diff options
| author | Ricardo Cerqueira <ricardo@cyngn.com> | 2014-11-23 22:49:31 +0000 |
|---|---|---|
| committer | Ricardo Cerqueira <ricardo@cyngn.com> | 2014-12-06 13:23:31 +0000 |
| commit | f30e7852a52e00115c39cf630051bd018cddef59 (patch) | |
| tree | fa3ec043cf9f1dc79fc26c5fed9ff7bfde996787 | |
| parent | 6656303f59de5ba1a30f86f30ab6a1550afce0dc (diff) | |
Updates for CM12
Change-Id: I711857951e78f6fd837dde8828ebbdb550723448
34 files changed, 175 insertions, 301 deletions
diff --git a/BoardConfig.mk b/BoardConfig.mk index 3a34375..6528ad3 100644 --- a/BoardConfig.mk +++ b/BoardConfig.mk @@ -40,7 +40,7 @@ BOARD_MKBOOTIMG_ARGS := --ramdisk_offset 0x02000000 # Try to build the kernel TARGET_KERNEL_SOURCE := kernel/lge/v500 #TARGET_PREBUILT_KERNEL := device/lge/v500/kernel -BOARD_KERNEL_CMDLINE := console=ttyHSL0,115200,n8 user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3 lpj=67677 androidboot.hardware=awifi vmalloc=600M +BOARD_KERNEL_CMDLINE := console=ttyHSL0,115200,n8 user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3 lpj=67677 androidboot.hardware=awifi vmalloc=400M TARGET_KERNEL_CONFIG := cyanogenmod_v500_defconfig @@ -66,7 +66,7 @@ USE_OPENGL_RENDERER := true TARGET_USES_ION := true TARGET_USES_OVERLAY := true TARGET_USES_SF_BYPASS := true -TARGET_USES_C2D_COMPOSITION := true +TARGET_USES_C2D_COMPOSITION := false OVERRIDE_RS_DRIVER := libRSDriver_adreno.so @@ -123,28 +123,16 @@ TARGET_RECOVERY_FSTAB = device/lge/v500/fstab.gvar BOARD_HAS_NO_SELECT_BUTTON := true +# SELinux policies +# qcom sepolicy +include device/qcom/sepolicy/sepolicy.mk + BOARD_SEPOLICY_DIRS += \ device/lge/v500/sepolicy -BOARD_SEPOLICY_UNION := \ - app.te \ - bluetooth.te \ - device.te \ - domain.te \ - drmserver.te \ - file.te \ - file_contexts \ - hci_init.te \ - init_shell.te \ - keystore.te \ - mediaserver.te \ - kickstart.te \ - nfc.te \ - rild.te \ - surfaceflinger.te \ - system.te \ - ueventd.te \ - wpa.te +BOARD_SEPOLICY_UNION += \ + bluetooth_loader.te \ + kernel.te TARGET_RELEASETOOLS_EXTENSIONS := device/lge/v500/releasetools @@ -153,3 +141,6 @@ BOARD_USES_QC_TIME_SERVICES := true COMMON_GLOBAL_CFLAGS += -DBOARD_CHARGING_CMDLINE_NAME='"androidboot.mode"' -DBOARD_CHARGING_CMDLINE_VALUE='"chargerlogo"' BOARD_HARDWARE_CLASS := device/lge/v500/cmhw/ + +TARGET_USES_LOGD := false +BOARD_USES_LEGACY_MMAP := true @@ -22,8 +22,14 @@ PRODUCT_CHARACTERISTICS := tablet DEVICE_PACKAGE_OVERLAYS := $(LOCAL_PATH)/overlay PRODUCT_PACKAGES += \ + libwpa_client \ + hostapd \ + dhcpcd.conf \ + wpa_supplicant \ + wpa_supplicant.conf + +PRODUCT_PACKAGES += \ charger_res_images \ - charger # Live Wallpapers PRODUCT_PACKAGES += \ @@ -49,7 +55,9 @@ PRODUCT_COPY_FILES += \ PRODUCT_COPY_FILES += \ $(LOCAL_PATH)/media_profiles.xml:system/etc/media_profiles.xml \ - $(LOCAL_PATH)/media_codecs.xml:system/etc/media_codecs.xml + $(LOCAL_PATH)/media_codecs.xml:system/etc/media_codecs.xml \ + frameworks/av/media/libstagefright/data/media_codecs_google_audio.xml:system/etc/media_codecs_google_audio.xml \ + frameworks/av/media/libstagefright/data/media_codecs_google_video.xml:system/etc/media_codecs_google_video.xml # Prebuilt kl and kcm keymaps PRODUCT_COPY_FILES += \ @@ -16,6 +16,8 @@ /dev/block/platform/msm_sdcc.1/by-name/mpt /mpt ext4 nosuid,nodev,barrier=1,data=ordered wait,check /dev/block/platform/msm_sdcc.1/by-name/factory /factory ext4 nosuid,nodev,barrier=1,data=ordered,nodelalloc wait,check /dev/block/platform/msm_sdcc.1/by-name/sns /sns ext4 nosuid,nodev,barrier=1,data=ordered wait,check +/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,uid=1000,gid=1000,dmask=227,fmask=337,shortname=lower,context=u:object_r:firmware_file:s0 wait + /devices/platform/msm_sdcc.3/mmc_host auto vfat defaults voldmanaged=sdcard1:auto /devices/platform/msm_hsusb_host auto vfat defaults voldmanaged=usb:auto diff --git a/init.awifi.rc b/init.awifi.rc index 4265891..5b9f39c 100755 --- a/init.awifi.rc +++ b/init.awifi.rc @@ -76,11 +76,11 @@ on early-fs mkdir /factory 0775 system system mkdir /sns 0775 system system mount_all fstab.awifi - - wait /dev/block/mmcblk0p1 - mount vfat /dev/block/mmcblk0p1 /firmware ro umask=002 shortname=lower mkdir /sns/cal 0771 system system + restorecon_recursive /sns + restorecon_recursive /persist + on boot write /sys/devices/i2c-3/3-0024/cyttsp_update_fw 1 write /sys/devices/i2c-3/3-005b/update_fw 1 @@ -115,20 +115,17 @@ service mpdecision /system/bin/mpdecision --no_sleep --avg_comp class late_start user root -service rf4ce /system/bin/rf4ce - class main - user root - group root - # sungwook.park@lge.com 2013.04.23 change qcks, ks, efsks into system process service kickstart /system/bin/qcks -i /firmware/image/ user system group system + seclabel u:r:mdm_helper:s0 oneshot disabled service mdm_helper /system/bin/mdm_helper class main + seclabel u:r:mdm_helper:s0 onrestart setprop ro.service.mdm_helper_restarted "true" disabled @@ -358,19 +355,6 @@ on post-fs-data on property:ro.build.type=userdebug mount debugfs /sys/kernel/debug /sys/kernel/debug -# LGE_CHANGE_S, Add atd service -service atd /system/bin/atd /dev/ttyGS0 - socket atd stream 0660 system inet - disabled -on property:ro.baseband="mdm" - start atd -# kyle00.choi, 20130402, To feature out the modem: mdm --> apq [START] -on property:ro.baseband="apq" - start atd - -on property:ro.build.type=userdebug - chmod 0444 /proc/cmdline - on init chmod 0701 /mnt/media_rw mkdir /mnt/media_rw/sdcard1 0775 system system @@ -591,6 +575,7 @@ on fs # msm specific files that need to be created on /data on post-fs-data + write /sys/kernel/boot_adsp/boot 1 # we will remap this as /mnt/sdcard with the sdcard fuse tool mkdir /data/media 0770 media_rw media_rw chown media_rw media_rw /data/media @@ -678,16 +663,6 @@ on property:init.svc.surfaceflinger=stopped on property:init.svc.wpa_supplicant=stopped stop dhcpcd -service qcom-c_core-sh /system/bin/sh /init.qcom.class_core.sh - class core - user root - oneshot - -service qcom-c_main-sh /system/bin/sh /init.qcom.class_main.sh - class main - user root - oneshot - on property:vold.decrypt=trigger_restart_framework start qcom-c_main-sh start config_bluetooth @@ -695,15 +670,6 @@ on property:vold.decrypt=trigger_restart_framework start sensors start conn_init -service cnd /system/bin/cnd - class late_start - socket cnd stream 660 root inet - -service irsc_util /system/bin/logwrapper /system/bin/irsc_util "/etc/sec_config" - class main - user root - oneshot - service rmt_storage /system/bin/rmt_storage class core user root @@ -714,6 +680,7 @@ on property:ro.boot.emmc=true service config_bluetooth /system/bin/sh /system/etc/init.qcom.bt.sh "onboot" class core + seclabel u:r:bluetooth_loader:s0 user root oneshot @@ -740,6 +707,7 @@ service hciattach /system/bin/sh /system/etc/init.qcom.bt.sh class late_start user bluetooth group qcom_oncrpc bluetooth net_bt_admin system + seclabel u:r:bluetooth_loader:s0 disabled oneshot @@ -802,7 +770,7 @@ service netmgrd /system/bin/netmgrd service sensors /system/bin/sensors.qcom class late_start user root - group root + group root radio system disabled on property:ro.dsps.ready=true @@ -827,7 +795,7 @@ service btwlancoex /system/bin/sh /system/etc/init.qcom.coex.sh service p2p_supplicant /system/bin/wpa_supplicant \ -ip2p0 -Dnl80211 -c/data/misc/wifi/p2p_supplicant.conf -N \ -iwlan0 -Dnl80211 -c/data/misc/wifi/wpa_supplicant.conf \ - -e/data/misc/wifi/entropy.bin -puse_p2p_group_interface=1use_multi_chan_concurrent=1 -g@android:wpa_wlan0 -O/data/misc/wifi/sockets + -e/data/misc/wifi/entropy.bin -puse_p2p_group_interface=1use_multi_chan_concurrent=1 -g@android:wpa_wlan0 # we will start as root and wpa_supplicant will switch to user wifi # after setting up the capabilities required for WEXT # user wifi @@ -839,7 +807,7 @@ service p2p_supplicant /system/bin/wpa_supplicant \ service wpa_supplicant /system/bin/wpa_supplicant \ -iwlan0 -Dnl80211 -c/data/misc/wifi/wpa_supplicant.conf \ - -e/data/misc/wifi/entropy.bin -g@android:wpa_wlan0 -O/data/misc/wifi/sockets + -e/data/misc/wifi/entropy.bin -g@android:wpa_wlan0 # we will start as root and wpa_supplicant will switch to user wifi # after setting up the capabilities required for WEXT # user wifi @@ -930,12 +898,6 @@ service wifi-crda /system/bin/sh /system/etc/init.crda.sh disabled oneshot -service ppd /system/bin/mm-pp-daemon - class late_start - user system - socket pps stream 0660 system system graphics - group system graphics - service hostapd /system/bin/hostapd -dddd /data/hostapd/hostapd.conf class late_start user root @@ -986,9 +948,10 @@ service hciattach_dut /system/bin/sh /system/etc/init.lge_dut.bt.sh disabled oneshot -service charger /charger +service charger /sbin/healthd -c class charger - + critical + seclabel u:r:healthd:s0 on property:persist.sys.cabc_off=true write /sys/devices/platform/mipi_lgit.1793/cabc_off 1 @@ -1009,7 +972,7 @@ on property:ro.build.type=user write /sys/module/subsystem_restart/parameters/enable_ramdumps 0 write /sys/module/wcnss_ssr_8960/parameters/enable_riva_ssr 1 -service conn_init /system/bin/logwrapper /system/bin/conn_init +service conn_init /system/bin/conn_init class core user system group system wifi diff --git a/media_codecs.xml b/media_codecs.xml index 602f3b1..f8a79ae 100644 --- a/media_codecs.xml +++ b/media_codecs.xml @@ -13,154 +13,87 @@ See the License for the specific language governing permissions and limitations under the License. --> -<!-- - Copyright (c) 2012, The Linux Foundation. All rights reserved. - Not a Contribution, Apache license notifications and license are retained - for attribution purposes only. ---> <MediaCodecs> + <Include href="media_codecs_google_audio.xml" /> <Encoders> - <!-- Audio Hardware --> - <MediaCodec name="OMX.google.aac.encoder" type="audio/mp4a-latm" /> - <!-- <MediaCodec name="OMX.qcom.audio.encoder.aac" type="audio/mp4a-latm" /> --> - <MediaCodec name="OMX.qcom.audio.encoder.evrc" type="audio/evrc" > - <Quirk name="requires-allocate-on-input-ports" /> - <Quirk name="requires-allocate-on-output-ports" /> - </MediaCodec> - <MediaCodec name="OMX.google.flac.encoder" type="audio/flac"/> - <MediaCodec name="OMX.qcom.audio.encoder.qcelp13" type="audio/qcelp" > - <Quirk name="requires-allocate-on-input-ports" /> - <Quirk name="requires-allocate-on-output-ports" /> - </MediaCodec> - <!-- Audio Software --> - <MediaCodec name="AACEncoder" type="audio/mp4a-latm" /> - <MediaCodec name="OMX.google.amrnb.encoder" type="audio/3gpp" /> - <MediaCodec name="OMX.google.amrwb.encoder" type="audio/amr-wb" /> <MediaCodec name="OMX.qcom.video.encoder.mpeg4" type="video/mp4v-es" > <Quirk name="requires-allocate-on-input-ports" /> <Quirk name="requires-allocate-on-output-ports"/> <Quirk name="requires-loaded-to-idle-after-allocation"/> + <Limit name="size" min="96x64" max="1920x1088" /> + <Limit name="alignment" value="8x8" /> + <Limit name="block-size" value="16x16" /> + <Limit name="blocks-per-second" min="1" max="244800" /> + <Limit name="bitrate" range="1-20000000" /> + <Feature name="can-swap-width-height" /> </MediaCodec> <MediaCodec name="OMX.qcom.video.encoder.h263" type="video/3gpp" > <Quirk name="requires-allocate-on-input-ports" /> <Quirk name="requires-allocate-on-output-ports"/> <Quirk name="requires-loaded-to-idle-after-allocation"/> + <Limit name="size" min="96x64" max="720x576" /> + <Limit name="alignment" value="8x8" /> </MediaCodec> <MediaCodec name="OMX.qcom.video.encoder.avc" type="video/avc" > <Quirk name="requires-allocate-on-input-ports" /> <Quirk name="requires-allocate-on-output-ports"/> <Quirk name="requires-loaded-to-idle-after-allocation"/> + <Limit name="size" min="96x64" max="1920x1088" /> + <Limit name="alignment" value="8x8" /> + <Limit name="block-size" value="16x16" /> + <Limit name="blocks-per-second" min="1" max="244800" /> + <Limit name="bitrate" range="1-20000000" /> + <Feature name="can-swap-width-height" /> </MediaCodec> </Encoders> <Decoders> - <!