sm8450-common: Initial sepolicy
Change-Id: Ia21793576649e8518e79e4680e0b79b6a9331720
This commit is contained in:
Arian
parent
fc509ec345
commit
37eea61587
52 changed files with 1087 additions and 0 deletions
|
|
@ -108,6 +108,10 @@ ENABLE_VENDOR_RIL_SERVICE := true
|
||||||
# Sepolicy
|
# Sepolicy
|
||||||
include device/qcom/sepolicy_vndr/SEPolicy.mk
|
include device/qcom/sepolicy_vndr/SEPolicy.mk
|
||||||
|
|
||||||
|
SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/private
|
||||||
|
SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/public
|
||||||
|
BOARD_VENDOR_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor
|
||||||
|
|
||||||
# VINTF
|
# VINTF
|
||||||
DEVICE_MATRIX_FILE := $(COMMON_PATH)/vintf/compatibility_matrix.xml
|
DEVICE_MATRIX_FILE := $(COMMON_PATH)/vintf/compatibility_matrix.xml
|
||||||
|
|
||||||
|
|
|
||||||
5
sepolicy/public/property_contexts
Normal file
5
sepolicy/public/property_contexts
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
# MIUI
|
||||||
|
ro.miui. u:object_r:exported_system_prop:s0
|
||||||
|
ro.product.mod_device u:object_r:exported_default_prop:s0 exact string
|
||||||
|
ro.cust.test u:object_r:exported_system_prop:s0
|
||||||
|
ro.carrier u:object_r:exported_default_prop:s0 exact string
|
||||||
1
sepolicy/vendor/agmservice_qti.te
vendored
Normal file
1
sepolicy/vendor/agmservice_qti.te
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
allow vendor_agmservice_qti debugfs:dir r_dir_perms;
|
||||||
2
sepolicy/vendor/audioadsprpcd.te
vendored
Normal file
2
sepolicy/vendor/audioadsprpcd.te
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
allow vendor_audioadsprpcd vendor_audio_data_file:dir search;
|
||||||
|
allow vendor_audioadsprpcd vendor_audio_data_file:file { append create getattr open read setattr write };
|
||||||
8
sepolicy/vendor/audioserver.te
vendored
Normal file
8
sepolicy/vendor/audioserver.te
vendored
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
allow audioserver system_server:dir search;
|
||||||
|
allow audioserver mediaserver:dir search;
|
||||||
|
allow audioserver mediaserver:file { open read };
|
||||||
|
allow audioserver system_app:dir search;
|
||||||
|
allow audioserver hal_audio_default:process signal;
|
||||||
|
allow audioserver sound_device:chr_file rw_file_perms;
|
||||||
|
get_prop(audioserver, bootanim_system_prop)
|
||||||
|
set_prop(audioserver, audio_prop)
|
||||||
35
sepolicy/vendor/batterysecret.te
vendored
Normal file
35
sepolicy/vendor/batterysecret.te
vendored
Normal file
|
|
@ -0,0 +1,35 @@
|
||||||
|
allow batterysecret rootfs:dir write;
|
||||||
|
allow batterysecret self:capability sys_tty_config;
|
||||||
|
allow batterysecret self:capability sys_boot;
|
||||||
|
allow batterysecret self:capability { chown fsetid };
|
||||||
|
allow batterysecret self:netlink_kobject_uevent_socket { bind create read setopt };
|
||||||
|
allow batterysecret self:capability2 block_suspend;
|
||||||
|
allow batterysecret self:cap2_userns block_suspend;
|
||||||
|
allow batterysecret sysfs_wake_lock:file rw_file_perms;
|
||||||
|
allow batterysecret vendor_sysfs_battery_supply:file rw_file_perms;
|
||||||
|
allow batterysecret vendor_sysfs_battery_supply:dir r_dir_perms;
|
||||||
|
allow batterysecret vendor_sysfs_qcom_battery:file rw_file_perms;
|
||||||
|
allow batterysecret vendor_sysfs_qcom_battery:file write;
|
||||||
|
allow batterysecret vendor_sysfs_qcom_battery:file { open read write };
|
||||||
|
allow batterysecret vendor_sysfs_qcom_battery:dir r_dir_perms;
|
||||||
|
allow batterysecret system_suspend_server:binder { call transfer };
|
||||||
|
allow batterysecret system_suspend_server:fd *;
|
||||||
|
allow batterysecret system_suspend_hwservice:hwservice_manager find;
|
||||||
|
allow batterysecret hidl_manager_hwservice:hwservice_manager find;
|
||||||
|
allow batterysecret sysfs:file write;
|
||||||
|
allow batterysecret sysfs_usb:file w_file_perms;
|
||||||
|
allow batterysecret vendor_sysfs_usb_supply:file write;
|
||||||
|
allow batterysecret sysfs_batteryinfo:file r_file_perms;
|
||||||
|
allow batterysecret kmsg_device:chr_file rw_file_perms;
|
||||||
|
allow batterysecret mnt_vendor_file:dir rw_dir_perms;
|
||||||
|
init_daemon_domain(batterysecret)
|
||||||
|
r_dir_file(batterysecret, sysfs_type)
|
||||||
|
r_dir_file(batterysecret, rootfs)
|
||||||
|
r_dir_file(batterysecret, cgroup)
|
||||||
|
r_dir_file(batterysecret, vendor_sysfs_usb_supply)
|
||||||
|
get_prop(batterysecret, hwservicemanager_prop)
|
||||||
|
get_prop(batterysecret, vendor_default_prop)
|
||||||
|
set_prop(batterysecret, vendor_system_prop)
|
||||||
|
hwbinder_use(batterysecret)
|
||||||
|
type batterysecret, domain;
|
||||||
|
type batterysecret_exec, exec_type, vendor_file_type, file_type;
|
||||||
27
sepolicy/vendor/bluetooth.te
vendored
Normal file
27
sepolicy/vendor/bluetooth.te
vendored
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
allow bluetooth hal_audio:binder { call transfer };
|
||||||
|
allow bluetooth hal_audio:fd *;
|
||||||
|
allow bluetooth sysfs_bluetooth_writable:file w_file_perms;
|
||||||
|
allow bluetooth media_rw_data_file:dir create_dir_perms;
|
||||||
|
allow bluetooth media_rw_data_file:file create_file_perms;
|
||||||
|
allow bluetooth serial_device:chr_file rw_file_perms;
|
||||||
|
allow bluetooth uhid_device:chr_file rw_file_perms;
|
||||||
|
allow bluetooth vendor_bt_device:chr_file rw_file_perms;
|
||||||
|
allow bluetooth vendor_smd_device:chr_file rw_file_perms;
|
||||||
|
allow bluetooth vendor_hal_iop_hwservice:hwservice_manager find;
|
||||||
|
allow bluetooth vendor_default_prop:file { getattr map };
|
||||||
|
allow bluetooth vendor_bt_data_file:dir search;
|
||||||
|
allow bluetooth vendor_bt_data_file:file { getattr open read };
|
||||||
|
allow bluetooth system_app_data_file:dir getattr;
|
||||||
|
allow bluetooth system_app_data_file:file { getattr open read };
|
||||||
|
allow bluetooth self:socket { create getopt read write };
|
||||||
|
#allow bluetooth self:socket ioctl;
|
||||||
|
allow bluetooth servicemanager:fd *;
|
||||||
|
allow bluetooth system_app:binder { call transfer };
|
||||||
|
allow bluetooth system_app:fd *;
|
||||||
|
allow bluetooth vendor_dun_service:service_manager find;
|
||||||
|
allow bluetooth hal_audio_hwservice:hwservice_manager find;
|
||||||
|
#allowxperm bluetooth self:ioctl socket ((range 0xc300 0xc305));
|
||||||
|
dontaudit bluetooth netd_service:service_manager find;
|
||||||
|
get_prop(bluetooth, vendor_display_prop)
|
||||||
|
get_prop(bluetooth, vendor_audio_prop)
|
||||||
|
binder_use(bluetooth)
|
||||||
2
sepolicy/vendor/bootanim.te
vendored
Normal file
2
sepolicy/vendor/bootanim.te
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
allow bootanim vendor_audio_prop:file read;
|
||||||
|
allow bootanim vendor_proc_audiod:file read;
|
||||||
8
sepolicy/vendor/ddr_training.te
vendored
Normal file
8
sepolicy/vendor/ddr_training.te
vendored
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
allow ddr_training ddr_training_exec:file { entrypoint execute getattr open read };
|
||||||
|
allow ddr_training vendor_toolbox_exec:file { entrypoint execute execute_no_trans getattr open read };
|
||||||
|
allow ddr_training block_device:dir r_dir_perms;
|
||||||
|
allow ddr_training ddr_partition:blk_file rw_file_perms;
|
||||||
|
init_daemon_domain(ddr_training)
|
||||||
|
unix_socket_connect(ddr_training, property, init)
|
||||||
|
type ddr_training, domain;
|
||||||
|
type ddr_training_exec, exec_type, file_type, vendor_file_type;
|
||||||
9
sepolicy/vendor/device.te
vendored
Normal file
9
sepolicy/vendor/device.te
vendored
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
type vendor_displayfeature_device, dev_type;
|
||||||
|
type sound_device, dev_type, mlstrustedobject;
|
||||||
|
type stmvl53l5_device, dev_type;
|
||||||
|
type vendor_fingerprint_device, dev_type;
|
||||||
|
type touchfeature_device, dev_type;
|
||||||
|
type vendor_radio_smd_device, dev_type;
|
||||||
|
type ir_spi_device, dev_type;
|
||||||
|
type ddr_partition, dev_type;
|
||||||
|
type minidump_data_file, data_file_type, file_type;
|
||||||
41
sepolicy/vendor/file.te
vendored
Normal file
41
sepolicy/vendor/file.te
vendored
Normal file
|
|
@ -0,0 +1,41 @@
|
||||||
|
# Audio
|
||||||
|
type sysfs_f0_value, fs_type, sysfs_type;
|
||||||
|
type audio_socket, file_type;
|
||||||
|
|
||||||
|
# Battery
|
||||||
|
type vendor_sysfs_qcom_battery, fs_type, sysfs_type;
|
||||||
|
|
||||||
|
# Camera
|
||||||
|
type camera_persist_file, file_type, mlstrustedobject, vendor_persist_type;
|
||||||
|
|
||||||
|
# Diag
|
||||||
|
type vendor_modem_data_file, data_file_type, file_type;
|
||||||
|
|
||||||
|
# Display
|
||||||
|
type vendor_sysfs_displayfeature, fs_type, sysfs_type;
|
||||||
|
|
||||||
|
# Fingerprint
|
||||||
|
type vendor_fingerprint_data_file, data_file_type, file_type;
|
||||||
|
type vendor_fingerprint_data_file_fpdump, data_file_type, file_type;
|
||||||
|
|
||||||
|
# GNSS
|
||||||
|
type qx_oss_vendor_data_file, data_file_type, file_type;
|
||||||
|
type vendor_ins_vendor_data_file, data_file_type, file_type;
|
||||||
|
|
||||||
|
# Mac Address
|
||||||
|
type vendor_mac_vendor_data_file, data_file_type, file_type, mlstrustedobject;
|
||||||
|
|
||||||
|
# Mlipay
|
||||||
|
type ta_data_file, data_file_type, file_type;
|
||||||
|
|
||||||
|
# SLA
|
||||||
|
type sla_data_file, data_file_type, file_type;
|
||||||
|
type slad_socket, file_type;
|
||||||
|
|
||||||
|
# Thermal
|
||||||
|
type sys_thermal_wifi_limit, fs_type, sysfs_type;
|
||||||
|
type sys_thermal_flash_state, fs_type, sysfs_type;
|
||||||
|
type thermal_data_file, data_file_type, file_type;
|
||||||
|
|
||||||
|
# Touchfeature
|
||||||
|
type sysfs_tp_fodstatus, fs_type, sysfs_type;
|
||||||
97
sepolicy/vendor/file_contexts
vendored
Normal file
97
sepolicy/vendor/file_contexts
vendored
Normal file
|
|
@ -0,0 +1,97 @@
|
||||||
|
# Audio
|
||||||
|
/dev/socket/audio_hw_socket u:object_r:audio_socket:s0
|
||||||
|
/dev/socket/audio_us_socket_0 u:object_r:audio_socket:s0
|
||||||
|
/dev/socket/audio_us_socket_1 u:object_r:audio_socket:s0
|
||||||
|
/dev/xlog u:object_r:sound_device:s0
|
||||||
|
/sys/devices/platform/soc/[a-z0-9]+.i2c/i2c-+[0-9]/[0-9]+-00+[a-z0-9]+[a-z0-9]/f0_value u:object_r:sysfs_f0_value:s0
|
||||||
|
|
||||||
|
# Battery
|
||||||
