server, vendor_hal_sensorcommunicate_hwservice)
|
||||
|
||||
|
|
|
|||
4
sepolicy/vendor/hal_sensors.te
vendored
4
sepolicy/vendor/hal_sensors.te
vendored
|
|
@ -4,5 +4,5 @@ allow hal_sensors_default sound_device:chr_file rw_file_perms;
|
|||
allow hal_sensors_default vendor_sysfs_graphics:dir r_dir_perms;
|
||||
allow hal_sensors_default vendor_sysfs_graphics:file r_file_perms;
|
||||
allow hal_sensors_default stmvl53l5_device:chr_file { ioctl open read write };
|
||||
|
||||
allow hal_sensors_default sysfs_tp_fodstatus:file r_file_perms;
|
||||
allow hal_sensors_default sysfs_tp_fodstatus:file r_file_perms;
|
||||
allow hal_sensors_default sysfs_tp_virtual_prox:file rw_file_perms;
|
||||
|
|
|
|||
21
sepolicy/vendor/hal_slaservice.te
vendored
21
sepolicy/vendor/hal_slaservice.te
vendored
|
|
@ -1,17 +1,22 @@
|
|||
type hal_slaservice_qti, domain;
|
||||
type hal_slaservice_qti_exec, exec_type, file_type, vendor_file_type;
|
||||
type hal_slaservice_hwservice, hwservice_manager_type;
|
||||
|
||||
hal_attribute(slaservice)
|
||||
allow hal_slaservice_qti vendor_slad_prop:file read;
|
||||
allow hal_slaservice_qti socket_device:sock_file write;
|
||||
allow hal_slaservice_client hal_slaservice_server:binder { call transfer };
|
||||
allow hal_slaservice_client hal_slaservice_server:fd *;
|
||||
allow hal_slaservice_client hal_slaservice_hwservice:hwservice_manager find;
|
||||
allow hal_slaservice_server hal_slaservice_client:binder transfer;
|
||||
|
||||
init_daemon_domain(hal_slaservice_qti)
|
||||
|
||||
add_hwservice(hal_slaservice_server, hal_slaservice_hwservice)
|
||||
hal_server_domain(hal_slaservice_qti, hal_slaservice)
|
||||
|
||||
binder_call(hal_slaservice_client, hal_slaservice_server)
|
||||
|
||||
allow hal_slaservice_qti socket_device:sock_file write;
|
||||
allow hal_slaservice_client hal_slaservice_hwservice:hwservice_manager find;
|
||||
|
||||
unix_socket_connect(hal_slaservice_qti, property, slad)
|
||||
unix_socket_connect(hal_slaservice_qti, slad, init)
|
||||
unix_socket_connect(hal_slaservice_qti, slad, slad)
|
||||
|
||||
set_prop(hal_slaservice_qti, vendor_slad_prop)
|
||||
set_prop(hal_slaservice_qti, vendor_slad_prop)
|
||||
hal_server_domain(hal_slaservice_qti, hal_slaservice)
|
||||
add_hwservice(hal_slaservice_server, hal_slaservice_hwservice)
|
||||
|
|
|
|||
29
sepolicy/vendor/hal_tidaservice.te
vendored
29
sepolicy/vendor/hal_tidaservice.te
vendored
|
|
@ -1,34 +1,31 @@
|
|||
type hal_tidaservice_default, domain;
|
||||
type hal_tidaservice_default_exec, exec_type, file_type, vendor_file_type;
|
||||
type hal_tidaservice_hwservice, hwservice_manager_type;
|
||||
|
||||
hal_attribute(tidaservice)
|
||||
allow hal_tidaservice_client hal_tidaservice_server:binder { call transfer };
|
||||
allow hal_tidaservice_client hal_tidaservice_server:binder transfer;
|
||||
allow hal_tidaservice_client hal_tidaservice_server:fd *;
|
||||
|
||||
init_daemon_domain(hal_tidaservice_default)
|
||||
|
||||
hwbinder_use(hal_tidaservice_default)
|
||||
binder_call(hal_tidaservice_client, hal_tidaservice_server)
|
||||
binder_call(hal_tidaservice_server, hal_tidaservice_client)
|
||||
binder_call(hal_tidaservice_default, hal_mtdservice_default)