-- Audio Hardware --> - <!-- <MediaCodec name="OMX.qcom.audio.decoder.Qcelp13Hw" type="audio/qcelp" > - <Quirk name="requires-global-flush" /> - </MediaCodec> - <MediaCodec name="OMX.qcom.audio.decoder.evrchw" type="audio/evrc" > - <Quirk name="requires-global-flush" /> - </MediaCodec> - <MediaCodec name="OMX.qcom.audio.decoder.ac3" type="audio/ac3" > - <Quirk name="requires-allocate-on-input-ports" /> - <Quirk name="requires-allocate-on-output-ports" /> - </MediaCodec> --> - <MediaCodec name="OMX.qcom.audio.decoder.wma" type="audio/x-ms-wma" > - <Quirk name="requires-global-flush" /> - <Quirk name="requires-wma-pro-component" /> - </MediaCodec> - <MediaCodec name="OMX.qcom.audio.decoder.wmaLossLess" type="audio/x-ms-wma" > - <Quirk name="requires-global-flush" /> - </MediaCodec> - <MediaCodec name="OMX.qcom.audio.decoder.wma10Pro" type="audio/x-ms-wma" > - <Quirk name="requires-global-flush" /> - </MediaCodec> - <!-- <MediaCodec name="OMX.qcom.audio.decoder.mp3" type="audio/mpeg" > - <Quirk name="requires-global-flush" /> - </MediaCodec> --> - <MediaCodec name="OMX.qcom.audio.decoder.amrwbplus" type="audio/amr-wb-plus" > - </MediaCodec> - <!-- Audio Software --> - <MediaCodec name="OMX.google.vorbis.decoder" type="audio/vorbis" /> - <MediaCodec name="OMX.google.mp3.decoder" type="audio/mpeg" /> - <MediaCodec name="MP3Decoder" type="audio/mpeg" /> - <MediaCodec name="OMX.google.amrnb.decoder" type="audio/3gpp" /> - <MediaCodec name="OMX.google.amrwb.decoder" type="audio/amr-wb" /> - <MediaCodec name="OMX.google.aac.decoder" type="audio/mp4a-latm" /> - <MediaCodec name="AACDecoder" type="audio/mp4a-latm" /> - <MediaCodec name="OMX.google.g711.alaw.decoder" type="audio/g711-alaw" /> - <MediaCodec name="OMX.google.g711.mlaw.decoder" type="audio/g711-mlaw" /> - <MediaCodec name="OMX.qcom.audio.decoder.Qcelp13" type="audio/qcelp" > - <Quirk name="requires-global-flush" /> - </MediaCodec> - <MediaCodec name="OMX.qcom.audio.decoder.evrc" type="audio/evrc" > - <Quirk name="requires-global-flush" /> - </MediaCodec> - <MediaCodec name="OMX.qcom.video.decoder.vc1" type="video/x-ms-wmv" > - <Quirk name="requires-allocate-on-input-ports" /> - <Quirk name="requires-allocate-on-output-ports" /> - <Quirk name="defers-output-buffer-allocation" /> - </MediaCodec> - <MediaCodec name="OMX.qcom.video.decoder.divx" type="video/divx" > - <Quirk name="requires-allocate-on-input-ports" /> - <Quirk name="requires-allocate-on-output-ports" /> - <Quirk name="defers-output-buffer-allocation" /> - </MediaCodec> - <MediaCodec name="OMX.qcom.video.decoder.divx311" type="video/divx311" > - <Quirk name="requires-allocate-on-input-ports" /> - <Quirk name="requires-allocate-on-output-ports" /> - <Quirk name="defers-output-buffer-allocation" /> - </MediaCodec> - <MediaCodec name="OMX.qcom.video.decoder.divx4" type="video/divx4" > - <Quirk name="requires-allocate-on-input-ports" /> - <Quirk name="requires-allocate-on-output-ports" /> - <Quirk name="defers-output-buffer-allocation" /> - </MediaCodec> <MediaCodec name="OMX.qcom.video.decoder.avc" type="video/avc" > <Quirk name="requires-allocate-on-input-ports" /> <Quirk name="requires-allocate-on-output-ports"/> <Quirk name="defers-output-buffer-allocation"/> - </MediaCodec> - <MediaCodec name="OMX.qcom.video.decoder.mpeg2" type="video/mpeg2" > + <Limit name="size" min="64x64" max="1920x1088" /> + <Limit name="alignment" value="2x2" /> + <Limit name="block-size" value="16x16" /> + <Limit name="blocks-per-second" min="1" max="244800" /> + <Limit name="bitrate" range="1-20000000" /> + <Feature name="adaptive-playback" /> + <Feature name="can-swap-width-height" /> + </MediaCodec> + <MediaCodec name="OMX.qcom.video.decoder.avc.secure" type="video/avc" > <Quirk name="requires-allocate-on-input-ports" /> <Quirk name="requires-allocate-on-output-ports"/> <Quirk