|
/(vendor|system/vendor)/bin/batterysecret u:object_r:batterysecret_exec:s0
|
||||||
|
|
||||||
|
# Camera
|
||||||
|
/(vendor|system/vendor)/bin/hw/vendor.xiaomi.hardware.quickcamera@1.0-service u:object_r:hal_quickcamera_default_exec:s0
|
||||||
|
/mnt/vendor/persist/camera(/.*)? u:object_r:camera_persist_file:s0
|
||||||
|
#/vendor/bin/camera_cal u:object_r:DualCameraCal_exec:s0
|
||||||
|
|
||||||
|
# CIT
|
||||||
|
/(vendor|system/vendor)/bin/hw/vendor.xiaomi.sensor.citsensorservice@1.1-service u:object_r:vendor_hal_citsensorservice_xiaomi_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/vendor.xiaomi.sensor.citsensorservice@2.0-service u:object_r:vendor_hal_citsensorservice_xiaomi_default_exec:s0
|
||||||
|
|
||||||
|
# Diag
|
||||||
|
/data/vendor/modem(/.*)? u:object_r:vendor_modem_data_file:s0
|
||||||
|
|
||||||
|
# Display
|
||||||
|
/(vendor|system/vendor)/bin/displayfeature u:object_r:vendor_displayfeature_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/vendor\.xiaomi\.hardware\.displayfeature@1\.0-service u:object_r:vendor_hal_displayfeature_xiaomi_default_exec:s0
|
||||||
|
/dev/mi_display/disp_feature u:object_r:vendor_displayfeature_device:s0
|
||||||
|
/sys/devices/virtual/mi_display/disp_feature/disp-DSI-+[0-1](/.*)? u:object_r:vendor_sysfs_displayfeature:s0
|
||||||
|
|
||||||
|
# Dolby
|
||||||
|
/data/vendor/dolby(/.*)? u:object_r:vendor_data_file:s0
|
||||||
|
/vendor/bin/hw/dolbycodec2 u:object_r:vendorcodec_exec:s0
|
||||||
|
|
||||||
|
# Fingerprint
|
||||||
|
/data/vendor/fpc(/.*)? u:object_r:vendor_fingerprint_data_file:s0
|
||||||
|
/data/vendor/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0
|
||||||
|
/dev/goodix_fp u:object_r:vendor_fingerprint_device:s0
|
||||||
|
/mnt/vendor/persist/fpc(/.*)? u:object_r:vendor_fingerprint_data_file:s0
|
||||||
|
/mnt/vendor/persist/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.xiaomi u:object_r:hal_fingerprint_default_exec:s0
|
||||||
|
|
||||||
|
# GNSS
|
||||||
|
/data/vendor/ins(/.*)? u:object_r:vendor_ins_vendor_data_file:s0
|
||||||
|
/data/vendor/qxwz(/.*)? u:object_r:qx_oss_vendor_data_file:s0
|
||||||
|
/mnt/vendor/persist/qxwz u:object_r:qx_oss_vendor_data_file:s0
|
||||||
|
|
||||||
|
# IR
|
||||||
|
/dev/ir_spi u:object_r:ir_spi_device:s0
|
||||||
|
|
||||||
|
# Mac Address
|
||||||
|
/data/vendor/mac_addr(/.*)? u:object_r:vendor_mac_vendor_data_file:s0
|
||||||
|
/vendor/bin/nv_mac u:object_r:vendor_wcnss_service_exec:s0
|
||||||
|
|
||||||
|
# Mlipay
|
||||||
|
/(vendor|system/vendor)/bin/fidoca u:object_r:hal_mfidoca_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/mlipayd u:object_r:hal_mlipay_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/mlipayd@1.1 u:object_r:hal_mlipay_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/mtd u:object_r:hal_mtdservice_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/mtd@1.1 u:object_r:hal_mtdservice_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/mtd@1.2 u:object_r:hal_mtdservice_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/mtd@1.3 u:object_r:hal_mtdservice_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/tidad u:object_r:hal_tidaservice_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/tidad@1.1 u:object_r:hal_tidaservice_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/tidad@1.2 u:object_r:hal_tidaservice_default_exec:s0
|
||||||
|
/data/vendor/images(/.*)? u:object_r:ta_data_file:s0
|
||||||
|
/mnt/vendor/persist/fdsd(/.*)? u:object_r:vendor_persist_drm_file:s0
|
||||||
|
|
||||||
|
# Modem
|
||||||
|
/dev/smd8 u:object_r:vendor_radio_smd_device:s0
|
||||||
|
|
||||||
|
# QRTR
|
||||||
|
/(vendor|system/vendor)/bin/qrtr-lookup u:object_r:vendor_qrtr_exec:s0
|
||||||
|
|
||||||
|
# RIL
|
||||||
|
/data/vendor/diag(/.*)? u:object_r:minidump_data_file:s0
|
||||||
|
|
||||||
|
# Sensors
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@2.1-service\.xiaomi-multihal u:object_r:hal_sensors_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/vendor.xiaomi.sensor.communicate@1.0-service u:object_r:vendor_hal_sensorcommunicate_default_exec:s0
|
||||||
|
/dev/stmvl53l5 u:object_r:stmvl53l5_device:s0
|
||||||
|
|
||||||
|
# SLA
|
||||||
|
/(vendor|system/vendor)/bin/hw/vendor\.qti\.sla\.service\@1\.0-service u:object_r:hal_slaservice_qti_exec:s0
|
||||||
|
/data/vendor/sla(/.*)? u:object_r:sla_data_file:s0
|
||||||
|
/dev/socket/slad u:object_r:slad_socket:s0
|
||||||
|
|
||||||
|
# Thermal
|
||||||
|
/(vendor|system/vendor)/bin/mi_thermald u:object_r:mi_thermald_exec:s0
|
||||||
|
/data/vendor/thermal(/.*)? u:object_r:thermal_data_file:s0
|
||||||
|
/sys/class/thermal/thermal_message/flash_state u:object_r:sys_thermal_flash_state:s0
|
||||||
|
/sys/class/thermal/thermal_message/wifi_limit u:object_r:sys_thermal_wifi_limit:s0
|
||||||
|
/sys/class/thermal/thermal_zone87/temp u:object_r:sysfs_thermal:s0
|
||||||
|
/sys/devices/virtual/thermal/thermal_message/flash_state u:object_r:sys_thermal_flash_state:s0
|
||||||
|
/sys/devices/virtual/thermal/thermal_message/wifi_limit u:object_r:sys_thermal_wifi_limit:s0
|
||||||
|
|
||||||
|
# Touchfeature
|
||||||
|
/dev/xiaomi-touch u:object_r:touchfeature_device:s0
|
||||||
|
/sys/devices/virtual/touch/tp_dev/fod_status u:object_r:sysfs_tp_fodstatus:s0
|
||||||
15
sepolicy/vendor/genfs_contexts
vendored
Normal file
15
sepolicy/vendor/genfs_contexts
vendored
Normal file
|
|
@ -0,0 +1,15 @@
|
||||||
|
# Extcon
|
||||||
|
genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/extcon u:object_r:sysfs_extcon:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon u:object_r:sysfs_extcon:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/soc:spf_core_platform/soc:spf_core_platform:lpass-cdc/wcd938x-codec/extcon u:object_r:sysfs_extcon:s0
|
||||||
|
|
||||||
|
# Suspend
|
||||||
|
genfscon sysfs /devices/platform/soc/3000000.remoteproc-adsp/remoteproc/remoteproc2/3000000.remoteproc-adsp:glink-edge/3000000.remoteproc-adsp:glink-edge.adsp_apps.-1.-1/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/884000.i2c/i2c-3/3-005a/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/990000.spi/spi_master/spi0/spi0.0/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/c42d000.qcom,spmi/spmi-0/0-00/c42d000.qcom,spmi:qcom,pmk8350@0:pon_hlos@1300/c42d000.qcom,spmi:qcom,pmk8350@0:pon_hlos@1300:pwrkey-bark/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/c42d000.qcom,spmi/spmi-0/0-00/c42d000.qcom,spmi:qcom,pmk8350@0:pon_hlos@1300/c42d000.qcom,spmi:qcom,pmk8350@0:pon_hlos@1300:pwrkey-resin-bark/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/soc:fingerprint_goodix/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
|
||||||
|
# Touchfeature
|
||||||
|
genfscon sysfs /devices/virtual/touch/touch_dev/fod_press_status u:object_r:sysfs_tp_fodstatus:s0
|
||||||
12
sepolicy/vendor/hal_audio.te
vendored
Normal file
12
sepolicy/vendor/hal_audio.te
vendored
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
hal_attribute(dms)
|
||||||
|
allow hal_audio_default vendor_persist_audio_file:file rw_file_perms;
|
||||||
|
allow hal_audio_default mnt_vendor_file:dir r_dir_perms;
|
||||||
|
allow hal_audio_default vendor_audio_prop:property_service set;
|
||||||
|
allow hal_audio_default audio_socket:sock_file rw_file_perms;
|
||||||
|
allow hal_audio_default sound_device:chr_file rw_file_perms;
|
||||||
|
allow hal_audio_default sysfs_f0_value:file rw_file_perms;
|
||||||
|
allow hal_audio_default sysfs:file rw_file_perms;
|
||||||
|
unix_socket_connect(hal_audio_default, property, init)
|
||||||
|
unix_socket_connect(hal_audio_default, property, hal_sensors_default)
|
||||||
|
hal_client_domain(hal_audio_default, hal_dms)
|
||||||
|
set_prop(hal_audio_default, vendor_audio_prop)
|
||||||
2
sepolicy/vendor/hal_bluetooth.te
vendored
Normal file
2
sepolicy/vendor/hal_bluetooth.te
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
allow hal_bluetooth_default vendor_mac_vendor_data_file:dir search;
|
||||||
|
allow hal_bluetooth_default vendor_mac_vendor_data_file:file { open read };
|
||||||
37
sepolicy/vendor/hal_camera_default.te
vendored
Normal file
37
sepolicy/vendor/hal_camera_default.te
vendored
Normal file
|
|
@ -0,0 +1,37 @@
|
||||||
|
attribute vendor_hal_camerapostproc_xiaomi;
|
||||||
|
attribute vendor_hal_camerapostproc_xiaomi_client;
|
||||||
|
attribute vendor_hal_camerapostproc_xiaomi_server;
|
||||||
|
type vendor_hal_camerapostproc_xiaomi_hwservice, hwservice_manager_type;
|
||||||
|
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi_client vendor_hal_camerapostproc_xiaomi_server:binder { call transfer };
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi_client vendor_hal_camerapostproc_xiaomi_server:binder transfer;
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi_client vendor_hal_camerapostproc_xiaomi_server:fd *;
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi_client vendor_hal_camerapostproc_xiaomi_hwservice:hwservice_manager find;
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi_server vendor_hal_camerapostproc_xiaomi_client:binder transfer;
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi_server vendor_hal_camerapostproc_xiaomi_client:binder { call transfer };
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi_server vendor_hal_camerapostproc_xiaomi_client:fd *;
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi platform_app:binder transfer;
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi platform_app:binder { call transfer };
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi platform_app:fd *;
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi priv_app:binder transfer;
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi priv_app:binder { call transfer };
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi priv_app:fd *;
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi system_app:binder transfer;
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi system_app:binder { call transfer };
|
||||||
|
allow vendor_hal_camerapostproc_xiaomi system_app:fd *;
|
||||||
|
add_hwservice(vendor_hal_camerapostproc_xiaomi_server, vendor_hal_camerapostproc_xiaomi_hwservice)
|
||||||
|
|
||||||
|
allow hal_camera_client vendor_hal_camerapostproc_xiaomi_hwservice:hwservice_manager find;
|
||||||
|
allow hal_camera_default mnt_vendor_file:dir search;
|
||||||
|