|
||||
|
||||
add_hwservice(hal_tidaservice_server, hal_tidaservice_hwservice)
|
||||
hal_server_domain(hal_tidaservice_default, hal_tidaservice)
|
||||
|
||||
allow hal_tidaservice_client hal_tidaservice_hwservice:hwservice_manager find;
|
||||
allow hal_tidaservice_server hal_tidaservice_client:binder transfer;
|
||||
allow hal_tidaservice_server hal_tidaservice_client:binder { call transfer };
|
||||
allow hal_tidaservice_server hal_tidaservice_client:fd *;
|
||||
allow hal_tidaservice_default hal_mtdservice_default:binder { call transfer };
|
||||
allow hal_tidaservice_default hal_mtdservice_default:fd *;
|
||||
allow hal_tidaservice_default tee_device:chr_file rw_file_perms;
|
||||
allow hal_tidaservice_default firmware_file:dir r_dir_perms;
|
||||
allow hal_tidaservice_default firmware_file:file r_file_perms;
|
||||
allow hal_tidaservice_default ion_device:chr_file rw_file_perms;
|
||||
allow hal_tidaservice_default rootfs:lnk_file r_file_perms;
|
||||
allow hal_tidaservice_default hal_mtdservice_hwservice:hwservice_manager find;
|
||||
allow hal_tidaservice_default platform_app:binder transfer;
|
||||
allow hal_tidaservice_default vendor_hal_tui_comm_hwservice:hwservice_manager find;
|
||||
allow hal_tidaservice_default vendor_hal_tui_comm_hwservice:binder { call transfer };
|
||||
allow hal_tidaservice_default vendor_hal_tui_comm_qti:binder { call transfer };
|
||||
allow hal_tidaservice_default sysfs:dir { open read };
|
||||
allow hal_tidaservice_default sysfs:file { open read write };
|
||||
allow hal_tidaservice_default vendor_dmabuf_qseecom_heap_device:chr_file { ioctl open read };
|
||||
allow hal_tidaservice_default vendor_dmabuf_qseecom_ta_heap_device:chr_file { ioctl open read };
|
||||
init_daemon_domain(hal_tidaservice_default)
|
||||
|
||||
get_prop(hal_tidaservice_default, vendor_fp_prop)
|
||||
get_prop(hal_tidaservice_default, vendor_system_prop)
|
||||
get_prop(hal_tidaservice_default, vendor_payment_security_prop)
|
||||
hwbinder_use(hal_tidaservice_default)
|
||||
hal_server_domain(hal_tidaservice_default, hal_tidaservice)
|
||||
add_hwservice(hal_tidaservice_server, hal_tidaservice_hwservice)
|
||||
|
|
|
|||
30
sepolicy/vendor/hwservice_contexts
vendored
30
sepolicy/vendor/hwservice_contexts
vendored
|
|
@ -1,12 +1,20 @@
|
|||
vendor.xiaomi.hardware.campostproc::IMiPostProcService u:object_r:vendor_hal_camerapostproc_xiaomi_hwservice:s0
|
||||
vendor.qti.sla.service::ISlaService u:object_r:hal_slaservice_hwservice:s0
|
||||
vendor.xiaomi.sensor.citsensorservice::ICitSensorService u:object_r:vendor_hal_citsensorservice_xiaomi_hwservice:s0
|
||||
vendor.xiaomi.sensor.communicate::ISensorCommunicate u:object_r:vendor_hal_sensorcommunicate_hwservice:s0
|
||||
vendor.xiaomi.hardware.quickcamera::IQuickCameraService u:object_r:hal_quickcamera_hwservice:s0
|
||||
# Camera
|
||||
vendor.xiaomi.hardware.bgservice::IBGService u:object_r:vendor_hal_camerapostproc_xiaomi_hwservice:s0
|
||||
vendor.xiaomi.hardware.campostproc::IMiPostProcService u:object_r:vendor_hal_camerapostproc_xiaomi_hwservice:s0
|
||||
vendor.xiaomi.hardware.quickcamera::IQuickCameraService u:object_r:hal_quickcamera_hwservice:s0
|
||||
|
||||
