tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Associate hal_service_type with all HAL services"

Browse source
This commit is contained in:
Thiébaud Weksteen 2022-02-17 04:28:09 +00:00 committed by Gerrit Code Review
commit b18abcdd51
3 changed files with 48 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
public/attributes
View file

@ -198,6 +198,8 @@ attribute protected_hwservice;
# All types used for services managed by vndservicemanager
attribute vndservice_manager_type;
# All services declared as part of an HAL
attribute hal_service_type;
# All domains that can override MLS restrictions.
# i.e. processes that can read up and write down.

5
public/dumpstate.te
View file

@ -142,6 +142,7 @@ r_dir_file(dumpstate, cgroup_v2)
binder_call(dumpstate, binderservicedomain)
binder_call(dumpstate, { appdomain netd wificond })
# Allow dumpstate to call dump() on specific hals.
dump_hal(hal_dumpstate)
dump_hal(hal_wifi)
dump_hal(hal_graphics_allocator)
@ -254,7 +255,7 @@ allow dumpstate {
-apex_service
-dumpstate_service
-gatekeeper_service
-hal_wifi_supplicant_service
-hal_service_type
-virtual_touchpad_service
-vold_service
-default_android_service
@ -264,7 +265,7 @@ dontaudit dumpstate {
apex_service
dumpstate_service
gatekeeper_service
hal_wifi_supplicant_service
hal_service_type
virtual_touchpad_service
vold_service
}:service_manager find;

86
public/service.te
View file

@ -259,54 +259,54 @@ type inputflinger_service, system_api_service, system_server_service, service_ma
type wpantund_service, system_api_service, service_manager_type;
type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type emergency_affordance_service, system_server_service, service_manager_type;
type hal_wifi_hostapd_service, vendor_service, protected_service, service_manager_type;
type hal_wifi_supplicant_service, vendor_service, protected_service, service_manager_type;
###
### HAL Services
###
type hal_audio_service, vendor_service, protected_service, service_manager_type;
type hal_audiocontrol_service, vendor_service, service_manager_type;
type hal_authsecret_service, vendor_service, protected_service, service_manager_type;
type hal_camera_service, vendor_service, protected_service, service_manager_type;
type hal_contexthub_service, vendor_service, protected_service, service_manager_type;
type hal_dice_service, vendor_service, protected_service, service_manager_type;
type hal_drm_service, vendor_service, service_manager_type;
type hal_dumpstate_service, vendor_service, protected_service, service_manager_type;
type hal_evs_service, vendor_service, protected_service, service_manager_type;
type hal_face_service, vendor_service, protected_service, service_manager_type;
type hal_fingerprint_service, vendor_service, protected_service, service_manager_type;
type hal_gnss_service, vendor_service, protected_service, service_manager_type;
type hal_graphics_allocator_service, vendor_service, service_manager_type;
type hal_graphics_composer_service, vendor_service, protected_service, service_manager_type;
type hal_health_service, vendor_service, protected_service, service_manager_type;
type hal_health_storage_service, vendor_service, protected_service, service_manager_type;
type hal_identity_service, vendor_service, protected_service, service_manager_type;
type hal_input_processor_service, vendor_service, protected_service, service_manager_type;
type hal_ir_service, vendor_service, protected_service, service_manager_type;
type hal_keymint_service, vendor_service, protected_service, service_manager_type;
type hal_light_service, vendor_service, protected_service, service_manager_type;
type hal_memtrack_service, vendor_service, protected_service, service_manager_type;
type hal_neuralnetworks_service, vendor_service, service_manager_type;
type hal_nfc_service, vendor_service, protected_service, service_manager_type;
type hal_oemlock_service, vendor_service, protected_service, service_manager_type;
type hal_power_service, vendor_service, protected_service, service_manager_type;
type hal_power_stats_service, vendor_service, protected_service, service_manager_type;
type hal_radio_service, vendor_service, protected_service, service_manager_type;
type hal_rebootescrow_service, vendor_service, protected_service, service_manager_type;
type hal_remotelyprovisionedcomponent_service, vendor_service, protected_service, service_manager_type;
type hal_sensors_service, vendor_service, protected_service, service_manager_type;
type hal_secureclock_service, vendor_service, protected_service, service_manager_type;
type hal_sharedsecret_service, vendor_service, protected_service, service_manager_type;
type hal_system_suspend_service, protected_service, service_manager_type;
type hal_tv_tuner_service, vendor_service, protected_service, service_manager_type;
type hal_usb_service, vendor_service, protected_service, service_manager_type;
type hal_uwb_service, vendor_service, protected_service, service_manager_type;
type hal_vehicle_service, vendor_service, protected_service, service_manager_type;
type hal_vibrator_service, vendor_service, protected_service, service_manager_type;
type hal_weaver_service, vendor_service, protected_service, service_manager_type;
type hal_nlinterceptor_service, vendor_service, protected_service, service_manager_type;
type hal_audio_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_audiocontrol_service, vendor_service, hal_service_type, service_manager_type;
type hal_authsecret_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_camera_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_contexthub_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_dice_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_drm_service, vendor_service, hal_service_type, service_manager_type;
type hal_dumpstate_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_evs_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_face_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_fingerprint_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_gnss_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_graphics_allocator_service, vendor_service, hal_service_type, service_manager_type;
type hal_graphics_composer_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_health_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_health_storage_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_identity_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_input_processor_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_ir_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_keymint_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_light_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_memtrack_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_neuralnetworks_service, vendor_service, hal_service_type, service_manager_type;
type hal_nfc_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_oemlock_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_power_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_power_stats_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_radio_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_rebootescrow_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_remotelyprovisionedcomponent_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_sensors_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_secureclock_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_sharedsecret_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_system_suspend_service, protected_service, hal_service_type, service_manager_type;
type hal_tv_tuner_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_usb_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_uwb_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_vehicle_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_vibrator_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_weaver_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_nlinterceptor_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_wifi_hostapd_service, vendor_service, protected_service, hal_service_type, service_manager_type;
type hal_wifi_supplicant_service, vendor_service, protected_service, hal_service_type, service_manager_type;
###
### Neverallow rules