allow hal_camera_default camera_persist_file:dir search;
|
||||||
|
allow hal_camera_default vendor_persist_sensors_file:dir search;
|
||||||
|
allow hal_camera_default stmvl53l5_device:chr_file { ioctl open read write };
|
||||||
|
allow hal_camera_default hal_quickcamera_hwservice:hwservice_manager { add find };
|
||||||
|
dontaudit hal_camera graphics_device:dir search;
|
||||||
|
dontaudit hal_camera_default default_prop:file read;
|
||||||
|
r_dir_file(hal_camera_default, mnt_vendor_file)
|
||||||
|
r_dir_file(hal_camera_default, camera_persist_file)
|
||||||
|
r_dir_file(hal_camera_default, vendor_persist_sensors_file)
|
||||||
|
hal_server_domain(hal_camera_default, vendor_hal_camerapostproc_xiaomi)
|
||||||
|
add_hwservice(hal_camera_server, vendor_hal_camerapostproc_xiaomi_hwservice)
|
||||||
|
set_prop(hal_camera_default, vendor_camera_sensor_prop)
|
||||||
50
sepolicy/vendor/hal_citsensorservice_xiaomi.te
vendored
Normal file
50
sepolicy/vendor/hal_citsensorservice_xiaomi.te
vendored
Normal file
|
|
@ -0,0 +1,50 @@
|
||||||
|
type vendor_hal_citsensorservice_xiaomi_default, domain;
|
||||||
|
type vendor_hal_citsensorservice_xiaomi_default_exec, exec_type, file_type, vendor_file_type;
|
||||||
|
type vendor_hal_citsensorservice_xiaomi_hwservice, hwservice_manager_type;
|
||||||
|
attribute vendor_hal_citsensorservice_xiaomi;
|
||||||
|
attribute vendor_hal_citsensorservice_xiaomi_client;
|
||||||
|
attribute vendor_hal_citsensorservice_xiaomi_server;
|
||||||
|
init_daemon_domain(vendor_hal_citsensorservice_xiaomi_default)
|
||||||
|
r_dir_file(vendor_hal_citsensorservice_xiaomi_default, mnt_vendor_file)
|
||||||
|
#set_prop(vendor_hal_citsensorservice_xiaomi_default, vendor_cct_prop)
|
||||||
|
vndbinder_use(vendor_hal_citsensorservice_xiaomi)
|
||||||
|
hal_server_domain(vendor_hal_citsensorservice_xiaomi_default, vendor_hal_citsensorservice_xiaomi)
|
||||||
|
hal_client_domain(vendor_hal_citsensorservice_xiaomi_default, hal_graphics_allocator)
|
||||||
|
add_hwservice(vendor_hal_citsensorservice_xiaomi_server, vendor_hal_citsensorservice_xiaomi_hwservice)
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_client vendor_hal_citsensorservice_xiaomi_server:binder { call transfer };
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_client vendor_hal_citsensorservice_xiaomi_server:binder transfer;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_client vendor_hal_citsensorservice_xiaomi_server:fd *;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_client vendor_hal_citsensorservice_xiaomi_hwservice:hwservice_manager find;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_server vendor_hal_citsensorservice_xiaomi_client:binder transfer;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_server vendor_hal_citsensorservice_xiaomi_client:binder { call transfer };
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_server vendor_hal_citsensorservice_xiaomi_client:fd *;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default input_device:dir rw_dir_perms;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default input_device:chr_file rw_file_perms;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_data:file r_file_perms;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default self:socket create_socket_perms;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default self:qipcrtr_socket create_socket_perms;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_graphics:dir r_dir_perms;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_graphics:file r_file_perms;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_persist_sensors_file:dir create_dir_perms;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_persist_sensors_file:file create_file_perms;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default fwk_sensor_hwservice:hwservice_manager find;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default system_server:binder call;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default system_server:binder transfer;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_displayfeature:dir search;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_displayfeature:file { open read };
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_displayfeature_device:chr_file { ioctl open read write };
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default hal_graphics_mapper_hwservice:hwservice_manager find;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_display_config_hwservice:hwservice_manager find;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_display_config_hwservice:binder { call transfer };
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_display_config_hwservice:fd *;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default hal_graphics_composer:binder { call transfer };
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default hal_graphics_composer:fd *;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_qdisplay_service:service_manager find;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default hal_graphics_composer_default:binder transfer;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_sensorcommunicate_default:binder call;
|
||||||
|
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_sensorcommunicate_default:binder transfer;
|
||||||
|
allowxperm vendor_hal_citsensorservice_xiaomi_default self:socket ioctl { 0xc300 0xc301 0xc302 0xc303 0xc304 0xc305 };
|
||||||
|
allowxperm vendor_hal_citsensorservice_xiaomi_default self:qipcrtr_socket ioctl { 0xc300 0xc301 0xc302 0xc303 0xc304 0xc305 };
|
||||||
|
|
||||||
|
get_prop(vendor_hal_citsensorservice_xiaomi_default, vendor_sensors_prop)
|
||||||
|
get_prop(vendor_hal_citsensorservice_xiaomi_default, vendor_sensors_debug_prop)
|
||||||
2
sepolicy/vendor/hal_display_config.te
vendored
Normal file
2
sepolicy/vendor/hal_display_config.te
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
allow vendor_hal_display_config_hwservice vendor_hal_displayfeature_xiaomi_default:binder transfer;
|
||||||
|
allow vendor_hal_display_config_hwservice vendor_hal_citsensorservice_xiaomi_default:binder transfer;
|
||||||
69
sepolicy/vendor/hal_displayfeature_xiaomi.te
vendored
Normal file
69
sepolicy/vendor/hal_displayfeature_xiaomi.te
vendored
Normal file
|
|
@ -0,0 +1,69 @@
|
||||||
|
type vendor_hal_displayfeature_xiaomi_default, domain;
|
||||||
|
type vendor_hal_displayfeature_xiaomi_default_exec, exec_type, file_type, vendor_file_type;
|
||||||
|
type vendor_hal_displayfeature_xiaomi_hwservice, hwservice_manager_type;
|
||||||
|
type vendor_mistcdisplay_service, vndservice_manager_type;
|
||||||
|
|
||||||
|
type vendor_displayfeature, domain;
|
||||||
|
type vendor_displayfeature_exec, exec_type, file_type, vendor_file_type;
|
||||||
|
type vendor_DisplayFeatureControl_service, vndservice_manager_type;
|
||||||
|
|
||||||
|
allow vendor_hal_displayfeature_xiaomi vendor_sysfs_graphics:file rw_file_perms;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi vendor_qdisplay_service:service_manager find;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi hal_graphics_composer:binder { call transfer };
|
||||||
|
allow vendor_hal_displayfeature_xiaomi hal_graphics_composer:fd *;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi graphics_device:chr_file rw_file_perms;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi graphics_device:dir r_dir_perms;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default sysfs:file { getattr open read write };
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default sensors_device:chr_file r_file_perms;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default fwk_sensor_hwservice:hwservice_manager find;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default system_server:binder { call transfer };
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default vendor_hal_display_config_hwservice:hwservice_manager find;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default vendor_hal_display_config_hwservice:binder { call transfer };
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default vendor_hal_display_config_hwservice:fd *;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default vendor_display_vendor_data_file:dir create_dir_perms;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default vendor_display_vendor_data_file:file create_file_perms;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default vendor_displayfeature_device:chr_file { ioctl open read write };
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default vendor_sysfs_displayfeature:dir r_dir_perms;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default vendor_sysfs_displayfeature:file rw_file_perms;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default vendor_mistcdisplay_service:service_manager find;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default system_app:binder { call transfer };
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default system_app:fd *;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_default surfaceflinger:binder call;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_client vendor_hal_displayfeature_xiaomi_server:binder { call transfer };
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_client vendor_hal_displayfeature_xiaomi_server:fd *;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_client vendor_hal_displayfeature_xiaomi_hwservice:hwservice_manager find;
|
||||||
|
allow vendor_hal_displayfeature_xiaomi_server vendor_hal_displayfeature_xiaomi_client:binder transfer;
|
||||||
|
attribute vendor_hal_displayfeature_xiaomi;
|
||||||
|
attribute vendor_hal_displayfeature_xiaomi_client;
|
||||||
|
attribute vendor_hal_displayfeature_xiaomi_server;
|
||||||
|
init_daemon_domain(vendor_hal_displayfeature_xiaomi_default)
|
||||||
|
r_dir_file(vendor_hal_displayfeature_xiaomi, vendor_sysfs_graphics)
|
||||||
|
unix_socket_connect(vendor_hal_displayfeature_xiaomi_default, property, vendor_sensors)
|
||||||
|
get_prop(vendor_hal_displayfeature_xiaomi_default, vendor_mpctl_prop)
|
||||||
|
set_prop(vendor_hal_displayfeature_xiaomi_default, vendor_displayfeature_prop)
|
||||||
|
vndbinder_use(vendor_hal_displayfeature_xiaomi)
|
||||||
|
hal_server_domain(vendor_hal_displayfeature_xiaomi_default, vendor_hal_displayfeature_xiaomi)
|
||||||
|
