diff options
| -rw-r--r-- | private/priv_app.te | 2 | ||||
| -rw-r--r-- | vendor/google/google_camera_app.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/bootanim.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/cdsprpcd.te | 4 | ||||
| -rw-r--r-- | vendor/qcom/common/hal_camera_default.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/hal_graphics_composer_default.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/hal_imsrtp.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/hal_radioext_default.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/hal_rcsservice.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/hal_sensors_default.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/ims.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/kernel.te | 3 | ||||
| -rw-r--r-- | vendor/qcom/common/platform_app.te | 1 | ||||
| -rw-r--r-- | vendor/qcom/common/rild.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/surfaceflinger.te | 1 | ||||
| -rw-r--r-- | vendor/qcom/common/system_app.te | 5 | ||||
| -rw-r--r-- | vendor/qcom/common/system_server.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/untrusted_app.te | 1 | ||||
| -rw-r--r-- | vendor/qcom/common/untrusted_app_27.te | 2 |
19 files changed, 40 insertions, 1 deletions
diff --git a/private/priv_app.te b/private/priv_app.te index 408a352..b9253ae 100644 --- a/private/priv_app.te +++ b/private/priv_app.te @@ -1,3 +1,5 @@ dontaudit priv_app sysfs:file read; dontaudit priv_app zygote:dir search; dontaudit priv_app mnt_vendor_file:dir search; +allow priv_app app_data_file:dir search; +allow priv_app vendor_default_prop:file read; diff --git a/vendor/google/google_camera_app.te b/vendor/google/google_camera_app.te index 6520084..1f70ef0 100644 --- a/vendor/google/google_camera_app.te +++ b/vendor/google/google_camera_app.te @@ -42,3 +42,5 @@ allow google_camera_app system_app_data_file:file { read write getattr }; allow google_camera_app hal_paintbox_hwservice:hwservice_manager find; binder_call(google_camera_app, easel) allow google_camera_app easel_device:chr_file rw_file_perms; + +allow google_camera_app vendor_default_prop:file read; diff --git a/vendor/qcom/common/bootanim.te b/vendor/qcom/common/bootanim.te index 0125ef0..7cec260 100644 --- a/vendor/qcom/common/bootanim.te +++ b/vendor/qcom/common/bootanim.te @@ -9,4 +9,6 @@ dontaudit bootanim system_data_file:dir read; # TODO(b/37205419): Remove upon resolution dontaudit bootanim kernel:system module_request; +allow bootanim vendor_default_prop:file read; + get_prop(bootanim, vendor_display_prop) diff --git a/vendor/qcom/common/cdsprpcd.te b/vendor/qcom/common/cdsprpcd.te index ab1f819..33f5610 100644 --- a/vendor/qcom/common/cdsprpcd.te +++ b/vendor/qcom/common/cdsprpcd.te @@ -13,4 +13,6 @@ allow cdsprpcd ion_device:chr_file r_file_perms; r_dir_file(cdsprpcd, sysfs_devfreq) allow cdsprpcd sysfs_devfreq_l3cdsp:dir r_dir_perms; -allow cdsprpcd sysfs_devfreq_l3cdsp:file rw_file_perms;
\ No newline at end of file +allow cdsprpcd sysfs_devfreq_l3cdsp:file rw_file_perms; + +allow cdsprpcd system_file:dir read; diff --git a/vendor/qcom/common/hal_camera_default.te b/vendor/qcom/common/hal_camera_default.te index bee51fe..53911fd 100644 --- a/vendor/qcom/common/hal_camera_default.te +++ b/vendor/qcom/common/hal_camera_default.te @@ -34,3 +34,5 @@ binder_call(hal_camera_default, easel) dontaudit hal_camera_default kernel:system module_request; dontaudit hal_camera_default vendor_display_prop:file r_file_perms; + +allow hal_camera_default persist_file:file read; diff --git a/vendor/qcom/common/hal_graphics_composer_default.te b/vendor/qcom/common/hal_graphics_composer_default.te index 50815e2..0b0e27a 100644 --- a/vendor/qcom/common/hal_graphics_composer_default.te +++ b/vendor/qcom/common/hal_graphics_composer_default.te @@ -55,3 +55,5 @@ dontaudit hal_graphics_composer_default vendor_display_prop:file r_file_perms; #allow composer access hal_light hal_client_domain(hal_graphics_composer_default, hal_light); allow hal_graphics_composer_default hal_light_hwservice:hwservice_manager find; + +allow hal_graphics_composer_default diag_device:chr_file { read write }; diff --git a/vendor/qcom/common/hal_imsrtp.te b/vendor/qcom/common/hal_imsrtp.te index 1ad890c..d5578e7 100644 --- a/vendor/qcom/common/hal_imsrtp.te +++ b/vendor/qcom/common/hal_imsrtp.te @@ -32,3 +32,5 @@ get_prop(hal_imsrtp, ims_prop) binder_call(hal_imsrtp, radio) dontaudit hal_imsrtp kernel:system module_request; + +allow hal_imsrtp diag_device:chr_file { read write }; diff --git a/vendor/qcom/common/hal_radioext_default.te b/vendor/qcom/common/hal_radioext_default.te index 795d823..127f6cb 100644 --- a/vendor/qcom/common/hal_radioext_default.te +++ b/vendor/qcom/common/hal_radioext_default.te @@ -22,3 +22,5 @@ userdebug_or_eng(` allow hal_radioext_default modem_stat_data_file:file create_file_perms; dontaudit hal_radioext_default kernel:system module_request; + +allow hal_radioext_default radio_vendor_data_file:dir search; diff --git a/vendor/qcom/common/hal_rcsservice.te b/vendor/qcom/common/hal_rcsservice.te index 13c4b13..bf488ab 100644 --- a/vendor/qcom/common/hal_rcsservice.te +++ b/vendor/qcom/common/hal_rcsservice.te @@ -42,3 +42,5 @@ allow hal_rcsservice self:capability net_bind_service; set_prop(hal_rcsservice, ctl_vendor_imsrcsservice_prop) dontaudit hal_rcsservice kernel:system module_request; + +allow hal_rcsservice diag_device:chr_file { read write }; diff --git a/vendor/qcom/common/hal_sensors_default.te b/vendor/qcom/common/hal_sensors_default.te index c5bc960..8857f85 100644 --- a/vendor/qcom/common/hal_sensors_default.te +++ b/vendor/qcom/common/hal_sensors_default.te @@ -25,3 +25,5 @@ dontaudit hal_sensors_default kernel:system module_request; r_dir_file(hal_sensors_default, sysfs_batteryinfo) r_dir_file(hal_sensors_default, adsprpcd_file) + +allow hal_sensors_default diag_device:chr_file { read write }; diff --git a/vendor/qcom/common/ims.te b/vendor/qcom/common/ims.te index 5d0cd9e..611034c 100644 --- a/vendor/qcom/common/ims.te +++ b/vendor/qcom/common/ims.te @@ -35,3 +35,5 @@ allow ims hal_cne_hwservice:hwservice_manager find; binder_call(ims, cnd) dontaudit ims kernel:system module_request; + +allow ims diag_device:chr_file { read write }; diff --git a/vendor/qcom/common/kernel.te b/vendor/qcom/common/kernel.te index 8a47572..c552187 100644 --- a/vendor/qcom/common/kernel.te +++ b/vendor/qcom/common/kernel.te @@ -11,3 +11,6 @@ allow kernel vendor_file:file r_file_perms; allow kernel debugfs_ipc:dir search; allow kernel persist_file:dir search; + +allow kernel debugfs_wlan:dir search; +allow kernel self:socket create; diff --git a/vendor/qcom/common/platform_app.te b/vendor/qcom/common/platform_app.te index d268a1c..a418697 100644 --- a/vendor/qcom/common/platform_app.te +++ b/vendor/qcom/common/platform_app.te @@ -5,3 +5,4 @@ allow platform_app persist_sensors_file:file r_file_perms; # To find and bind hal_wlc allow platform_app hal_wlc_hwservice:hwservice_manager find; allow platform_app hal_wlc:binder call; +allow platform_app vendor_default_prop:file read; diff --git a/vendor/qcom/common/rild.te b/vendor/qcom/common/rild.te index e82e1a3..12e9e0d 100644 --- a/vendor/qcom/common/rild.te +++ b/vendor/qcom/common/rild.te @@ -30,3 +30,5 @@ set_prop(rild, vendor_radio_prop) allow rild proc_qtaguid_stat:file r_file_perms; hal_server_domain(rild, hal_secure_element) + +allow rild socket_device:dir write; diff --git a/vendor/qcom/common/surfaceflinger.te b/vendor/qcom/common/surfaceflinger.te index 79c6a9d..feb10af 100644 --- a/vendor/qcom/common/surfaceflinger.te +++ b/vendor/qcom/common/surfaceflinger.te @@ -3,3 +3,4 @@ dontaudit surfaceflinger kernel:system module_request; dontaudit surfaceflinger vendor_default_prop:file read; userdebug_or_eng(`get_prop(surfaceflinger, vendor_display_prop)') allow surfaceflinger debugfs_ion:dir search; +allow surfaceflinger vendor_display_prop:file read; diff --git a/vendor/qcom/common/system_app.te b/vendor/qcom/common/system_app.te index 98d25c7..79dfd9c 100644 --- a/vendor/qcom/common/system_app.te +++ b/vendor/qcom/common/system_app.te @@ -1,3 +1,8 @@ typeattribute system_app system_writes_vendor_properties_violators; set_prop(system_app, vendor_bluetooth_prop) + +allow system_app fs_bpf:dir search; +allow system_app proc_pagetypeinfo:file read; +allow system_app sysfs_zram:dir search; +allow system_app vendor_default_prop:file read; diff --git a/vendor/qcom/common/system_server.te b/vendor/qcom/common/system_server.te index 16c0c92..35690ba 100644 --- a/vendor/qcom/common/system_server.te +++ b/vendor/qcom/common/system_server.te @@ -12,3 +12,5 @@ allow system_server wlan_device:chr_file rw_file_perms; dontaudit system_server self:capability sys_module; dontaudit system_server vendor_display_prop:file r_file_perms; + +allow system_server vendor_default_prop:file read; diff --git a/vendor/qcom/common/untrusted_app.te b/vendor/qcom/common/untrusted_app.te new file mode 100644 index 0000000..a80c059 --- /dev/null +++ b/vendor/qcom/common/untrusted_app.te @@ -0,0 +1 @@ +allow untrusted_app vendor_default_prop:file read; diff --git a/vendor/qcom/common/untrusted_app_27.te b/vendor/qcom/common/untrusted_app_27.te new file mode 100644 index 0000000..48b33a4 --- /dev/null +++ b/vendor/qcom/common/untrusted_app_27.te @@ -0,0 +1,2 @@ +allow untrusted_app_27 cache_file:lnk_file read; +allow untrusted_app_27 vendor_default_prop:file read; |