name="defers-output-buffer-allocation"/> + <Limit name="size" min="64x64" max="1920x1088" /> + <Limit name="alignment" value="2x2" /> + <Limit name="block-size" value="16x16" /> + <Limit name="blocks-per-second" min="1" max="244800" /> + <Limit name="bitrate" range="1-20000000" /> + <Feature name="adaptive-playback" /> + <Feature name="secure-playback" required="true" /> + <Feature name="can-swap-width-height" /> </MediaCodec> <MediaCodec name="OMX.qcom.video.decoder.mpeg4" type="video/mp4v-es" > <Quirk name="requires-allocate-on-input-ports" /> <Quirk name="requires-allocate-on-output-ports"/> <Quirk name="defers-output-buffer-allocation"/> + <Limit name="size" min="64x64" max="1920x1088" /> + <Limit name="alignment" value="2x2" /> + <Limit name="block-size" value="16x16" /> + <Limit name="blocks-per-second" min="1" max="244800" /> + <Limit name="bitrate" range="1-20000000" /> + <Feature name="adaptive-playback" /> + <Feature name="can-swap-width-height" /> </MediaCodec> <MediaCodec name="OMX.qcom.video.decoder.h263" type="video/3gpp" > <Quirk name="requires-allocate-on-input-ports" /> <Quirk name="requires-allocate-on-output-ports"/> <Quirk name="defers-output-buffer-allocation"/> + <Limit name="size" min="64x64" max="720x576" /> + <Limit name="alignment" value="2x2" /> + <Feature name="adaptive-playback" /> </MediaCodec> - <MediaCodec name="OMX.google.vpx.decoder" type="video/x-vnd.on2.vp8" /> - <MediaCodec name="OMX.google.h264.decoder" type="video/avc" /> - <MediaCodec name="OMX.google.h263.decoder" type="video/3gpp" /> - <MediaCodec name="OMX.google.mpeg4.decoder" type="video/mp4v-es" /> - - <!-- ffmpeg audio codecs --> - <MediaCodec name="OMX.ffmpeg.ra.decoder" type="audio/vnd.rn-realaudio"/> - <MediaCodec name="OMX.ffmpeg.flac.decoder" type="audio/flac"/> - <MediaCodec name="OMX.ffmpeg.mp2.decoder" type="audio/mpeg-L2"/> - <MediaCodec name="OMX.ffmpeg.ac3.decoder" type="audio/ac3"/> - <MediaCodec name="OMX.ffmpeg.ape.decoder" type="audio/x-ape"/> - <MediaCodec name="OMX.ffmpeg.dts.decoder" type="audio/vnd.dts"/> - <MediaCodec name="OMX.ffmpeg.atrial.decoder" type="audio/ffmpeg"/> - <!-- ffmpeg video codecs --> - <MediaCodec name="OMX.ffmpeg.mpeg2v.decoder" type="video/mpeg2"/> - <MediaCodec name="OMX.ffmpeg.h263.decoder" type="video/3gpp"/> - <MediaCodec name="OMX.ffmpeg.mpeg4.decoder" type="video/mp4v-es"/> - <MediaCodec name="OMX.ffmpeg.wmv.decoder" type="video/x-ms-wmv"/> - <MediaCodec name="OMX.ffmpeg.rv.decoder" type="video/vnd.rn-realvideo"/> - <MediaCodec name="OMX.ffmpeg.h264.decoder" type="video/avc"/> - <MediaCodec name="OMX.ffmpeg.vc1.decoder" type="video/vc1"/> - <MediaCodec name="OMX.ffmpeg.flv1.decoder" type="video/x-flv"/> - <MediaCodec name="OMX.ffmpeg.divx.decoder" type="video/divx"/> - <MediaCodec name="OMX.ffmpeg.hevc.decoder" type="video/hevc"/> - <MediaCodec name="OMX.ffmpeg.vtrial.decoder" type="video/ffmpeg"/> </Decoders> + <Include href="media_codecs_google_video.xml" /> </MediaCodecs> diff --git a/releasetools/releasetools.py b/releasetools/releasetools.py index 57355e0..9fb4428 100644 --- a/releasetools/releasetools.py +++ b/releasetools/releasetools.py @@ -26,5 +26,7 @@ def FullOTA_InstallEnd(info): info.script.script = [cmd for cmd in info.script.script if not "boot.img" in cmd] info.script.script = [cmd for cmd in info.script.script if not "show_progress(0.100000, 0);" in cmd] info.script.AppendExtra('package_extract_file("boot.img", "/tmp/boot.img");') + info.script.Mount("/system") info.script.AppendExtra('assert(run_program("/system/bin/loki.sh") == 0);') info.script.AppendExtra('delete("/system/bin/loki.sh");') + info.script.Unmount("/system") diff --git a/sepolicy/app.te b/sepolicy/app.te deleted file mode 100644 index eb71391..0000000 --- a/sepolicy/app.te +++ /dev/null @@ -1,3 +0,0 @@ -# Grant GPU access to all processes started by Zygote. -# They need that to render the standard UI. -allow appdomain gpu_device:chr_file