hal_client_domain(vendor_hal_displayfeature_xiaomi_default, vendor_hal_display_color)
|
||||||
|
hal_client_domain(vendor_hal_displayfeature_xiaomi_default, vendor_hal_display_postproc)
|
||||||
|
add_hwservice(vendor_hal_displayfeature_xiaomi_server, vendor_hal_displayfeature_xiaomi_hwservice)
|
||||||
|
|
||||||
|
allow vendor_displayfeature system_server:binder transfer;
|
||||||
|
allow vendor_displayfeature system_server:binder { call transfer };
|
||||||
|
allow vendor_displayfeature system_server:fd *;
|
||||||
|
allow vendor_displayfeature appdomain:binder { call transfer };
|
||||||
|
allow vendor_displayfeature appdomain:fd *;
|
||||||
|
allow vendor_displayfeature sysfs:file { getattr open read write };
|
||||||
|
allow vendor_displayfeature vendor_file:file r_file_perms;
|
||||||
|
allow vendor_displayfeature graphics_device:dir r_dir_perms;
|
||||||
|
allow vendor_displayfeature graphics_device:chr_file rw_file_perms;
|
||||||
|
init_daemon_domain(vendor_displayfeature)
|
||||||
|
get_prop(vendor_displayfeature, hwservicemanager_prop)
|
||||||
|
get_prop(vendor_displayfeature, vendor_displayfeature_prop)
|
||||||
|
hwbinder_use(vendor_displayfeature)
|
||||||
|
vndbinder_use(vendor_displayfeature)
|
||||||
|
hal_client_domain(vendor_displayfeature, hal_graphics_composer)
|
||||||
|
hal_client_domain(vendor_displayfeature, hal_light)
|
||||||
|
hal_client_domain(vendor_displayfeature, vendor_hal_display_color)
|
||||||
|
hal_client_domain(vendor_displayfeature, vendor_hal_display_postproc)
|
||||||
|
hal_client_domain(vendor_displayfeature, vendor_hal_displayfeature_xiaomi)
|
||||||
|
add_service(vendor_displayfeature, vendor_DisplayFeatureControl_service)
|
||||||
18
sepolicy/vendor/hal_dms.te
vendored
Normal file
18
sepolicy/vendor/hal_dms.te
vendored
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
type hal_dms_default, domain;
|
||||||
|
type hal_dms_default_exec, exec_type, file_type, vendor_file_type;
|
||||||
|
type hal_dms_hwservice, hwservice_manager_type;
|
||||||
|
#hal_attribute(dms)
|
||||||
|
allow hal_dms_client hal_dms_server:binder { call transfer };
|
||||||
|
allow hal_dms_client hal_dms_server:binder transfer;
|
||||||
|
allow hal_dms_client hal_dms_server:fd *;
|
||||||
|
allow hal_dms_client hal_dms_hwservice:hwservice_manager find;
|
||||||
|
allow hal_dms_server hal_dms_client:binder transfer;
|
||||||
|
allow hal_dms_server hal_dms_client:binder { call transfer };
|
||||||
|
allow hal_dms_server hal_dms_client:fd *;
|
||||||
|
allow hal_dms_default hal_dms_hwservice:hwservice_manager add;
|
||||||
|
allow hal_dms_default vendor_data_file:dir rw_dir_perms;
|
||||||
|
allow hal_dms_default vendor_data_file:file create_file_perms;
|
||||||
|
init_daemon_domain(hal_dms_default)
|
||||||
|
set_prop(hal_dms_default, vendor_audio_prop)
|
||||||
|
hal_server_domain(hal_dms_default, hal_dms)
|
||||||
|
add_hwservice(hal_dms_server, hal_dms_hwservice)
|
||||||
26
sepolicy/vendor/hal_fingerprint.te
vendored
Normal file
26
sepolicy/vendor/hal_fingerprint.te
vendored
Normal file
|
|
@ -0,0 +1,26 @@
|
||||||
|
type vendor_hal_fingerprint_hwservice_xiaomi, hwservice_manager_type;
|
||||||
|
|
||||||
|
allow hal_fingerprint_default vendor_fingerprint_data_file:dir create_dir_perms;
|
||||||
|
allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perms;
|
||||||
|
allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find;
|
||||||
|
allow hal_fingerprint_default vendor_hal_perf_default:binder call;
|
||||||
|
allow hal_fingerprint_default vendor_sysfs_graphics:dir r_dir_perms;
|
||||||
|
allow hal_fingerprint_default vendor_sysfs_graphics:file rw_file_perms;
|
||||||
|
allow hal_fingerprint_default input_device:dir r_dir_perms;
|
||||||
|
allow hal_fingerprint_default input_device:chr_file rwx_file_perms;
|
||||||
|
allow hal_fingerprint_default mnt_vendor_file:dir search;
|
||||||
|
allow hal_fingerprint_default vendor_fingerprint_device:chr_file rwx_file_perms;
|
||||||
|
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
||||||
|
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
|
||||||
|
allow hal_fingerprint_default vendor_sysfs_displayfeature:dir { open read };
|
||||||
|
allow hal_fingerprint_default vendor_sysfs_displayfeature:file { open read };
|
||||||
|
allow hal_fingerprint_default vendor_dmabuf_qseecom_ta_heap_device:chr_file r_file_perms;
|
||||||
|
allow hal_fingerprint_default vendor_dmabuf_qseecom_heap_device:chr_file r_file_perms;
|
||||||
|
allow hal_fingerprint_default sysfs_tp_fodstatus:chr_file r_file_perms;
|
||||||
|
allow hal_fingerprint_default sysfs_tp_fodstatus:file r_file_perms;
|
||||||
|
allow hal_fingerprint_default vendor_hal_fingerprint_hwservice_xiaomi:hwservice_manager { add find };
|
||||||
|
allow hal_fingerprint_default touchfeature_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
get_prop(hal_fingerprint_default, vendor_panel_info_prop)
|
||||||
|
set_prop(hal_fingerprint_default, vendor_fp_prop)
|
||||||
|
set_prop(hal_fingerprint_default, vendor_fp_info_prop)
|
||||||
8
sepolicy/vendor/hal_gnss.te
vendored
Normal file
8
sepolicy/vendor/hal_gnss.te
vendored
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
allow vendor_hal_gnss_qti vendor_ins_vendor_data_file:dir rw_dir_perms;
|
||||||
|
allow vendor_hal_gnss_qti vendor_ins_vendor_data_file:file create_file_perms;
|
||||||
|
allow vendor_hal_gnss_qti vendor_persist_sensors_file:dir rw_dir_perms;
|
||||||
|
allow vendor_hal_gnss_qti vendor_persist_sensors_file:file create_file_perms;
|
||||||
|
allow vendor_hal_gnss_qti mnt_vendor_file:dir search;
|
||||||
|
allow vendor_hal_gnss_qti mnt_vendor_file:dir rw_dir_perms;
|
||||||
|
get_prop(vendor_hal_gnss_qti, vendor_sensors_prop)
|
||||||
|
get_prop(vendor_hal_gnss_qti, vendor_mi_ins_prop)
|
||||||
15
sepolicy/vendor/hal_graphics_composer.te
vendored
Normal file
15
sepolicy/vendor/hal_graphics_composer.te
vendored
Normal file
|
|
@ -0,0 +1,15 @@
|
||||||
|
allow hal_graphics_composer vendor_hal_displayfeature_xiaomi:binder transfer;
|
||||||
|
allow hal_graphics_composer vendor_hal_citsensorservice_xiaomi_default:binder transfer;
|
||||||
|
allow hal_graphics_composer vendor_hal_citsensorservice_xiaomi_hwservice:hwservice_manager find;
|
||||||
|
allow hal_graphics_composer_default vendor_displayfeature_device:chr_file { ioctl open read };
|
||||||
|
allow hal_graphics_composer_default vendor_sysfs_displayfeature:dir { open read search };
|
||||||
|
allow hal_graphics_composer_default vendor_sysfs_displayfeature:file { open read write };
|
||||||
|
allow hal_graphics_composer_default vendor_hal_citsensorservice_xiaomi_default:binder call;
|
||||||
|
allow hal_graphics_composer_default vendor_hal_citsensorservice_xiaomi_default:binder { call transfer };
|
||||||
|
allow hal_graphics_composer_default vendor_hal_citsensorservice_xiaomi_default:fd *;
|
||||||
|
get_prop(hal_graphics_composer, vendor_displayfeature_prop)
|
||||||
|
set_prop(hal_graphics_composer_default, vendor_ctl_vendor_display_prop)
|
||||||
|
set_prop(hal_graphics_composer_default, vendor_display_prop)
|
||||||
|
hal_client_domain(hal_graphics_composer_default, vendor_hal_displayfeature_xiaomi)
|
||||||
|
allow hal_graphics_composer_default vendor_mistcdisplay_service:service_manager find;
|
||||||
|
add_service(hal_graphics_composer_default, vendor_mistcdisplay_service)
|
||||||
3
sepolicy/vendor/hal_light.te
vendored
Normal file
3
sepolicy/vendor/hal_light.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
allow hal_light_default vendor_displayfeature_device:chr_file { ioctl open read write };
|
||||||
|
allow hal_light_default vendor_sysfs_displayfeature:dir r_dir_perms;
|
||||||
|
allow hal_light_default vendor_sysfs_displayfeature:file rw_file_perms;
|
||||||
24
sepolicy/vendor/hal_mfidoca.te
vendored
Normal file
24
sepolicy/vendor/hal_mfidoca.te
vendored
Normal file
|
|
@ -0,0 +1,24 @@
|
||||||
|
type hal_mfidoca_default, domain;
|
||||||
|
type hal_mfidoca_default_exec, exec_type, file_type, vendor_file_type;
|
||||||
|
type hal_mfidoca_hwservice, hwservice_manager_type;
|
||||||
|
hal_attribute(mfidoca)
|
||||||
|
allow hal_mfidoca_client hal_mfidoca_server:binder { call transfer };
|
||||||
|
allow hal_mfidoca_client hal_mfidoca_server:binder transfer;
|
||||||
|
allow hal_mfidoca_client hal_mfidoca_server:fd *;
|
||||||
|
allow hal_mfidoca_server hal_mfidoca_client:binder transfer;
|
||||||
|
allow hal_mfidoca_server hal_mfidoca_client:binder { call transfer };
|
||||||
|
allow hal_mfidoca_server hal_mfidoca_client:fd *;
|
||||||
|
allow hal_mfidoca_default tee_device:chr_file rw_file_perms;
|
||||||
|
allow hal_mfidoca_default firmware_file:dir r_dir_perms;
|
||||||
|
allow hal_mfidoca_default firmware_file:file r_file_perms;
|
||||||
|
allow hal_mfidoca_default ion_device:chr_file rw_file_perms;
|
||||||
|
allow hal_mfidoca_default vendor_dmabuf_qseecom_heap_device:chr_file { ioctl open read };
|
||||||
|
allow hal_mfidoca_default vendor_dmabuf_qseecom_ta_heap_device:chr_file { ioctl open read };
|
||||||
|
allow hal_mfidoca_default hal_mtdservice_default:binder transfer;
|
||||||
|
init_daemon_domain(hal_mfidoca_default)
|
||||||
|
get_prop(hal_mfidoca_default, vendor_fp_prop)
|
||||||
|
get_prop(hal_mfidoca_default, vendor_system_prop)
|
||||||
|
set_prop(hal_mfidoca_default, vendor_payment_security_prop)
|
||||||
|
hwbinder_use(hal_mfidoca_default)
|
||||||
|
hal_server_domain(hal_mfidoca_default, hal_mfidoca)
|
||||||
|
add_hwservice(hal_mfidoca_server, hal_mfidoca_hwservice)
|
||||||
27
sepolicy/vendor/hal_mlipay.te
vendored
Normal file
27
sepolicy/vendor/hal_mlipay.te
vendored
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
type hal_mlipay_default, domain;
|
||||||
|
type hal_mlipay_default_exec, exec_type, file_type, vendor_file_type;
|
||||||
|
type hal_mlipay_hwservice, hwservice_manager_type;
|
||||||
|
hal_attribute(mlipay)
|
||||||
|
allow hal_mlipay_client hal_mlipay_server:binder { call transfer };
|
||||||
|
allow hal_mlipay_client hal_mlipay_server:binder transfer;
|
||||||
|
allow hal_mlipay_client hal_mlipay_server:fd *;
|
||||||
|
allow hal_mlipay_client hal_mlipay_hwservice:hwservice_manager find;
|
||||||
|
allow hal_mlipay_server hal_mlipay_client:binder transfer;
|
||||||
|
allow hal_mlipay_server hal_mlipay_client:binder { call transfer };
|
||||||
|
allow hal_mlipay_server hal_mlipay_client:fd *;
|
||||||
|