vendor.xiaomi.hardware.mfidoca::IFidoService u:object_r:hal_mfidoca_hwservice:s0
|
||||
vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0
|
||||
vendor.xiaomi.hardware.mtdservice::IMTService u:object_r:hal_mtdservice_hwservice:s0
|
||||
vendor.xiaomi.hardware.tidaservice::ITidaService u:object_r:hal_tidaservice_hwservice:s0
|
||||
vendor.xiaomi.hardware.bgservice::IBGService u:object_r:vendor_hal_camerapostproc_xiaomi_hwservice:s0
|
||||
vendor.xiaomi.hardware.fx.tunnel::IMiFxTunnel u:object_r:vendor_hal_fingerprint_hwservice_xiaomi:s0
|
||||
# Fingerprint
|
||||
vendor.xiaomi.hardware.fx.tunnel::IMiFxTunnel u:object_r:vendor_hal_fingerprint_hwservice_xiaomi:s0
|
||||
|
||||
# SLA
|
||||
vendor.qti.sla.service::ISlaService u:object_r:hal_slaservice_hwservice:s0
|
||||
|
||||
# Sensors
|
||||
vendor.xiaomi.sensor.citsensorservice::ICitSensorService u:object_r:vendor_hal_citsensorservice_xiaomi_hwservice:s0
|
||||
vendor.xiaomi.sensor.communicate::ISensorCommunicate u:object_r:vendor_hal_sensorcommunicate_hwservice:s0
|
||||
|
||||
# Mlipay
|
||||
vendor.xiaomi.hardware.mfidoca::IFidoService u:object_r:hal_mfidoca_hwservice:s0
|
||||
vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0
|
||||
vendor.xiaomi.hardware.mtdservice::IMTService u:object_r:hal_mtdservice_hwservice:s0
|
||||
vendor.xiaomi.hardware.tidaservice::ITidaService u:object_r:hal_tidaservice_hwservice:s0
|
||||
|
|
|
|||
3
sepolicy/vendor/init.te
vendored
3
sepolicy/vendor/init.te
vendored
|
|
@ -1,6 +1,6 @@
|
|||
allow init ddr_training_exec:file { execute getattr open read };
|
||||
allow init slad_exec:file { getattr open read };
|
||||
allow init sla_data_file:file rw_file_perms;
|
||||
|
||||
set_prop(vendor_init, vendor_fp_prop)
|
||||
set_prop(vendor_init, vendor_fp_info_prop)
|
||||
set_prop(vendor_init, vendor_thermal_normal_prop)
|
||||
|
|
@ -8,4 +8,3 @@ set_prop(vendor_init, vendor_nfc_mi_prop)
|
|||
set_prop(vendor_init, vendor_ssr_prop)
|
||||
set_prop(vendor_init, vendor_edgnss_qxwz_downloadak_prop)
|
||||
set_prop(vendor_init, vendor_qcc_prop)
|
||||
allow vendor_init cgroup:file getattr;
|
||||
|
|
|
|||
7
sepolicy/vendor/mi_thermald.te
vendored
7
sepolicy/vendor/mi_thermald.te
vendored
|
|
@ -1,5 +1,8 @@
|
|||
type mi_thermald, domain, mlstrustedsubject;
|
||||
type mi_thermald_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(mi_thermald)
|
||||
|
||||
allow mi_thermald sysfs_devices_system_cpu:file rw_file_perms;
|
||||
allow mi_thermald self:capability { fsetid sys_boot };
|
||||
allow mi_thermald sysfs_thermal:file w_file_perms;
|
||||
|
|
@ -22,9 +25,9 @@ allow mi_thermald vendor_data_file:dir { add_name read remove_name watch write }
|
|||
allow mi_thermald vendor_data_file:file { create getattr open read rename setattr unlink write };
|
||||
allow mi_thermald sys_thermal_wifi_limit:file { open read write };
|
||||
allow mi_thermald sys_thermal_wifi_limit:file rw_file_perms;
|
||||
init_daemon_domain(mi_thermald)
|
||||
|
||||
r_dir_file(mi_thermald, sysfs_thermal)
|
||||
r_dir_file(mi_thermald, sysfs)
|
||||
r_dir_file(mi_thermald, sysfs_leds)
|
||||
r_dir_file(mi_thermald, vendor_sysfs_qcom_battery)
|
||||
|
||||
set_prop(mi_thermald, vendor_thermal_normal_prop)
|
||||
|
|