rw_file_perms; diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te deleted file mode 100644 index 523b252..0000000 --- a/sepolicy/bluetooth.te +++ /dev/null @@ -1 +0,0 @@ -allow bluetooth smd_device:chr_file rw_file_perms; diff --git a/sepolicy/bluetooth_loader.te b/sepolicy/bluetooth_loader.te new file mode 100644 index 0000000..16d6307 --- /dev/null +++ b/sepolicy/bluetooth_loader.te @@ -0,0 +1,32 @@ +# Bluetooth executables and scripts +type bluetooth_loader, domain; +type bluetooth_loader_exec, exec_type, file_type; + +# Start bdAddrLoader from init +init_daemon_domain(bluetooth_loader) + +# Run shell script +allow bluetooth_loader shell_exec:file { entrypoint read }; +allow bluetooth_loader bluetooth_loader_exec:file { getattr open execute_no_trans }; + +# shell script needs /system/bin/log access +allow bluetooth_loader devpts:chr_file rw_file_perms; + +allow bluetooth_loader hci_attach_dev:chr_file rw_file_perms; + +# Run hci_qcomm_init from shell script +domain_auto_trans(bluetooth_loader, hci_attach_exec, hci_attach) +allow hci_attach bluetooth_loader:fd use; + +# Read mac address from persist partition, set it from misc +allow bluetooth_loader misc_partition:blk_file read; +allow bluetooth_loader persist_file:dir search; +r_dir_file(bluetooth_loader, persist_bluetooth_file) + +# Talk to init over the property socket +unix_socket_connect(bluetooth_loader, property, init) +# Set persist.service.bdroid.* and bluetooth.* property values +allow bluetooth_loader bluetooth_prop:property_service set; + +# Allow getprop/setprop for shell script +allow bluetooth_loader system_file:file execute_no_trans; diff --git a/sepolicy/device.te b/sepolicy/device.te deleted file mode 100644 index a8c6747..0000000 --- a/sepolicy/device.te +++ /dev/null @@ -1,17 +0,0 @@ -# GPU (used by most UI apps) -type gpu_device, dev_type; - -# Qualcomm Secure Execution Environment Communicator (QSEECOM) device -type qseecom_device, dev_type; - -type diag_device, dev_type; -type bcm2079x_device, dev_type; - -# Qualcomm MSM Audio ACDB device -type msm_acdb_device, dev_type; - -# Kickstart device used by QC qcks -type kickstart_device, dev_type; - -# SMD device, used by hci_qcomm_init -type smd_device, dev_type; diff --git a/sepolicy/domain.te b/sepolicy/domain.te deleted file mode 100644 index 45925a7..0000000 --- a/sepolicy/domain.te +++ /dev/null @@ -1 +0,0 @@ -allow domain init_tmpfs:file read; diff --git a/sepolicy/drmserver.te b/sepolicy/drmserver.te deleted file mode 100644 index 0c8b461..0000000 --- a/sepolicy/drmserver.te +++ /dev/null @@ -1,3 +0,0 @@ -# Grant DRM Service access to Qualcomm Secure Execution Environment Communicator (QSEECOM) device -allow drmserver qseecom_device:chr_file rw_file_perms; -allow drmserver sdcard_external:file open; diff --git a/sepolicy/file.te b/sepolicy/file.te index d65815e..027da94 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -1,6 +1,2 @@ -# Qualcomm MSM Interface (QMI) socket types -type qmux_audio_socket, file_type; -type qmux_bluetooth_socket, file_type; -type qmux_gps_socket, file_type; -type qmux_radio_socket, file_type; - +type touchpanel_sysfs, fs_type, sysfs_type; +type persist_bluetooth_file, file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 5406505..aa03936 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -1,33 +1,16 @@ -# GPU device -/dev/kgsl-3d0 u:object_r:gpu_device:s0 -/dev/msm_rotator u:object_r:gpu_device:s0 +/dev/socket/mpctl u:object_r:mpctl_socket:s0 +/dev/gss u:object_r:sensors_device:s0 -# Qualcomm Secure Execution Environment Communicator (QSEECOM) device -/dev/qseecom u:object_r:qseecom_device:s0 +/data/cam_socket.* u:object_r:camera_socket:s0 -# Qualcomm MSM Interface (QMI) devices -/dev/socket/qmux_audio/* u:object_r:qmux_audio_socket:s0 -/dev/socket/qmux_bluetooth/* u:object_r:qmux_bluetooth_socket:s0 -/dev/socket/qmux_gps/* u:object_r:qmux_gps_socket:s0 -/dev/socket/qmux_radio/* u:object_r:qmux_radio_socket:s0 +/data/app/sensor_ctl_socket u:object_r:sensors_socket:s0 -/dev/bcm2079x-i2c u:object_r:bcm2079x_device:s0 -/dev/diag u:object_r:diag_device:s0 -/dev/media([0-9])+ u:object_r:camera_device:s0 -/dev/smd([0-9])+ u:object_r:smd_device:s0 -/dev/mdm u:object_r:radio_device:s0 +/sns(/.