allow hal_mlipay_default hal_mlipay_hwservice:hwservice_manager add;
|
||||||
|
allow hal_mlipay_default tee_device:chr_file rw_file_perms;
|
||||||
|
allow hal_mlipay_default firmware_file:dir r_dir_perms;
|
||||||
|
allow hal_mlipay_default firmware_file:file r_file_perms;
|
||||||
|
allow hal_mlipay_default ion_device:chr_file rw_file_perms;
|
||||||
|
allow hal_mlipay_default rootfs:lnk_file r_file_perms;
|
||||||
|
allow hal_mlipay_default vendor_dmabuf_qseecom_heap_device:chr_file { ioctl open read };
|
||||||
|
allow hal_mlipay_default vendor_dmabuf_qseecom_ta_heap_device:chr_file { ioctl open read };
|
||||||
|
allow hal_mlipay_default hal_mtdservice_default:binder transfer;
|
||||||
|
init_daemon_domain(hal_mlipay_default)
|
||||||
|
get_prop(hal_mlipay_default, vendor_fp_prop)
|
||||||
|
get_prop(hal_mlipay_default, vendor_system_prop)
|
||||||
|
set_prop(hal_mlipay_default, vendor_payment_security_prop)
|
||||||
|
hwbinder_use(hal_mlipay_default)
|
||||||
|
hal_server_domain(hal_mlipay_default, hal_mlipay)
|
||||||
|
add_hwservice(hal_mlipay_server, hal_mlipay_hwservice)
|
||||||
55
sepolicy/vendor/hal_mtdservice.te
vendored
Normal file
55
sepolicy/vendor/hal_mtdservice.te
vendored
Normal file
|
|
@ -0,0 +1,55 @@
|
||||||
|
type hal_mtdservice_default, domain;
|
||||||
|
type hal_mtdservice_default_exec, exec_type, file_type, vendor_file_type;
|
||||||
|
type hal_mtdservice_hwservice, hwservice_manager_type;
|
||||||
|
hal_attribute(mtdservice)
|
||||||
|
allow hal_mtdservice_client hal_mtdservice_server:binder { call transfer };
|
||||||
|
allow hal_mtdservice_client hal_mtdservice_server:binder transfer;
|
||||||
|
allow hal_mtdservice_client hal_mtdservice_server:fd *;
|
||||||
|
allow hal_mtdservice_server hal_mtdservice_client:binder transfer;
|
||||||
|
allow hal_mtdservice_server hal_mtdservice_client:binder { call transfer };
|
||||||
|
allow hal_mtdservice_server hal_mtdservice_client:fd *;
|
||||||
|
allow hal_mtdservice_default hal_mlipay_default:binder { call transfer };
|
||||||
|
allow hal_mtdservice_default hal_mlipay_default:fd *;
|
||||||
|
allow hal_mtdservice_default hal_mfidoca_default:binder { call transfer };
|
||||||
|
allow hal_mtdservice_default hal_mfidoca_default:fd *;
|
||||||
|
allow hal_mtdservice_default hal_mtdservice_hwservice:hwservice_manager add;
|
||||||
|
allow hal_mtdservice_default firmware_file:dir r_dir_perms;
|
||||||
|
allow hal_mtdservice_default firmware_file:file r_file_perms;
|
||||||
|
allow hal_mtdservice_default ion_device:chr_file rw_file_perms;
|
||||||
|
allow hal_mtdservice_default vendor_persist_drm_file:dir { create_dir_perms relabelto };
|
||||||
|
allow hal_mtdservice_default vendor_persist_drm_file:file { create_file_perms relabelto };
|
||||||
|
allow hal_mtdservice_default vendor_persist_file:dir r_dir_perms;
|
||||||
|
allow hal_mtdservice_default mnt_vendor_file:dir { create_dir_perms relabelfrom };
|
||||||
|
allow hal_mtdservice_default proc:file r_file_perms;
|
||||||
|
allow hal_mtdservice_default tee_device:chr_file rw_file_perms;
|
||||||
|
allow hal_mtdservice_default system_data_file:dir getattr;
|
||||||
|
allow hal_mtdservice_default hal_mlipay_hwservice:hwservice_manager find;
|
||||||
|
allow hal_mtdservice_default hal_mfidoca_hwservice:hwservice_manager find;
|
||||||
|
allow hal_mtdservice_default platform_app:binder transfer;
|
||||||
|
allow hal_mtdservice_default system_app:binder transfer;
|
||||||
|
allow hal_mtdservice_default ta_data_file:file create_file_perms;
|
||||||
|
allow hal_mtdservice_default ta_data_file:dir rw_dir_perms;
|
||||||
|
allow hal_mtdservice_default vendor_hal_tui_comm_hwservice:hwservice_manager find;
|
||||||
|
allow hal_mtdservice_default vendor_hal_tui_comm_hwservice:binder { call transfer };
|
||||||
|
allow hal_mtdservice_default vendor_hal_tui_comm_qti:binder { call transfer };
|
||||||
|
allow hal_mtdservice_default sysfs:dir { open read };
|
||||||
|
allow hal_mtdservice_default sysfs:file { open read write };
|
||||||
|
allow hal_mtdservice_default vendor_qce_device:chr_file rw_file_perms;
|
||||||
|
allow hal_mtdservice_default vendor_sg_device:chr_file { open read };
|
||||||
|
allow hal_mtdservice_default vendor_sg_device:chr_file { ioctl write };
|
||||||
|
allow hal_mtdservice_default vendor_persist_data_file:dir getattr;
|
||||||
|
allow hal_mtdservice_default vendor_smcinvoke_device:chr_file { ioctl open read write };
|
||||||
|
allow hal_mtdservice_default system_server:binder transfer;
|
||||||
|
allow hal_mtdservice_default block_device:dir r_dir_perms;
|
||||||
|
allow hal_mtdservice_default vendor_dmabuf_qseecom_heap_device:chr_file { ioctl open read };
|
||||||
|
allow hal_mtdservice_default vendor_dmabuf_qseecom_ta_heap_device:chr_file { ioctl open read };
|
||||||
|
allow hal_mtdservice_default hal_tidaservice_default:binder transfer;
|
||||||
|
allow hal_mtdservice_default hal_secure_element_default:binder transfer;
|
||||||
|
type_transition hal_mtdservice mnt_vendor_file:dir vendor_persist_drm_file "fdsd";
|
||||||
|
init_daemon_domain(hal_mtdservice_default)
|
||||||
|
get_prop(hal_mtdservice_default, vendor_system_prop)
|
||||||
|
get_prop(hal_mtdservice_default, vendor_cpuid_prop)
|
||||||
|
set_prop(hal_mtdservice_default, vendor_payment_security_prop)
|
||||||
|
hwbinder_use(hal_mtdservice_default)
|
||||||
|
hal_server_domain(hal_mtdservice_default, hal_mtdservice)
|
||||||
|
add_hwservice(hal_mtdservice_server, hal_mtdservice_hwservice)
|
||||||
3
sepolicy/vendor/hal_nfc.te
vendored
Normal file
3
sepolicy/vendor/hal_nfc.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
allow hal_nfc_default vendor_nfc_vendor_data_file:dir create_dir_perms;
|
||||||
|
allow hal_nfc_default vendor_data_file:dir rw_dir_perms;
|
||||||
|
allow hal_nfc_default vendor_data_file:file { create rw_file_perms };
|
||||||
20
sepolicy/vendor/hal_perf.te
vendored
Normal file
20
sepolicy/vendor/hal_perf.te
vendored
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
allow vendor_hal_perf_default hal_graphics_composer_default:process getpgid;
|
||||||
|
allow vendor_hal_perf_default hal_graphics_composer_default:dir r_dir_perms;
|
||||||
|
allow vendor_hal_perf_default hal_graphics_composer_default:file r_file_perms;
|
||||||
|
allow vendor_hal_perf_default hal_graphics_composer_default:file append;
|
||||||
|
allow vendor_hal_perf_default hal_graphics_composer:dir search;
|
||||||
|
allow vendor_hal_perf_default hal_camera_default:dir r_dir_perms;
|
||||||
|
allow vendor_hal_perf_default hal_camera_default:file r_file_perms;
|
||||||
|
allow vendor_hal_perf_default hal_fingerprint_default:dir r_dir_perms;
|
||||||
|
allow vendor_hal_perf_default hal_fingerprint_default:file r_file_perms;
|
||||||
|
allow vendor_hal_perf_default sysfs_thermal:file rw_file_perms;
|
||||||
|
allow vendor_hal_perf_default hal_audio_default:dir search;
|
||||||
|
allow vendor_hal_perf_default hal_audio_default:file { open read };
|
||||||
|
allow vendor_hal_perf_default thermal_data_file:dir { read search watch };
|
||||||
|
allow vendor_hal_perf_default thermal_data_file:file { getattr open read setattr unlink };
|
||||||
|
allow vendor_hal_perf_default vendor_hal_displayfeature_xiaomi_default:dir search;
|
||||||
|
allow vendor_hal_perf_default vendor_hal_displayfeature_xiaomi_default:file read;
|
||||||
|
allow vendor_hal_perf_default mi_thermald:dir r_dir_perms;
|
||||||
|
allow vendor_hal_perf_default mi_thermald:file r_file_perms;
|
||||||
|
|
||||||
|
set_prop(vendor_hal_perf_default, vendor_wlc_public_prop)
|
||||||
1
sepolicy/vendor/hal_power.te
vendored
Normal file
1
sepolicy/vendor/hal_power.te
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
allow hal_power_default touchfeature_device:chr_file rw_file_perms;
|
||||||
27
sepolicy/vendor/hal_quickcamera.te
vendored
Normal file
27
sepolicy/vendor/hal_quickcamera.te
vendored
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
type hal_quickcamera_default, domain;
|
||||||
|
type hal_quickcamera_default_exec, exec_type, file_type, vendor_file_type;
|
||||||
|
type hal_quickcamera_hwservice, hwservice_manager_type;
|
||||||
|
hal_attribute(quickcamera)
|
||||||
|
allow hal_quickcamera_client hal_quickcamera_server:binder { call transfer };
|
||||||
|
allow hal_quickcamera_client hal_quickcamera_server:binder transfer;
|
||||||
|
allow hal_quickcamera_client hal_quickcamera_server:fd *;
|
||||||
|
allow hal_quickcamera_client hal_quickcamera_hwservice:hwservice_manager find;
|
||||||
|
allow hal_quickcamera_server hal_quickcamera_client:binder transfer;
|
||||||
|
allow hal_quickcamera_server hal_quickcamera_client:binder { call transfer };
|
||||||
|
allow hal_quickcamera_server hal_quickcamera_client:fd *;
|
||||||
|
allow hal_quickcamera_server hidl_base_hwservice:hwservice_manager add;
|
||||||
|
allow hal_quickcamera_server hal_quickcamera_hwservice:hwservice_manager { add find };
|
||||||
|
allow hal_quickcamera_default platform_app:binder transfer;
|
||||||
|
allow hal_quickcamera_default platform_app:binder { call transfer };
|
||||||
|
allow hal_quickcamera_default platform_app:fd *;
|
||||||
|
allow hal_quickcamera_default system_app:binder transfer;
|
||||||
|
allow hal_quickcamera_default system_app:binder { call transfer };
|
||||||
|
allow hal_quickcamera_default system_app:fd *;
|
||||||
|
allow hal_quickcamera platform_app:binder transfer;
|
||||||
|
allow hal_quickcamera platform_app:binder { call transfer };
|
||||||
|
allow hal_quickcamera platform_app:fd *;
|
||||||
|
allow hal_quickcamera system_app:binder transfer;
|
||||||
|
allow hal_quickcamera system_app:binder { call transfer };
|
||||||
|
allow hal_quickcamera system_app:fd *;
|
||||||
|
init_daemon_domain(hal_quickcamera_default)
|
||||||
|
hal_server_domain(hal_quickcamera_default, hal_quickcamera)
|
||||||
3
sepolicy/vendor/hal_secure_element.te
vendored
Normal file
3
sepolicy/vendor/hal_secure_element.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
allow hal_secure_element_default hal_mtdservice_hwservice:hwservice_manager find;
|
||||||
|
allow hal_secure_element_default hal_mtdservice_default:binder { call transfer };
|
||||||
|
allow hal_secure_element_default hal_mtdservice_default:fd *;
|
||||||
26
sepolicy/vendor/hal_sensorcommunicate.te
vendored
Normal file
26
sepolicy/vendor/hal_sensorcommunicate.te
vendored
Normal file