|
|||
3
sepolicy/vendor/property.te
vendored
3
sepolicy/vendor/property.te
vendored
|
|
@ -2,9 +2,6 @@
|
|||
vendor_public_prop(vendor_camera_p3enable_prop)
|
||||
vendor_public_prop(vendor_camera_sensor_prop)
|
||||
|
||||
# DDR
|
||||
vendor_public_prop(vendor_ddr_prop)
|
||||
|
||||
# Device ID
|
||||
vendor_public_prop(vendor_deviceid_prop)
|
||||
vendor_public_prop(vendor_sno_prop)
|
||||
|
|
|
|||
2
sepolicy/vendor/qrtr.te
vendored
2
sepolicy/vendor/qrtr.te
vendored
|
|
@ -1,2 +0,0 @@
|
|||
allow vendor_qrtr vendor_data_file:dir create_dir_perms;
|
||||
allow vendor_qrtr vendor_data_file:file create_file_perms;
|
||||
4
sepolicy/vendor/rild.te
vendored
4
sepolicy/vendor/rild.te
vendored
|
|
@ -2,8 +2,6 @@ allow rild vendor_radio_smd_device:file { open read write };
|
|||
allow rild vendor_radio_smd_device:chr_file { open read write };
|
||||
allow rild vendor_modem_data_file:dir create_dir_perms;
|
||||
allow rild vendor_modem_data_file:file create_file_perms;
|
||||
|
||||
set_prop(rild, vendor_deviceid_prop)
|
||||
set_prop(rild, vendor_sno_prop)
|
||||
#set_prop(rild, default_prop)
|
||||
allow rild vendor_data_file:dir create_dir_perms;
|
||||
allow rild vendor_data_file:file create_file_perms;
|
||||
|
|
|
|||
5
sepolicy/vendor/slad.te
vendored
5
sepolicy/vendor/slad.te
vendored
|
|
@ -1,6 +1,7 @@
|
|||
type slad, domain;
|
||||
type slad_exec, exec_type, file_type, vendor_file_type;
|
||||
type qti_proc_sla, proc_type;
|
||||
|
||||
allow slad slad_socket:sock_file { getattr read write };
|
||||
allow slad slad_socket:sock_file unlink;
|
||||
allow slad slad:netlink_socket { bind create read write };
|
||||
|
|
@ -22,8 +23,11 @@ allow slad socket_device:sock_file { create setattr unlink };
|
|||
allow slad qti_proc_sla:dir search;
|
||||
allow slad qti_proc_sla:file { map open read write };
|
||||
allow slad vendor_shell_exec:file execute_no_trans;
|
||||
|
||||
dontaudit slad self:capability dac_read_search;
|
||||
|
||||
init_daemon_domain(slad)
|
||||
|
||||
unix_socket_connect(slad, dnsproxyd, slad)
|
||||
unix_socket_connect(slad, dnsproxyd, netd)
|
||||
unix_socket_connect(slad, dnsproxyd, init)
|
||||
|
|
@ -32,5 +36,6 @@ unix_socket_connect(slad, fwmarkd, netd)
|
|||
unix_socket_connect(slad, fwmarkd, init)
|
||||
unix_socket_connect(slad, property, slad)
|
||||
unix_socket_connect(slad, property, netd)
|
||||
|
||||
set_prop(slad, vendor_slad_prop)
|
||||
net_domain(slad)
|
||||
|
|
|
|||
1
sepolicy/vendor/surfaceflinger.te
vendored
1
sepolicy/vendor/surfaceflinger.te
vendored
|
|
@ -1 +0,0 @@
|
|||
allow surfaceflinger vendor_sysfs_graphics:dir { open read search };
|
||||
3
sepolicy/vendor/tee.te
vendored
3
sepolicy/vendor/tee.te
vendored
|
|
@ -1,3 +1,2 @@
|
|||
allow tee vendor_fingerprint_data_file:dir rw_dir_perms;
|
||||
allow tee vendor_fingerprint_data_file:file rw_file_perms;
|
||||
allow tee vendor_fingerprint_data_file:dir create_dir_perms;
|
||||
allow tee vendor_fingerprint_data_file:file create_file_perms;
|
||||
|
|
|
|||
10
sepolicy/vendor/vendor_qti_init_shell.te
vendored
10
sepolicy/vendor/vendor_qti_init_shell.te
vendored
|
|
@ -1,11 +1,3 @@
|
|||
allow vendor_qti_init_shell configfs:dir { add_name create write };
