sm8450-common: Address marble denials

Change-Id: Icb73c862a1da3fa43da1885f7da93f2c71fe9da7
Signed-off-by: Jens Reidel <adrian@travitia.xyz>
This commit is contained in:
Jens Reidel 2024-02-15 14:43:18 +01:00 committed by Arian
parent e6fb9bb57c
commit a49e28c03c
3 changed files with 10 additions and 0 deletions

View file

@ -27,13 +27,20 @@ allow vendor_hal_citsensorservice_xiaomi_default fwk_sensor_hwservice:hwservice_
allow vendor_hal_citsensorservice_xiaomi_default system_server:binder { call transfer };
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_displayfeature:dir search;
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_displayfeature:file { open read };
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_graphics:dir r_dir_perms;
allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_graphics:file r_file_perms;
allow vendor_hal_citsensorservice_xiaomi_default vendor_displayfeature_device:chr_file { ioctl open read write };
allow vendor_hal_citsensorservice_xiaomi_default hal_graphics_mapper_hwservice:hwservice_manager find;
allow vendor_hal_citsensorservice_xiaomi_default vendor_qdisplay_service:service_manager find;
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_display_config_hwservice:hwservice_manager find;
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_display_config_hwservice:binder { call transfer };
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_display_config_hwservice:fd *;
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_sensorcommunicate_default:binder call;
allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_sensorcommunicate_default:binder transfer;
allowxperm vendor_hal_citsensorservice_xiaomi_default self:socket ioctl msm_sock_ipc_ioctls;
allowxperm vendor_hal_citsensorservice_xiaomi_default self:qipcrtr_socket ioctl msm_sock_ipc_ioctls;
r_dir_file(vendor_hal_citsensorservice_xiaomi_default, mnt_vendor_file)
get_prop(vendor_hal_citsensorservice_xiaomi_default, vendor_sensors_prop)
userdebug_or_eng(`get_prop(vendor_hal_citsensorservice_xiaomi_default, vendor_sensors_debug_prop)');

2
sepolicy/vendor/sensors.te vendored Normal file
View file

@ -0,0 +1,2 @@
allow vendor_sensors vendor_sysfs_displayfeature:dir search;
allow vendor_sensors vendor_sysfs_displayfeature:file { getattr open read };

1
sepolicy/vendor/system_server.te vendored Normal file
View file

@ -0,0 +1 @@
allow system_server vendor_hal_citsensorservice_xiaomi_default:binder { call transfer };