|
|
@ -0,0 +1,26 @@
|
||||||
|
type vendor_hal_sensorcommunicate_default, domain;
|
||||||
|
type vendor_hal_sensorcommunicate_default_exec, exec_type, file_type, vendor_file_type;
|
||||||
|
type vendor_hal_sensorcommunicate_hwservice, hwservice_manager_type;
|
||||||
|
attribute vendor_hal_sensorcommunicate;
|
||||||
|
attribute vendor_hal_sensorcommunicate_client;
|
||||||
|
attribute vendor_hal_sensorcommunicate_server;
|
||||||
|
allow vendor_hal_sensorcommunicate_client vendor_hal_sensorcommunicate_server:binder { call transfer };
|
||||||
|
allow vendor_hal_sensorcommunicate_client vendor_hal_sensorcommunicate_server:binder transfer;
|
||||||
|
allow vendor_hal_sensorcommunicate_client vendor_hal_sensorcommunicate_server:fd *;
|
||||||
|
allow vendor_hal_sensorcommunicate_client vendor_hal_sensorcommunicate_hwservice:hwservice_manager find;
|
||||||
|
allow vendor_hal_sensorcommunicate_server vendor_hal_sensorcommunicate_client:binder transfer;
|
||||||
|
allow vendor_hal_sensorcommunicate_server vendor_hal_sensorcommunicate_client:binder { call transfer };
|
||||||
|
allow vendor_hal_sensorcommunicate_server vendor_hal_sensorcommunicate_client:fd *;
|
||||||
|
allow vendor_hal_sensorcommunicate_default fwk_sensor_hwservice:hwservice_manager find;
|
||||||
|
allow vendor_hal_sensorcommunicate_default vendor_hal_citsensorservice_xiaomi_hwservice:hwservice_manager find;
|
||||||
|
allow vendor_hal_sensorcommunicate_default system_server:binder call;
|
||||||
|
allow vendor_hal_sensorcommunicate_default system_server:binder transfer;
|
||||||
|
allow vendor_hal_sensorcommunicate_default vendor_hal_citsensorservice_xiaomi_default:binder call;
|
||||||
|
allow vendor_hal_sensorcommunicate_default vendor_hal_citsensorservice_xiaomi_default:binder transfer;
|
||||||
|
allow vendor_hal_sensorcommunicate_default mnt_vendor_file:dir search;
|
||||||
|
allow vendor_hal_sensorcommunicate_default vendor_persist_sensors_file:dir search;
|
||||||
|
allow vendor_hal_sensorcommunicate_default vendor_persist_sensors_file:file { getattr open read };
|
||||||
|
init_daemon_domain(vendor_hal_sensorcommunicate_default)
|
||||||
|
hwbinder_use(vendor_hal_sensorcommunicate_default)
|
||||||
|
hal_server_domain(vendor_hal_sensorcommunicate_default, vendor_hal_sensorcommunicate)
|
||||||
|
add_hwservice(vendor_hal_sensorcommunicate_server, vendor_hal_sensorcommunicate_hwservice)
|
||||||
8
sepolicy/vendor/hal_sensors.te
vendored
Normal file
8
sepolicy/vendor/hal_sensors.te
vendored
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
allow hal_sensors_default audio_socket:sock_file rw_file_perms;
|
||||||
|
allow hal_sensors_default hal_audio_default:unix_stream_socket connectto;
|
||||||
|
allow hal_sensors_default sound_device:chr_file rw_file_perms;
|
||||||
|
allow hal_sensors_default vendor_sysfs_graphics:dir r_dir_perms;
|
||||||
|
allow hal_sensors_default vendor_sysfs_graphics:file r_file_perms;
|
||||||
|
allow hal_sensors_default stmvl53l5_device:chr_file { ioctl open read write };
|
||||||
|
|
||||||
|
allow hal_sensors_default sysfs_tp_fodstatus:file r_file_perms;
|
||||||
17
sepolicy/vendor/hal_slaservice.te
vendored
Normal file
17
sepolicy/vendor/hal_slaservice.te
vendored
Normal file
|
|
@ -0,0 +1,17 @@
|
||||||
|
type hal_slaservice_qti, domain;
|
||||||
|
type hal_slaservice_qti_exec, exec_type, file_type, vendor_file_type;
|
||||||
|
type hal_slaservice_hwservice, hwservice_manager_type;
|
||||||
|
hal_attribute(slaservice)
|
||||||
|
allow hal_slaservice_qti vendor_slad_prop:file read;
|
||||||
|
allow hal_slaservice_qti socket_device:sock_file write;
|
||||||
|
allow hal_slaservice_client hal_slaservice_server:binder { call transfer };
|
||||||
|
allow hal_slaservice_client hal_slaservice_server:fd *;
|
||||||
|
allow hal_slaservice_client hal_slaservice_hwservice:hwservice_manager find;
|
||||||
|
allow hal_slaservice_server hal_slaservice_client:binder transfer;
|
||||||
|
init_daemon_domain(hal_slaservice_qti)
|
||||||
|
unix_socket_connect(hal_slaservice_qti, property, slad)
|
||||||
|
unix_socket_connect(hal_slaservice_qti, slad, init)
|
||||||
|
unix_socket_connect(hal_slaservice_qti, slad, slad)
|
||||||
|
set_prop(hal_slaservice_qti, vendor_slad_prop)
|
||||||
|
hal_server_domain(hal_slaservice_qti, hal_slaservice)
|
||||||
|
add_hwservice(hal_slaservice_server, hal_slaservice_hwservice)
|
||||||
34
sepolicy/vendor/hal_tidaservice.te
vendored
Normal file
34
sepolicy/vendor/hal_tidaservice.te
vendored
Normal file
|
|
@ -0,0 +1,34 @@
|
||||||
|
type hal_tidaservice_default, domain;
|
||||||
|
type hal_tidaservice_default_exec, exec_type, file_type, vendor_file_type;
|
||||||
|
type hal_tidaservice_hwservice, hwservice_manager_type;
|
||||||
|
hal_attribute(tidaservice)
|
||||||
|
allow hal_tidaservice_client hal_tidaservice_server:binder { call transfer };
|
||||||
|
allow hal_tidaservice_client hal_tidaservice_server:binder transfer;
|
||||||
|
allow hal_tidaservice_client hal_tidaservice_server:fd *;
|
||||||
|
allow hal_tidaservice_client hal_tidaservice_hwservice:hwservice_manager find;
|
||||||
|
allow hal_tidaservice_server hal_tidaservice_client:binder transfer;
|
||||||
|
allow hal_tidaservice_server hal_tidaservice_client:binder { call transfer };
|
||||||
|
allow hal_tidaservice_server hal_tidaservice_client:fd *;
|
||||||
|
allow hal_tidaservice_default hal_mtdservice_default:binder { call transfer };
|
||||||
|
allow hal_tidaservice_default hal_mtdservice_default:fd *;
|
||||||
|
allow hal_tidaservice_default tee_device:chr_file rw_file_perms;
|
||||||
|
allow hal_tidaservice_default firmware_file:dir r_dir_perms;
|
||||||
|
allow hal_tidaservice_default firmware_file:file r_file_perms;
|
||||||
|
allow hal_tidaservice_default ion_device:chr_file rw_file_perms;
|
||||||
|
allow hal_tidaservice_default rootfs:lnk_file r_file_perms;
|
||||||
|
allow hal_tidaservice_default hal_mtdservice_hwservice:hwservice_manager find;
|
||||||
|
allow hal_tidaservice_default platform_app:binder transfer;
|
||||||
|
allow hal_tidaservice_default vendor_hal_tui_comm_hwservice:hwservice_manager find;
|
||||||
|
allow hal_tidaservice_default vendor_hal_tui_comm_hwservice:binder { call transfer };
|
||||||
|
allow hal_tidaservice_default vendor_hal_tui_comm_qti:binder { call transfer };
|
||||||
|
allow hal_tidaservice_default sysfs:dir { open read };
|
||||||
|
allow hal_tidaservice_default sysfs:file { open read write };
|
||||||
|
allow hal_tidaservice_default vendor_dmabuf_qseecom_heap_device:chr_file { ioctl open read };
|
||||||
|
allow hal_tidaservice_default vendor_dmabuf_qseecom_ta_heap_device:chr_file { ioctl open read };
|
||||||
|
init_daemon_domain(hal_tidaservice_default)
|
||||||
|
get_prop(hal_tidaservice_default, vendor_fp_prop)
|
||||||
|
get_prop(hal_tidaservice_default, vendor_system_prop)
|
||||||
|
get_prop(hal_tidaservice_default, vendor_payment_security_prop)
|
||||||
|
hwbinder_use(hal_tidaservice_default)
|
||||||
|
hal_server_domain(hal_tidaservice_default, hal_tidaservice)
|
||||||
|
add_hwservice(hal_tidaservice_server, hal_tidaservice_hwservice)
|
||||||
14
sepolicy/vendor/hwservice_contexts
vendored
Normal file
14
sepolicy/vendor/hwservice_contexts
vendored
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
vendor.xiaomi.hardware.campostproc::IMiPostProcService u:object_r:vendor_hal_camerapostproc_xiaomi_hwservice:s0
|
||||||
|
vendor.xiaomi.hardware.displayfeature::IDisplayFeature u:object_r:vendor_hal_displayfeature_xiaomi_hwservice:s0
|
||||||
|
vendor.qti.sla.service::ISlaService u:object_r:hal_slaservice_hwservice:s0
|
||||||
|
vendor.xiaomi.sensor.citsensorservice::ICitSensorService u:object_r:vendor_hal_citsensorservice_xiaomi_hwservice:s0
|
||||||
|
vendor.xiaomi.sensor.communicate::ISensorCommunicate u:object_r:vendor_hal_sensorcommunicate_hwservice:s0
|
||||||
|
vendor.xiaomi.hardware.quickcamera::IQuickCameraService u:object_r:hal_quickcamera_hwservice:s0
|
||||||
|
|
||||||
|
vendor.dolby.hardware.dms::IDms u:object_r:hal_dms_hwservice:s0
|
||||||
|
vendor.xiaomi.hardware.mfidoca::IFidoService u:object_r:hal_mfidoca_hwservice:s0
|
||||||
|
vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0
|
||||||
|
vendor.xiaomi.hardware.mtdservice::IMTService u:object_r:hal_mtdservice_hwservice:s0
|
||||||
|
vendor.xiaomi.hardware.tidaservice::ITidaService u:object_r:hal_tidaservice_hwservice:s0
|
||||||
|
vendor.xiaomi.hardware.bgservice::IBGService u:object_r:vendor_hal_camerapostproc_xiaomi_hwservice:s0
|
||||||
|
vendor.xiaomi.hardware.fx.tunnel::IMiFxTunnel u:object_r:vendor_hal_fingerprint_hwservice_xiaomi:s0
|
||||||
8
sepolicy/vendor/init.te
vendored
Normal file
8
sepolicy/vendor/init.te
vendored
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
allow init ddr_training_exec:file { execute getattr open read };
|
||||||
|
allow init slad_exec:file { getattr open read };
|
||||||
|
allow init sla_data_file:file rw_file_perms;
|
||||||
|
allow vendor_init vendor_ddr_prop:property_service set;
|
||||||
|
set_prop(vendor_init, vendor_fp_prop)
|
||||||
|
set_prop(vendor_init, vendor_fp_info_prop)
|
||||||
|
set_prop(vendor_init, vendor_qcc_prop)
|
||||||
|
allow vendor_init cgroup:file getattr;
|
||||||
30
sepolicy/vendor/mi_thermald.te
vendored
Normal file
30
sepolicy/vendor/mi_thermald.te
vendored
Normal file
|
|
@ -0,0 +1,30 @@
|
||||||
|
type mi_thermald, domain, mlstrustedsubject;
|
||||||
|
type mi_thermald_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
allow mi_thermald sysfs_devices_system_cpu:file rw_file_perms;
|
||||||
|
allow mi_thermald self:capability { fsetid sys_boot };
|
||||||
|
allow mi_thermald sysfs_thermal:file w_file_perms;
|
||||||
|
allow mi_thermald sysfs:file w_file_perms;
|
||||||
|
allow mi_thermald vendor_sysfs_kgsl:dir r_dir_perms;
|
||||||
|
allow mi_thermald vendor_sysfs_kgsl:file rw_file_perms;
|
||||||
|
allow mi_thermald vendor_sysfs_kgsl:lnk_file r_file_perms;
|
||||||
|
allow mi_thermald vendor_sysfs_battery_supply:dir r_dir_perms;
|
||||||
|
allow mi_thermald vendor_sysfs_battery_supply:file rw_file_perms;
|
||||||
|
allow mi_thermald vendor_sysfs_battery_supply:lnk_file r_file_perms;
|
||||||
|
allow mi_thermald vendor_sysfs_qcom_battery:file rw_file_perms;
|
||||||
|
allow mi_thermald vendor_sysfs_graphics:dir r_dir_perms;
|
||||||
|
allow mi_thermald vendor_sysfs_graphics:file rw_file_perms;