|
||||
# NECESSARY?
|
||||
allow vendor_qti_init_shell configfs:dir setattr;
|
||||
# END
|
||||
allow vendor_qti_init_shell sysfs_dm:file rw_file_perms;
|
||||
allow vendor_qti_init_shell sysfs_dm:dir r_dir_perms;
|
||||
allow vendor_qti_init_shell vendor_sysfs_msm_perf:file w_file_perms;
|
||||
allow vendor_qti_init_shell vendor_sysfs_qdss_dev:file { setattr write };
|
||||
set_prop(vendor_qti_init_shell, vendor_panel_info_prop)
|
||||
|
||||
#get_prop(vendor_qti_init_shell, default_prop)
|
||||
set_prop(vendor_qti_init_shell, vendor_panel_info_prop)
|
||||
|
|
|
|||
16
sepolicy/vendor/wcnss_service.te
vendored
16
sepolicy/vendor/wcnss_service.te
vendored
|
|
@ -1,16 +1,6 @@
|
|||
#allow vendor_wcnss_service self:netlink_generic_socket ioctl;
|
||||
allow vendor_wcnss_service self:capability { net_raw setgid setuid };
|
||||
#allow vendor_wcnss_service self:packet_socket { bind create getopt ioctl map read setopt };
|
||||
allow vendor_wcnss_service self:packet_socket write;
|
||||
allow vendor_wcnss_service sysfs_net:file read;
|
||||
allow vendor_wcnss_service vendor_mac_vendor_data_file:dir { add_name open read search setattr write };
|
||||
allow vendor_wcnss_service vendor_mac_vendor_data_file:dir rw_dir_perms;
|
||||
allow vendor_wcnss_service vendor_mac_vendor_data_file:file { create getattr open read setattr write };
|
||||
allow vendor_wcnss_service mnt_vendor_file:dir { add_name create read search write };
|
||||
allow vendor_wcnss_service mnt_vendor_file:file { create open read setattr write };
|
||||
#allow vendor_wcnss_service vendor_diag_device:chr_file { create ioctl open read write };
|
||||
allow vendor_wcnss_service vendor_sysfs_diag:dir search;
|
||||
allow vendor_wcnss_service vendor_sysfs_diag:file { open read };
|
||||
allow vendor_wcnss_service vendor_wifi_vendor_log_data_file:dir { add_name getattr open read remove_name search setattr write };
|
||||
allow vendor_wcnss_service vendor_wifi_vendor_log_data_file:file { append create getattr open read rename setattr unlink write };
|
||||
allow vendor_wcnss_service vendor_proc_wifi_dbg:file { create getattr open read setattr write };
|
||||
allow vendor_wcnss_service mnt_vendor_file:dir search;
|
||||
allow vendor_wcnss_service vendor_mac_vendor_data_file:dir create_dir_perms;
|
||||
allow vendor_wcnss_service vendor_mac_vendor_data_file:file create_file_perms;
|
||||
|
|
|
|||
Loading…
Reference in a new issue