diff options
| author | Alessandro Astone <ales.astone@gmail.com> | 2020-12-13 00:17:36 +0100 |
|---|---|---|
| committer | Alessandro Astone <ales.astone@gmail.com> | 2021-01-28 20:08:27 +0100 |
| commit | 302404f1f150ad910693c1cf71abef481e77577a (patch) | |
| tree | b605ba96b4defc73e62e9b7646eef641a3ee54e6 | |
| parent | 6699ccdb434ccbffda9fdb8baf77bb6f1568773d (diff) | |
sm8250-common: Update sepolicy for eleven
Change-Id: Ifc02832f5f4a2391c67d0ef8773c6b424d85e4dc
| -rw-r--r-- | BoardConfigCommon.mk | 1 | ||||
| -rw-r--r-- | regen-vendor.sh | 1 | ||||
| -rw-r--r-- | sepolicy/private/file_contexts | 1 | ||||
| -rw-r--r-- | sepolicy/vendor/fastbootd.te | 14 | ||||
| -rw-r--r-- | sepolicy/vendor/file.te | 3 | ||||
| -rw-r--r-- | sepolicy/vendor/file_contexts | 10 | ||||
| -rw-r--r-- | sepolicy/vendor/fsck.te | 2 | ||||
| -rw-r--r-- | sepolicy/vendor/genfs_contexts | 2 | ||||
| -rw-r--r-- | sepolicy/vendor/hal_bootctl_default.te | 2 | ||||
| -rw-r--r-- | sepolicy/vendor/hal_gnss_qti.te | 2 | ||||
| -rw-r--r-- | sepolicy/vendor/mac_permissions.xml | 1 | ||||
| -rw-r--r-- | sepolicy/vendor/netmgrd.te | 1 | ||||
| -rw-r--r-- | sepolicy/vendor/qmipriod.te | 46 | ||||
| -rw-r--r-- | sepolicy/vendor/qti_init_shell.te | 4 | ||||
| -rw-r--r-- | sepolicy/vendor/seapp_contexts | 1 | ||||
| -rw-r--r-- | sepolicy/vendor/tee.te | 2 | ||||
| -rw-r--r-- | sepolicy/vendor/vendor_hal_gnss_qti.te | 2 | ||||
| -rw-r--r-- | sepolicy/vendor/vendor_init.te | 2 | ||||
| -rw-r--r-- | sepolicy/vendor/vendor_modprobe.te | 1 | ||||
| -rw-r--r-- | sepolicy/vendor/vendor_qti_init_shell.te | 4 |
20 files changed, 20 insertions, 82 deletions
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index add9f45..596de09 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -200,6 +200,7 @@ TARGET_PROVIDES_QTI_TELEPHONY_JAR := true # Sepolicy include device/qcom/sepolicy_vndr/SEPolicy.mk +BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(COMMON_PATH)/sepolicy/private BOARD_VENDOR_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor # Verified Boot diff --git a/regen-vendor.sh b/regen-vendor.sh index 30bfac6..a635339 100644 --- a/regen-vendor.sh +++ b/regen-vendor.sh @@ -670,7 +670,6 @@ function as_module() { sed -i "s|vendor/$1$|-vendor/$1|g" $_output_file } -presign "app/TimeService/TimeService.apk" presign "app/TrustZoneAccessService/TrustZoneAccessService.apk" as_module "lib64/libthermalclient.so" as_module "lib/libthermalclient.so" diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts new file mode 100644 index 0000000..a4efc07 --- /dev/null +++ b/sepolicy/private/file_contexts @@ -0,0 +1 @@ +/(product|system/product)/bin/dpmd u:object_r:vendor_dpmd_exec:s0 diff --git a/sepolicy/vendor/fastbootd.te b/sepolicy/vendor/fastbootd.te deleted file mode 100644 index 0e5a5e0..0000000 --- a/sepolicy/vendor/fastbootd.te +++ /dev/null @@ -1,14 +0,0 @@ -recovery_only(` -allow fastbootd { - custom_ab_block_device - recovery_block_device - xbl_block_device - uefi_block_device - modem_block_device - mdtp_device - gpt_block_device -}:blk_file { rw_file_perms }; - -allow fastbootd sg_device:chr_file rw_file_perms; -allow fastbootd