|
||||||
|
allow mi_thermald vendor_sysfs_graphics:lnk_file r_file_perms;
|
||||||
|
allow mi_thermald thermal_data_file:dir { add_name read remove_name search watch write };
|
||||||
|
allow mi_thermald thermal_data_file:file { create getattr open read rename setattr unlink write };
|
||||||
|
allow mi_thermald mi_thermald:capability { chown fowner };
|
||||||
|
allow mi_thermald mi_thermald:capability2 { block_suspend wake_alarm };
|
||||||
|
allow mi_thermald vendor_data_file:dir { add_name read remove_name watch write };
|
||||||
|
allow mi_thermald vendor_data_file:file { create getattr open read rename setattr unlink write };
|
||||||
|
allow mi_thermald sys_thermal_wifi_limit:file { open read write };
|
||||||
|
allow mi_thermald sys_thermal_wifi_limit:file rw_file_perms;
|
||||||
|
init_daemon_domain(mi_thermald)
|
||||||
|
r_dir_file(mi_thermald, sysfs_thermal)
|
||||||
|
r_dir_file(mi_thermald, sysfs)
|
||||||
|
r_dir_file(mi_thermald, sysfs_leds)
|
||||||
|
r_dir_file(mi_thermald, vendor_sysfs_qcom_battery)
|
||||||
|
set_prop(mi_thermald, vendor_thermal_normal_prop)
|
||||||
1
sepolicy/vendor/modprobe.te
vendored
Normal file
1
sepolicy/vendor/modprobe.te
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
allow vendor_modprobe block_device:dir search;
|
||||||
40
sepolicy/vendor/property.te
vendored
Normal file
40
sepolicy/vendor/property.te
vendored
Normal file
|
|
@ -0,0 +1,40 @@
|
||||||
|
# Camera
|
||||||
|
vendor_public_prop(vendor_camera_sensor_prop)
|
||||||
|
|
||||||
|
# DDR
|
||||||
|
vendor_public_prop(vendor_ddr_prop)
|
||||||
|
|
||||||
|
# Device ID
|
||||||
|
vendor_public_prop(vendor_deviceid_prop)
|
||||||
|
vendor_public_prop(vendor_sno_prop)
|
||||||
|
vendor_public_prop(vendor_cpuid_prop)
|
||||||
|
|
||||||
|
# Dolby
|
||||||
|
vendor_internal_prop(vendor_dolbyv_prop)
|
||||||
|
|
||||||
|
# Display
|
||||||
|
vendor_public_prop(vendor_displayfeature_prop)
|
||||||
|
vendor_internal_prop(vendor_ctl_vendor_display_prop)
|
||||||
|
|
||||||
|
# Fingerprint
|
||||||
|
vendor_restricted_prop(vendor_fp_info_prop)
|
||||||
|
vendor_public_prop(vendor_fp_prop)
|
||||||
|
|
||||||
|
# GNSS
|
||||||
|
vendor_public_prop(vendor_edgnss_qxwz_downloadak_prop)
|
||||||
|
vendor_public_prop(vendor_mi_ins_prop)
|
||||||
|
|
||||||
|
# Mlipay
|
||||||
|
vendor_public_prop(vendor_payment_security_prop)
|
||||||
|
|
||||||
|
# NFC
|
||||||
|
vendor_public_prop(vendor_nfc_mi_prop)
|
||||||
|
|
||||||
|
# Panel
|
||||||
|
vendor_public_prop(vendor_panel_info_prop)
|
||||||
|
|
||||||
|
# SLA
|
||||||
|
type vendor_slad_prop, property_type, vendor_property_type;
|
||||||
|
|
||||||
|
# Thermal
|
||||||
|
vendor_public_prop(vendor_thermal_normal_prop)
|
||||||
144
sepolicy/vendor/property_contexts
vendored
Normal file
144
sepolicy/vendor/property_contexts
vendored
Normal file
|
|
@ -0,0 +1,144 @@
|
||||||
|
# Camera
|
||||||
|
vendor.camera.sensor. u:object_r:vendor_camera_sensor_prop:s0
|
||||||
|
|
||||||
|
# DDR
|
||||||
|
vendor.ddr_training.is.start u:object_r:vendor_ddr_prop:s0
|
||||||
|
|
||||||
|
# Device ID
|
||||||
|
persist.vendor.radio.imei u:object_r:vendor_deviceid_prop:s0
|
||||||
|
persist.vendor.radio.meid u:object_r:vendor_deviceid_prop:s0
|
||||||
|
ro.vendor.oem.imei u:object_r:vendor_deviceid_prop:s0
|
||||||
|
ro.vendor.oem.meid u:object_r:vendor_deviceid_prop:s0
|
||||||
|
ro.vendor.oem.psno u:object_r:vendor_sno_prop:s0
|
||||||
|
ro.vendor.oem.sno u:object_r:vendor_sno_prop:s0
|
||||||
|
|
||||||
|
# Display
|
||||||
|
persist.vendor.dc_backlight.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
persist.vendor.dc_backlight.threshold u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
persist.vendor.df.color.temp u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
persist.vendor.df.extcolor.proc u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
persist.vendor.dfps.level u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
persist.vendor.disable_idle_fps u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
persist.vendor.disable_idle_fps.threshold u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
persist.vendor.displayfeature.video.pq.type u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
persist.vendor.dolbyvision.flat_on u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
persist.vendor.fod.modified.dc_status u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
persist.vendor.max.brightness u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
persist.vendor.power.dfps.level u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.all_modes.colorpick_adjust u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.aod.brightness.cust u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.aod_layer.check u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.bcbc.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.cabc.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.cct.need.check.touch.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.colorpick_adjust u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.df.effect.conflict u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.dfps.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.ai_disp.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.aod_monitor_default_fps u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.benchmark_app u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.default_fps u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.dither u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.dolbyvision.support u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.dual_builtin_disp u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
#ro.vendor.display.dynamic_refresh_rate u:object_r:vendor_promotion_prop:s0
|
||||||
|
ro.vendor.display.expert_calib.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.fod_monitor_default_fps u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.hwc_thermal_dimming u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.idle_default_fps u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.idle_default_fps.support u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.ltpo.idle.switch.powercloud u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.ltpo.powerfull.with.charger.support u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.ltpo.sync.tp u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.ltpo.tp.idle.lowbrightness.support u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.mi_calib.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.nature_mode.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.papercontrast.opt u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.primary.fps.limit u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.primary_idle_refresh_rate u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.secondary_idle_refresh_rate u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.set_fps_stat_timer_ms u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.set_sec_idle_timer_ms u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.switch_resolution.support u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.touch.idle.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.type u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.ultimate.perf.support u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.display.video_or_camera_fps.support u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.displayfeature.dump u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.dualpanel.dfps u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.eyecare.level u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.eyecare.threshold u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.fod.110nit.lux.level u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.fod.dimlayer.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.fps.switch.default u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.fps.switch.thermal u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.gcp.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.hbm_backlight.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.hist.threshold u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.histogram.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.localhbm.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.media.video.style.support u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.need.check.cup.hbm.coverlayer.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.pcc.dc.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.sdr2hdr.by.layer.support u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.sf.enable_fb_scaling u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.soft_backlight.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.sre.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.standard.video.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.thermal.dimming.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.use.partial.brightness u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.video.style.by.layer.support u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.video_box.version u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.whitepoint_calibration_enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
ro.vendor.xiaomi.bl.poll u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
vendor.display.enable_fb_scaling u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
vendor.display.hwc_backlight.support u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
vendor.displayfeature.entry.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
vendor.hbm.enable u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
vendor.video.mode.status u:object_r:vendor_displayfeature_prop:s0
|
||||||
|
|
||||||
|
# Dolby
|
||||||
|
vendor.dolbyv. u:object_r:vendor_dolbyv_prop:s0
|
||||||
|
|
||||||
|
# Fingerprint
|
||||||
|
persist.vendor.sys.fp. u:object_r:vendor_fp_prop:s0
|
||||||
|
persist.vendor.sys.fp.info u:object_r:vendor_fp_info_prop:s0
|
||||||
|
persist.vendor.sys.fp.uid u:object_r:vendor_fp_info_prop:s0
|
||||||
|
vendor.fps_hal. u:object_r:vendor_fp_prop:s0
|
||||||
|
vendor.panel.display. u:object_r:vendor_fp_prop:s0
|
||||||
|
ro.hardware.fp.udfps u:object_r:vendor_fp_prop:s0
|
||||||
|
|
||||||
|
# GNSS
|
||||||
|
