8faa47c3ec
We will continue to restrict access to /dev/kvm and /dev/vhost-vsock with SELinux. Bug: 245727626 Test: atest -p packages/modules/Virtualization:avf-presubmit Change-Id: Id4f3e19c18a51bc51e6363d6ffde31c1032cf967
83 lines
3.1 KiB
Text
83 lines
3.1 KiB
Text
import /vendor/etc/ueventd.rc
|
|
import /odm/etc/ueventd.rc
|
|
|
|
firmware_directories /etc/firmware/ /odm/firmware/ /vendor/firmware/ /firmware/image/
|
|
uevent_socket_rcvbuf_size 16M
|
|
|
|
subsystem graphics
|
|
devname uevent_devpath
|
|
dirname /dev/graphics
|
|
|
|
subsystem drm
|
|
devname uevent_devpath
|
|
dirname /dev/dri
|
|
|
|
subsystem input
|
|
devname uevent_devpath
|
|
dirname /dev/input
|
|
|
|
subsystem sound
|
|
devname uevent_devpath
|
|
dirname /dev/snd
|
|
|
|
subsystem dma_heap
|
|
devname uevent_devpath
|
|
dirname /dev/dma_heap
|
|
# ueventd can only set permissions on device nodes and their associated
|
|
# sysfs attributes, not on arbitrary paths.
|
|
#
|
|
# format for /dev rules: devname mode uid gid
|
|
# format for /sys rules: nodename attr mode uid gid
|
|
# shortcut: "mtd@NN" expands to "/dev/mtd/mtdNN"
|
|
|
|
/dev/null 0666 root root
|
|
/dev/zero 0666 root root
|
|
/dev/full 0666 root root
|
|
/dev/ptmx 0666 root root
|
|
/dev/tty 0666 root root
|
|
/dev/random 0666 root root
|
|
/dev/urandom 0666 root root
|
|
# Aside from kernel threads, only prng_seeder needs access to HW RNG
|
|
/dev/hw_random 0400 prng_seeder prng_seeder
|
|
/dev/ashmem* 0666 root root
|
|
/dev/binder 0666 root root
|
|
/dev/hwbinder 0666 root root
|
|
/dev/vndbinder 0666 root root
|
|
|
|
/dev/pmsg0 0222 root log
|
|
/dev/dma_heap/system 0444 system system
|
|
/dev/dma_heap/system-uncached 0444 system system
|
|
/dev/dma_heap/system-secure 0444 system system
|
|
|
|
# kms driver for drm based gpu
|
|
/dev/dri/* 0666 root graphics
|
|
|
|
# these should not be world writable
|
|
/dev/uhid 0660 uhid uhid
|
|
/dev/uinput 0660 uhid uhid
|
|
/dev/rtc0 0640 system system
|
|
/dev/tty0 0660 root system
|
|
/dev/graphics/* 0660 root graphics
|
|
/dev/input/* 0660 root input
|
|
/dev/v4l-touch* 0660 root input
|
|
/dev/snd/* 0660 system audio
|
|
/dev/bus/usb/* 0660 root usb
|
|
/dev/mtp_usb 0660 root mtp
|
|
/dev/usb_accessory 0660 root usb
|
|
/dev/tun 0660 system vpn
|
|
|
|
# CDMA radio interface MUX
|
|
/dev/ppp 0660 radio vpn
|
|
|
|
/dev/kvm 0666 root root
|
|
/dev/vhost-vsock 0666 root root
|
|
|
|
# sysfs properties
|
|
/sys/devices/platform/trusty.* trusty_version 0440 root log
|
|
/sys/devices/virtual/input/input* enable 0660 root input
|
|
/sys/devices/virtual/input/input* poll_delay 0660 root input
|
|
/sys/devices/virtual/usb_composite/* enable 0664 root system
|
|
/sys/devices/system/cpu/cpu* cpufreq/scaling_max_freq 0664 system system
|
|
/sys/devices/system/cpu/cpu* cpufreq/scaling_min_freq 0664 system system
|
|
/sys/devices/virtual/misc/uhid/*/leds/* brightness 0664 system system
|
|
/sys/devices/virtual/misc/uhid/*/leds/* multi_intensity 0664 system system
|