tmpfs:lnk_file { getattr read }; -') diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index e6a41c9..11a300e 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -4,9 +4,6 @@ type demoapp_file, file_type; type log_file, file_type; type xrom_file, file_type; -# Files in userdata -type qmipriod_data_file, file_type, data_file_type; - # Files in proc type proc_touchscreen, proc_type, sysfs_type, fs_type; type asus_display_proc_exec, proc_type; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index b4b5899..24f1d49 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -1,6 +1,6 @@ # ASUS partitions. -/dev/block/platform/soc/1d84000\.ufshc/by-name/asusfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/soc/1d84000\.ufshc/by-name/xrom_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/asusfw_[ab] u:object_r:vendor_custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000\.ufshc/by-name/xrom_[ab] u:object_r:vendor_custom_ab_block_device:s0 /dev/block/platform/soc/1d84000\.ufshc/by-name/ADF u:object_r:asus_block_device:s0 /dev/block/platform/soc/1d84000\.ufshc/by-name/APD u:object_r:asus_block_device:s0 /dev/block/platform/soc/1d84000\.ufshc/by-name/asdf u:object_r:asdf_block_device:s0 @@ -20,13 +20,9 @@ /sys/devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/thermal_gpio u:object_r:sysfs_battery_supply:s0 /sys/devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/TypeC_Side_Detect2 u:object_r:sysfs_battery_supply:s0 /sys/devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:vadc@3100/iio:device1/in_temp_wp_therm_input u:object_r:sysfs_battery_supply:s0 -/sys/devices/virtual/sensors(/.*)? u:object_r:sysfs_sensors:s0 +/sys/devices/virtual/sensors(/.*)? u:object_r:vendor_sysfs_sensors:s0 # Binaries /vendor/bin/hw/vendor\.lineage\.touch@1\.0-service\.asus_kona u:object_r:hal_lineage_touch_default_exec:s0 /vendor/bin/hw/vendor\.lineage\.biometrics\.fingerprint\.inscreen@1\.0-service\.asus_kona u:object_r:hal_fod_asus_kona_exec:s0 -/vendor/bin/qmipriod u:object_r:qmipriod_exec:s0 /vendor/bin/awk u:object_r:vendor_toolbox_exec:s0 - -# Files in data -/data/vendor/qmipriod(/.*)? u:object_r:qmipriod_data_file:s0 diff --git a/sepolicy/vendor/fsck.te b/sepolicy/vendor/fsck.te index 53cd7a2..d3fedd3 100644 --- a/sepolicy/vendor/fsck.te +++ b/sepolicy/vendor/fsck.te @@ -1,5 +1,5 @@ allow fsck { - custom_ab_block_device + vendor_custom_ab_block_device asus_block_device asdf_block_device }:blk_file rw_file_perms; diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index 6f30f7f..c392351 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -9,6 +9,8 @@ genfscon sysfs /devices/platform/soc/884000.i2c/i2c-6/6-005e/power_supply/pca946 genfscon sysfs /devices/platform/soc/884000.i2c/i2c-6/6-0025/power_supply/wireless/type u:object_r:sysfs_battery_supply:s0 genfscon sysfs /devices/platform/soc/884000.i2c/i2c-6/6-0025/power_supply/wireless/online u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/rtc u:object_r:sysfs_rtc:s0 + genfscon proc /driver/lcd_code_version u:object_r:asus_display_proc_exec:s0 genfscon proc /driver/hbm_off_delay u:object_r:asus_display_proc_exec:s0 genfscon proc /driver/panel_reg_rw u:object_r:asus_display_proc_exec:s0 diff --git a/sepolicy/vendor/hal_bootctl_default.te b/sepolicy/vendor/hal_bootctl_default.te index 84d58d3..e5c73b6 100644 --- a/sepolicy/vendor/hal_bootctl_default.te +++ b/sepolicy/vendor/hal_bootctl_default.te @@ -1 +1 @@ -allow hal_bootctl_default uefi_block_device:blk_file getattr; +allow hal_bootctl_default vendor_uefi_block_device:blk_file getattr; diff --git a/sepolicy/vendor/hal_gnss_qti.te b/sepolicy/vendor/hal_gnss_qti.te deleted file mode 100644 index 36aebf8..0000000 --- a/sepolicy/vendor/hal_gnss_qti.te +++ /dev/null @@ -1,2 +0,0 @@ -use_vendor_per_mgr(hal_gnss_qti) -allow hal_gnss_qti init:unix_stream_socket connectto; diff --git a/sepolicy/vendor/mac_permissions.xml b/sepolicy/vendor/mac_permissions.xml deleted file mode 100644 index 16bb66a..0000000 --- a/sepolicy/vendor/mac_permissions.xml +++ /dev/null @@ -1 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?><!-- AUTOGENERATED FILE DO NOT MODIFY --><policy><signer signature="308203fb308202e3a0030201020209008e995cca5cd25bd5300d06092a864886f70d01010b0500308194310b300906035504061302494e3112301006035504080c0954656c616e67616e613112301006035504070c0948796465726162616431163014060355040a0c0d5175616c636f6d6d2c496e632e310c300a060355040b0c03514354310f300d06035504030c067367616e64653126302406092a864886f70d01090116177367616e6465407174692e7175616c636f6d6d2e636f6d301e170d3138303631383035333431355a170d3435313130333035333431355a308194310b300906035504061302494e3112301006035504080c0954656c616e67616e613112301006035504070c0948796465726162616431163014060355040a0c0d5175616c636f6d6d2c496e632e310c300a060355040b0c03514354310f300d06035504030c067367616e64653126302406092a864886f70d01090116177367616e6465407174692e7175616c636f6d6d2e636f6d30820120300d06092a864886f70d01010105000382010d0030820108028201010097f6ac2c6cb452f65cd5807ca39f0d80e42015c34798484209224e53b780eb7b1ee4365495f0884eeef43c6e068d99fdb8ea0348ec4f2a153d4bf82f4673579b091d3c8d986b596c4f18d47697a292164d3337ac009973f7e5843522944c0bc21c129da3cb6fe65f040ce225f078ce55454eab56f69a721d3b8a2edc99fd3dddd086e92ac42f7ae52b462d82ec3f832f0e266bc8cbc59c41ef8488ac90c70303b67c17d561daf5ce8995d97c37c81c8ff4bb47d62667d266b32b68b02dcd23c0c0343243fdbd7cb402053f2b4e5f2b6346035a2160613e57294fdbfc5d3a84c6606f68fab4381386911cb8549b4aeb609fa032be5d35f0182ab624361600150f020103a350304e301d0603551d0e04160414e6856228b1f6786e810a4d07d8a57c8410a58973301f0603551d23041830168014e6856228b1f6786e810a4d07d8a57c8410a58973300c0603551d13040530030101ff300d06092a864886f70d01010b0500038201010039eb485883c355f3c975bc8266ebb7f664d39d45171d37d71f45972f409fb96fa162e72dce5ab019654a2af34f46c15ccc04b0f7f645bb15e0fb486a17127d1a12234f5bb3b0d3013234829c9db2f50520aa35bb85a680ee4e6f1603cd4d1b78d5237b1e26d6c9065387f34d2e74cb2eab51e547605fd201bb0ab0aa480a16ba9bbac054fd6ef8d11fddb177f9f1f5fe47bca74b1ee09abf2f70a00a7ea40646d3a418437af9c60854ad2173781c116720af11da0f34c2919c0b0b48f0d534f2a19abbe9cc13ae16916b32290c4e788eb9ad0eeeed4ca336fd25409527780a83a5c38e43a0814673e183a78d94d80adf9433803b9574cdc2efa8d21c30f1c101"><seinfo value="sysmonapp"/></signer><signer