ro.vendor.gnss.edgnss.downloadQxwzAk u:object_r:vendor_edgnss_qxwz_downloadak_prop:s0
|
||||||
|
|
||||||
|
# Panel
|
||||||
|
vendor.panel. u:object_r:vendor_panel_info_prop:s0
|
||||||
|
|
||||||
|
# Mlipay
|
||||||
|
persist.vendor.sys.pay.fido u:object_r:vendor_payment_security_prop:s0
|
||||||
|
persist.vendor.sys.pay.fido2 u:object_r:vendor_payment_security_prop:s0
|
||||||
|
persist.vendor.sys.pay.ifaa u:object_r:vendor_payment_security_prop:s0
|
||||||
|
persist.vendor.sys.pay.soter u:object_r:vendor_payment_security_prop:s0
|
||||||
|
persist.vendor.sys.pay.widevine u:object_r:vendor_payment_security_prop:s0
|
||||||
|
persist.vendor.sys.provision.status u:object_r:vendor_payment_security_prop:s0
|
||||||
|
vendor.sys.feature_state u:object_r:vendor_payment_security_prop:s0
|
||||||
|
vendor.sys.rpmb_state u:object_r:vendor_payment_security_prop:s0
|
||||||
|
|
||||||
|
# NFC
|
||||||
|
ro.vendor.nfc. u:object_r:vendor_nfc_mi_prop:s0
|
||||||
|
ro.vendor.se. u:object_r:vendor_nfc_mi_prop:s0
|
||||||
|
|
||||||
|
# Sensors
|
||||||
|
persist.vendor.sensors.ins. u:object_r:vendor_mi_ins_prop:s0
|
||||||
|
persist.vendor.sensors.ins_debug u:object_r:vendor_mi_ins_prop:s0
|
||||||
|
|
||||||
|
# SLA
|
||||||
|
vendor.sla.enabled u:object_r:vendor_slad_prop:s0
|
||||||
|
vendor.sla.ifaces u:object_r:vendor_slad_prop:s0
|
||||||
|
vendor.sla.mode u:object_r:vendor_slad_prop:s0
|
||||||
|
vendor.sla.uidwhitelist u:object_r:vendor_slad_prop:s0
|
||||||
|
vendor.sla.wlan.interface u:object_r:vendor_slad_prop:s0
|
||||||
|
vendor.sla.wwan.interface u:object_r:vendor_slad_prop:s0
|
||||||
|
|
||||||
|
# Thermal
|
||||||
|
vendor.sys.thermal.data.path u:object_r:vendor_thermal_normal_prop:s0
|
||||||
2
sepolicy/vendor/qrtr.te
vendored
Normal file
2
sepolicy/vendor/qrtr.te
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
allow vendor_qrtr vendor_data_file:dir create_dir_perms;
|
||||||
|
allow vendor_qrtr vendor_data_file:file create_file_perms;
|
||||||
9
sepolicy/vendor/rild.te
vendored
Normal file
9
sepolicy/vendor/rild.te
vendored
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
allow rild vendor_radio_smd_device:file { open read write };
|
||||||
|
allow rild vendor_radio_smd_device:chr_file { open read write };
|
||||||
|
allow rild vendor_modem_data_file:dir create_dir_perms;
|
||||||
|
allow rild vendor_modem_data_file:file create_file_perms;
|
||||||
|
set_prop(rild, vendor_deviceid_prop)
|
||||||
|
set_prop(rild, vendor_sno_prop)
|
||||||
|
#set_prop(rild, default_prop)
|
||||||
|
allow rild vendor_data_file:dir create_dir_perms;
|
||||||
|
allow rild vendor_data_file:file create_file_perms;
|
||||||
36
sepolicy/vendor/slad.te
vendored
Normal file
36
sepolicy/vendor/slad.te
vendored
Normal file
|
|
@ -0,0 +1,36 @@
|
||||||
|
type slad, domain;
|
||||||
|
type slad_exec, exec_type, file_type, vendor_file_type;
|
||||||
|
type qti_proc_sla, proc_type;
|
||||||
|
allow slad slad_socket:sock_file { getattr read write };
|
||||||
|
allow slad slad_socket:sock_file unlink;
|
||||||
|
allow slad slad:netlink_socket { bind create read write };
|
||||||
|
allow slad proc_net:file { getattr open read };
|
||||||
|
allow slad system_file:lnk_file getattr;
|
||||||
|
allow slad self:capability { net_admin net_raw setgid setuid };
|
||||||
|
allow slad self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
|
||||||
|
allow slad self:netlink_generic_socket { bind create read setopt write };
|
||||||
|
allow slad self:rawip_socket { create getopt read setopt write };
|
||||||
|
allow slad self:udp_socket { connect create getattr };
|
||||||
|
allow slad sla_data_file:dir { add_name create read remove_name search unlink write };
|
||||||
|
allow slad sla_data_file:dir create_dir_perms;
|
||||||
|
allow slad sla_data_file:file create_file_perms;
|
||||||
|
allow slad sla_data_file:file rw_file_perms;
|
||||||
|
allow slad socket_device:dir write;
|
||||||
|
allow slad socket_device:dir remove_name;
|
||||||
|
allow slad socket_device:dir add_name;
|
||||||
|
allow slad socket_device:sock_file { create setattr unlink };
|
||||||
|
allow slad qti_proc_sla:dir search;
|
||||||
|
allow slad qti_proc_sla:file { map open read write };
|
||||||
|
allow slad vendor_shell_exec:file execute_no_trans;
|
||||||
|
dontaudit slad self:capability dac_read_search;
|
||||||
|
init_daemon_domain(slad)
|
||||||
|
unix_socket_connect(slad, dnsproxyd, slad)
|
||||||
|
unix_socket_connect(slad, dnsproxyd, netd)
|
||||||
|
unix_socket_connect(slad, dnsproxyd, init)
|
||||||
|
unix_socket_connect(slad, fwmarkd, slad)
|
||||||
|
unix_socket_connect(slad, fwmarkd, netd)
|
||||||
|
unix_socket_connect(slad, fwmarkd, init)
|
||||||
|
unix_socket_connect(slad, property, slad)
|
||||||
|
unix_socket_connect(slad, property, netd)
|
||||||
|
set_prop(slad, vendor_slad_prop)
|
||||||
|
net_domain(slad)
|
||||||
4
sepolicy/vendor/surfaceflinger.te
vendored
Normal file
4
sepolicy/vendor/surfaceflinger.te
vendored
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
allow surfaceflinger vendor_sysfs_displayfeature:dir r_dir_perms;
|
||||||
|
allow surfaceflinger vendor_sysfs_displayfeature:file rw_file_perms;
|
||||||
|
allow surfaceflinger vendor_displayfeature_device:chr_file { ioctl open read write };
|
||||||
|
allow surfaceflinger vendor_sysfs_graphics:dir { open read search };
|
||||||
1
sepolicy/vendor/system_server.te
vendored
Normal file
1
sepolicy/vendor/system_server.te
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
allow system_server vendor_hal_displayfeature_xiaomi_default:binder { call transfer };
|
||||||
3
sepolicy/vendor/tee.te
vendored
Normal file
3
sepolicy/vendor/tee.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
allow tee vendor_fingerprint_data_file:dir rw_dir_perms;
|
||||||
|
allow tee vendor_fingerprint_data_file:file rw_file_perms;
|
||||||
|
allow tee vendor_fingerprint_data_file:file create_file_perms;
|
||||||
11
sepolicy/vendor/vendor_qti_init_shell.te
vendored
Normal file
11
sepolicy/vendor/vendor_qti_init_shell.te
vendored
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
allow vendor_qti_init_shell configfs:dir { add_name create write };
|
||||||
|
# NECESSARY?
|
||||||
|
allow vendor_qti_init_shell configfs:dir setattr;
|
||||||
|
# END
|
||||||
|
allow vendor_qti_init_shell sysfs_dm:file rw_file_perms;
|
||||||
|
allow vendor_qti_init_shell sysfs_dm:dir r_dir_perms;
|
||||||
|
allow vendor_qti_init_shell vendor_sysfs_msm_perf:file w_file_perms;
|
||||||
|
allow vendor_qti_init_shell vendor_sysfs_qdss_dev:file { setattr write };
|
||||||
|
set_prop(vendor_qti_init_shell, vendor_panel_info_prop)
|
||||||
|
|
||||||
|
#get_prop(vendor_qti_init_shell, default_prop)
|
||||||
25
sepolicy/vendor/vendorcodec.te
vendored
Normal file
25
sepolicy/vendor/vendorcodec.te
vendored
Normal file
|
|
@ -0,0 +1,25 @@
|
||||||
|
type vendorcodec, domain;
|
||||||
|
type vendorcodec_exec, exec_type, file_type, vendor_file_type;
|
||||||
|
allow vendorcodec hal_sensors_hwservice:hwservice_manager find;
|
||||||
|
allow vendorcodec fwk_sensor_hwservice:hwservice_manager find;
|
||||||
|
allow vendorcodec hal_sensors_default:fd *;
|
||||||
|
allow vendorcodec storage_file:lnk_file read;
|
||||||
|
allow vendorcodec mnt_user_file:dir search;
|
||||||
|
allow vendorcodec mnt_user_file:lnk_file read;
|
||||||
|
allow vendorcodec hal_configstore_default:binder call;
|
||||||
|
allow vendorcodec media_rw_data_file:file write;
|
||||||
|
allow vendorcodec gpu_device:chr_file { getattr ioctl open read write };
|
||||||
|
allow vendorcodec gpu_device:chr_file map;
|
||||||
|
allow vendorcodec vendor_display_prop:file read;
|
||||||
|
allow vendorcodec vendor_display_prop:file open;
|
||||||
|
allow vendorcodec vendor_display_prop:file getattr;
|
||||||
|
allow vendorcodec vendor_display_prop:file map;
|
||||||
|
allow vendorcodec dmabuf_system_heap_device:chr_file { getattr ioctl open read };
|
||||||
|
init_daemon_domain(vendorcodec)
|
||||||
|
set_prop(vendorcodec, vendor_dolbyv_prop)
|
||||||
|
vndbinder_use(vendorcodec)
|
||||||
|
hal_server_domain(vendorcodec, hal_codec2)
|
||||||
|
hal_client_domain(vendorcodec, hal_allocator)
|
||||||
|
hal_client_domain(vendorcodec, hal_codec2)
|
||||||
|
hal_client_domain(vendorcodec, hal_graphics_allocator)
|
||||||
|
hal_client_domain(vendorcodec, hal_sensors)
|
||||||
2
sepolicy/vendor/vndservice_contexts
vendored
Normal file
2
sepolicy/vendor/vndservice_contexts
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
display.mistcservice u:object_r:vendor_mistcdisplay_service:s0
|
||||||
|
DisplayFeatureControl u:object_r:vendor_DisplayFeatureControl_service:s0
|
||||||
16
sepolicy/vendor/wcnss_service.te
vendored
Normal file
16
sepolicy/vendor/wcnss_service.te
vendored
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
#allow vendor_wcnss_service self:netlink_generic_socket ioctl;
|
||||||
|
allow vendor_wcnss_service self:capability { net_raw setgid setuid };
|
||||||
|
#allow vendor_wcnss_service self:packet_socket { bind create getopt ioctl map read setopt };
|
||||||
|
allow vendor_wcnss_service self:packet_socket write;
|
||||||
|
allow vendor_wcnss_service sysfs_net:file read;
|
||||||
|
allow vendor_wcnss_service vendor_mac_vendor_data_file:dir { add_name open read search setattr write };
|
||||||
|
allow vendor_wcnss_service vendor_mac_vendor_data_file:dir rw_dir_perms;
|
||||||
|
allow vendor_wcnss_service vendor_mac_vendor_data_file:file { create getattr open read setattr write };
|
||||||
|
allow vendor_wcnss_service mnt_vendor_file:dir { add_name create read search write };
|
||||||
|
allow vendor_wcnss_service mnt_vendor_file:file { create open read setattr write };
|
||||||
|
#allow vendor_wcnss_service vendor_diag_device:chr_file { create ioctl open read write };
|
||||||
|
allow vendor_wcnss_service vendor_sysfs_diag:dir search;
|
||||||
|
allow vendor_wcnss_service vendor_sysfs_diag:file { open read };
|
||||||
|
allow vendor_wcnss_service vendor_wifi_vendor_log_data_file:dir { add_name getattr open read remove_name search setattr write };
|
||||||
|
allow vendor_wcnss_service vendor_wifi_vendor_log_data_file:file { append create getattr open read rename setattr unlink write };
|
||||||
|
allow vendor_wcnss_service vendor_proc_wifi_dbg:file { create getattr open read setattr write };
|
||||||
Loading…
Reference in a new issue