signature="308203a73082028fa00302010202042e6686c3300d06092a864886f70d01010b0500308183310b30090603550406130255533110300e06035504081307556e6b6e6f776e3110300e06035504071307556e6b6e6f776e31243022060355040a131b5175616c636f6d6d20546563686e6f6c6f676965732c20496e632e310c300a060355040b1303535347311c301a060355040313135353472050726976696c656765642041707073301e170d3137303631393231303031365a170d3434313130343231303031365a308183310b30090603550406130255533110300e06035504081307556e6b6e6f776e3110300e06035504071307556e6b6e6f776e31243022060355040a131b5175616c636f6d6d20546563686e6f6c6f676965732c20496e632e310c300a060355040b1303535347311c301a060355040313135353472050726976696c65676564204170707330820122300d06092a864886f70d01010105000382010f003082010a0282010100ac1a4faeaefb60948f8e0461b39378a172ec40268f7e54234da27e725983ebe83071aba78388238d751b0b71d79a0fb7e0e0ee4ca6aaef2eadca839c84b5b041994c2b20a859d5aaf19693468b1b83f068a98ba39914dfae712169951effde1f866eece5b676f7d5922af373fa7aa4d4b89946caaf9d9da3ae81fc15b218e43aa1cc6431aa79e22f8926c3c59787a322801be15b902ac0f30ab816149a0bc1b0094ccbf05637abdca204b280f7ae57ed7e658903cbb639cc2147d2f467c8135567485048fe04fa3786903c94d83838a19b17935ecff303bda829dd301893a13e6a47befee5a23cf76864ba6ed16bd953498b2308fe14e01ac8793e19f41240ab0203010001a321301f301d0603551d0e04160414569cf30c261df0d8f466683ca818edbcf3640a52300d06092a864886f70d01010b050003820101003b059a5a0668f95824db34262566621638dba2f3d5d58f11a60ffe378a914b697baf1ba3d5f160c8b749246539c08b57bb344d7293b3274126b7ee05dfe5e61633baccc57f7481a7befcfe4ff114fc1a9e0e8594fb21336958a619108ba6c6f9c770afe701600f8089f304390d92c51ac1cdc0094d248283a22625df5d6b878239f0583740612fcc8e55f2223bbcc7ed4f933c976c4d8f34eb9a41d95a6565edcec74a55fc64e112bd526dfef62d57afac8f348a91b2e0634e168cc3be34bb8c20da839921363a6fb4417e7f67c58bbccc7ce6216136c622c1e918367396b77ca88e59788bc614a5aecd6eb84fb9e36f74643b4ea42440d0ce35d42964ca32d4"><seinfo value="ssgapp"/></signer><signer signature="308203e4308202cca003020102020900b3bc78214d39dc96300d06092a864886f70d01010b0500308186310b3009060355040613025457310f300d06035504080c0654616977616e310f300d06035504070c065461697065693110300e060355040a0c074173757354656b3110300e060355040b0c0750686f6e6542553110300e06035504030c075a533636314b53311f301d06092a864886f70d0109011610737570706f727440617375732e636f6d3020170d3230303931353033323134395a180f32303531303931373033323134395a308186310b3009060355040613025457310f300d06035504080c0654616977616e310f300d06035504070c065461697065693110300e060355040a0c074173757354656b3110300e060355040b0c0750686f6e6542553110300e06035504030c075a533636314b53311f301d06092a864886f70d0109011610737570706f727440617375732e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100c0002002324c5cf7da62253aac8ce5a0a1659f21fb345f711c7602373ee037831a9f35d9f92570952ca5227acc0e39141ad0861a232280d3c7531d498c52ee5150bd0bc5d74ae6ee9f4664399ab5eb19b7a8ce922fb95550506892349087fd78e953a5164fefe25508dff72046f87436bf95cc8830bacd21baf1487f9088fc2bb8afde61f6c2b65a592cfeeaea85aa4e47f6fbfdc28441f73d466a9777e7b338f737904e0b78cf83fa4db9250d35a49eedbc475b71a7b8033ee97ac201d34f8738066d97c691c22378ff653d5944759c68ba61358368bc5bc4eaca1fe2ced9ab96b105da202d90f834ca4bd58026e4a12e6ba3f80c245fc4bad8546500666027020103a3533051301d0603551d0e041604149afaf4d6a615d9d0ddd7090a6d5a3e47f0235f67301f0603551d230418301680149afaf4d6a615d9d0ddd7090a6d5a3e47f0235f67300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010066db2353816e6bfa3caa9277a537325775e201ca6d9e66ce55fc8ebe218c16533e00ce149cea5b137e301ee808ff88905746147a138a74166aa1d3e4e1e83e6e9186d8827ccea911559017058ab873072452ea0c649f143ac1559e9338d86578212ee085b429fbc8a94191b0ebb77ca53357edc4e1fb41c74cdcd3f2d7973e1885f4603ce5486d183c33649107d4b55a467de9a8c38df43fc57069c0c66d611b2409fd5320d09d150a35d6e147163d1916c64847d13d6f04f33ca9795e1fb32ec1fac9fec9cc999944cad60997a8a768b356b9f115138649d8e76dda604e68215de54b589ee54583f146c40612189eeb2cdb39e0ea3564a3490589f0d9d67332"><seinfo value="timeserviceapp"/></signer><signer signature="3082033930820221a0030201020204379792b1300d06092a864886f70d01010b0500304d314b304906035504031342515745532050726976696c6567656420417070732c204f3d5175616c636f6d6d20546563686e6f6c6f676965732c20496e632e2c204f553d515745532c20433d5553301e170d3139313031323030353730375a170d3434313030353030353730375a304d314b304906035504031342515745532050726976696c6567656420417070732c204f3d5175616c636f6d6d20546563686e6f6c6f676965732c20496e632e2c204f553d515745532c20433d555330820122300d06092a864886f70d01010105000382010f003082010a02820101009cfa61ea094fbccc5513a36aec768c8474c3b479f7a74e3a6d6fe0bb22dc905f2c041d779378470f7890e51411523d7d01567a1a114985f52749c8c91650dcfa6ebe29d6a63e4d090ff70f67cbabb77e3c08b460b29e3d0b207f23e55f3ae1222f28cf26c420ed69245e4dcbaaef09b56365099ad33d26f82c6da7f3c7cb13ec324abdb8ceb7255cb847517a858296a836e7f2c41a188cef935b940ed74b4149e0939cdf4bc5a726f8fd1bcb8f951bb66c31a4dae52418487d21936154cbd7794f41a524275b979ad81b6e82f82cd735dd952c38509b5ba822621a5c2f88c66f71c65cb0898ef31ce3abe2579d739fe76bb7e3e26e3d4c977e7d1e889766aeb10203010001a321301f301d0603551d0e04160414877ac02974cb3dbe255aa46bb208c738d25da8a4300d06092a864886f70d01010b050003820101006647c24a02bf43aec48d91a4e6cdfc6cfc2a7641956caa7562093c541460d8c91695d6cfc61555a5367afc8c453497463a9224cc5e7452fd2a41d918a136ecada7718fad7a07e464fe1db834552c8414a5581585f00746d588bbac01fad0ec44f25cac09bf629ce9d527a0780852d5eb24b0007a91622241167bd134ab3e4a108c596c267adec045abf47566110aa0e524816eb04b36c4a095032697f469229a5cc41c4a505c6be8784e652e8393dd534d33ec152015b3a77497862ece9ca349b3990dd50bf81bbae0d2a6ed71884430f46683e63b9e8a0fac1308b1101f626866f0a941f856aa60f8481160bab301da9b31d4413e1a08b1ba72e9906f563fb5"><seinfo value="qwesasapp"/></signer></policy>
\ No newline at end of file diff --git a/sepolicy/vendor/netmgrd.te b/sepolicy/vendor/netmgrd.te deleted file mode 100644 index e050c41..0000000 --- a/sepolicy/vendor/netmgrd.te +++ /dev/null @@ -1 +0,0 @@ -allow netmgrd qmipriod:unix_stream_socket connectto; diff --git a/sepolicy/vendor/qmipriod.te b/sepolicy/vendor/qmipriod.te deleted file mode 100644 index b7e2f3d..0000000 --- a/sepolicy/vendor/qmipriod.te +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright (c) 2020, The Linux Foundation. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials provided -# with the distribution. -# * Neither the name of The Linux Foundation nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS -# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN -# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -type qmipriod, domain; -type qmipriod_exec, exec_type, vendor_file_type, file_type; - -#set domains -init_daemon_domain(qmipriod) -net_domain(qmipriod) - -#allow use of the QRTR socket for the QMI communication -allow qmipriod self:qipcrtr_socket create_socket_perms_no_ioctl; - -#allow use of netmgrd unix sockets -netmgr_socket(qmipriod); -allow qmipriod netmgrd_socket:dir w_dir_perms; -allow qmipriod netmgrd_socket:sock_file create; - -#allow logging to file for engineering builds -userdebug_or_eng(` - allow qmipriod qmipriod_data_file:dir rw_dir_perms; - allow qmipriod qmipriod_data_file:file create_file_perms; -') diff --git a/sepolicy/vendor/qti_init_shell.te b/sepolicy/vendor/qti_init_shell.te deleted file mode 100644 index 5ed37e7..0000000 --- a/sepolicy/vendor/qti_init_shell.te +++ /dev/null @@ -1,4 +0,0 @@ -allow qti_init_shell proc_cmdline:file r_file_perms; -get_prop(qti_init_shell, exported_wifi_prop) -allow qti_init_shell bat_file:dir create_dir_perms; -allow qti_init_shell bat_file:file create_file_perms; diff --git a/sepolicy/vendor/seapp_contexts b/sepolicy/vendor/seapp_contexts new file mode 100644 index 0000000..67ecd4a --- /dev/null +++ b/sepolicy/vendor/seapp_contexts @@ -0,0 +1 @@ +user=radio seinfo=platform name=.qtidataservices domain=vendor_qtidataservices_app type=radio_data_file diff --git a/sepolicy/vendor/tee.te b/sepolicy/vendor/tee.te index 6ae0d02..e4930cc 100644 --- a/sepolicy/vendor/tee.te +++ b/sepolicy/vendor/tee.te @@ -1,2 +1,2 @@ -allow tee mnt_vendor_file:dir w_dir_perms; +allow tee mnt_vendor_file:dir rw_dir_perms; allow tee mnt_vendor_file:file create_file_perms; diff --git a/sepolicy/vendor/vendor_hal_gnss_qti.te b/sepolicy/vendor/vendor_hal_gnss_qti.te new file mode 100644 index 0000000..3a2e08d --- /dev/null +++ b/sepolicy/vendor/vendor_hal_gnss_qti.te @@ -0,0 +1,2 @@ +use_vendor_per_mgr(vendor_hal_gnss_qti) +allow vendor_hal_gnss_qti init:unix_stream_socket connectto; diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index 141a448..876d2a3 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -1,3 +1,5 @@ allow vendor_init cgroup:file getattr; allow vendor_init asus_display_proc_exec:file { read write getattr open }; allow vendor_init proc:file getattr; +get_prop(vendor_init, vendor_wifi_prop) +get_prop(vendor_init, default_prop) diff --git a/sepolicy/vendor/vendor_modprobe.te b/sepolicy/vendor/vendor_modprobe.te new file mode 100644 index 0000000..db5cf4c --- /dev/null +++ b/sepolicy/vendor/vendor_modprobe.te @@ -0,0 +1 @@ +allow vendor_modprobe vendor_debugfs_ipc:dir search; diff --git a/sepolicy/vendor/vendor_qti_init_shell.te b/sepolicy/vendor/vendor_qti_init_shell.te new file mode 100644 index 0000000..3a89e38 --- /dev/null +++ b/sepolicy/vendor/vendor_qti_init_shell.te @@ -0,0 +1,4 @@ +allow vendor_qti_init_shell proc_cmdline:file r_file_perms; +get_prop(vendor_qti_init_shell, exported_wifi_prop) +allow vendor_qti_init_shell bat_file:dir create_dir_perms; +allow vendor_qti_init_shell bat_file:file create_file_perms; |