*)? u:object_r:sensors_persist_file:s0 +/persist/\.bt.* u:object_r:persist_bluetooth_file:s0 +/dev/smd3 u:object_r:hci_attach_dev:s0 -# Qualcomm MSM Audio ACDB device -/dev/msm_acdb u:object_r:msm_acdb_device:s0 +/system/bin/btnvtool u:object_r:bluetooth_loader_exec:s0 +/system/etc/init\.qcom\.bt\.sh u:object_r:bluetooth_loader_exec:s0 -/dev/ks_hsic_bridge u:object_r:kickstart_device:s0 -/dev/efs_hsic_bridge u:object_r:kickstart_device:s0 +/sys/devices/i2c-3/3-004b/knock_on u:object_r:touchpanel_sysfs:s0 -/system/bin/qcks u:object_r:kickstart_exec:s0 -/system/bin/efsks u:object_r:kickstart_exec:s0 -/system/bin/ks u:object_r:kickstart_exec:s0 - -/data/nfc(/.*)? u:object_r:nfc_data_file:s0 - -/system/bin/hci_qcomm_init u:object_r:hci_exec:s0 -/system/bin/bdAddrLoader u:object_r:hci_exec:s0 diff --git a/sepolicy/hci_init.te b/sepolicy/hci_init.te deleted file mode 100644 index 85f5d32..0000000 --- a/sepolicy/hci_init.te +++ /dev/null @@ -1,6 +0,0 @@ -type hci_init, domain; -permissive hci_init; -type hci_exec, file_type, exec_type; -type hci_data_file, file_type; -domain_auto_trans(shell, hci_exec, hci_init) -unconfined_domain(hci_init) diff --git a/sepolicy/init_shell.te b/sepolicy/init_shell.te deleted file mode 100644 index 204392f..0000000 --- a/sepolicy/init_shell.te +++ /dev/null @@ -1,6 +0,0 @@ -allow init_shell diag_device:chr_file { read write }; -allow init_shell hci_exec:file rx_file_perms; -allow init_shell bluetooth_prop:property_service set; -allow init_shell smd_device:chr_file rw_file_perms; -allow init_shell unlabeled:file r_file_perms; -allow init_shell init:fifo_file r_file_perms; diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te new file mode 100644 index 0000000..4b0e2e9 --- /dev/null +++ b/sepolicy/kernel.te @@ -0,0 +1 @@ +allow kernel misc_partition:blk_file r_file_perms; diff --git a/sepolicy/keystore.te b/sepolicy/keystore.te deleted file mode 100644 index 2583cac..0000000 --- a/sepolicy/keystore.te +++ /dev/null @@ -1,3 +0,0 @@ -# Grant keystore daemon access to Qualcomm Secure Execution Environment Communicator (QSEECOM) device -allow keystore qseecom_device:chr_file rw_file_perms; - diff --git a/sepolicy/kickstart.te b/sepolicy/kickstart.te deleted file mode 100644 index f4a4a26..0000000 --- a/sepolicy/kickstart.te +++ /dev/null @@ -1,5 +0,0 @@ -type kickstart, domain; -permissive kickstart; -type kickstart_exec, file_type, exec_type; -domain_auto_trans(init, kickstart_exec, kickstart) -unconfined_domain(kickstart) diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te deleted file mode 100644 index 81fee64..0000000 --- a/sepolicy/mediaserver.te +++ /dev/null @@ -1,10 +0,0 @@ -# Grant access to Qualcomm MSM Audio ACDB device to mediaserver -allow mediaserver msm_acdb_device:chr_file rw_file_perms; - -# Grant access to Qualcomm MSM Interface (QMI) audio sockets to mediaserver -allow mediaserver qmux_audio_socket:sock_file create_file_perms; -allow mediaserver qmux_audio_socket:dir rw_dir_perms; - -# Permit mediaserver to create sockets -allow mediaserver self:socket create; - diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te new file mode 100644 index 0000000..0f67d07 --- /dev/null +++ b/sepolicy/mm-qcamerad.te @@ -0,0 +1,4 @@ +type camera_prop, property_type; + +type_transition mm-qcamerad system_data_file:sock_file camera_socket "cam_socket0"; + diff --git a/sepolicy/mpdecision.te b/sepolicy/mpdecision.te new file mode 100644 index 0000000..593d9cc --- /dev/null +++ b/sepolicy/mpdecision.te @@ -0,0 +1,5 @@ +type_transition mpdecision socket_device:sock_file mpctl_socket; + +allow servicemanager mpdecision:dir { search }; +allow servicemanager mpdecision:file { r_file_perms }; +allow servicemanager mpdecision:process { getattr }; diff --git a/sepolicy/nfc.te b/sepolicy/nfc.te deleted file mode 100644 index 593608d..0000000 --- a/sepolicy/nfc.te +++ /dev/null @@ -1 +0,0 @@ -allow nfc bcm2079x_device:chr_file rw_file_perms; diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts new file mode 100644 index 0000000..7e70b3c --- /dev/null +++ b/sepolicy/property_contexts @@ -0,0 +1,3 @@ +qualcomm.bluetooth. u:object_r:bluetooth_prop:s0 +qualcomm.bt. u:object_r:bluetooth_prop:s0 + diff --git a/sepolicy/rild.te b/sepolicy/rild.te deleted file mode 100644 index 419c583..0000000 --- a/sepolicy/rild.te +++ /dev/null @@ -1,5 +0,0 @@ -allow rild diag_device:chr_file rw_file_perms; - -# Grant access to Qualcomm MSM Interface (QMI) radio sockets to RILD -allow rild qmux_radio_socket:sock_file create_file_perms; -allow rild qmux_radio_socket:dir rw_dir_perms; diff --git a/sepolicy/rmt_storage.te b/sepolicy/rmt_storage.te new file mode 100644 index 0000000..17e1b86 --- /dev/null +++ b/sepolicy/rmt_storage.te @@ -0,0 +1,5 @@ +typeattribute rmt_storage rmt_placeholder; + +allow rmt_storage self:capability sys_rawio; + +allow rmt_storage kmem_device:chr_file rw_file_perms; diff --git a/sepolicy/sensors.te b/sepolicy/sensors.te new file mode 100644 index 0000000..57151d2 --- /dev/null +++ b/sepolicy/sensors.te @@ -0,0 +1,6 @@ +# Stupid blob uses /data/app for the socket, allow creation... +allow sensors apk_data_file:dir { write remove_name add_name }; + +type_transition sensors apk_data_file:sock_file sensors_socket "sensor_ctl_socket"; + +allow sensors sensors_data_file:lnk_file r_file_perms; diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te deleted file mode 100644 index 787432d..0000000 --- a/sepolicy/surfaceflinger.te +++ /dev/null @@ -1,9 +0,0 @@ -# Grant GPU access to SurfaceFlinger -allow surfaceflinger gpu_device:chr_file rw_file_perms; - -allow surfaceflinger sysfs:file rw_file_perms; - -# Read from /data/local/tmp -allow surfaceflinger shell_data_file:dir search; -allow surfaceflinger shell_data_file:file { open getattr read }; -allow surfaceflinger shell_data_file:lnk_file read; diff --git a/sepolicy/system.te b/sepolicy/system.te deleted file mode 100644 index b11c892..0000000 --- a/sepolicy/system.te +++ /dev/null @@ -1,8 +0,0 @@ -# Grant GPU access to system apps (e.g., PowerManagerService) -allow system gpu_device:chr_file rw_file_perms; -allow system diag_device:chr_file rw_file_perms; - -# Grant access to Qualcomm MSM Interface (QMI) radio sockets to system apps -# (e.g., LocationManager) -allow system qmux_radio_socket:sock_file create_file_perms; -allow system qmux_radio_socket:dir rw_dir_perms; diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te new file mode 100644 index 0000000..335402d --- /dev/null +++ b/sepolicy/system_app.te @@ -0,0 +1,3 @@ +# for Settings' access to TapToWake +allow system_app touchpanel_sysfs:file rw_file_perms; +allow system_app touchpanel_sysfs:dir { search }; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te new file mode 100644 index 0000000..24604b3 --- /dev/null +++ b/sepolicy/system_server.te @@ -0,0 +1,3 @@ +allow system_server sensors_data_file:sock_file { getattr rw_file_perms }; +allow system_server sensors_data_file:dir search; +allow system_server time_daemon:unix_stream_socket connectto; diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te new file mode 100644 index 0000000..a537c63 --- /dev/null +++ b/sepolicy/thermal-engine.te @@ -0,0 +1,17 @@ +# CPU hotplug uevent +allow thermal-engine self:netlink_kobject_uevent_socket { create setopt bind read }; +allow thermal-engine self:capability net_admin; + +# Why the hell... +allow thermal-engine kmsg_device:chr_file w_file_perms; +# Clock control +allow thermal-engine sysfs_devices_system_cpu:file rw_file_perms; + +# Some files in /sys/devices/system/cpu may pop in and out of existance, +# defeating our attempt to label them. As a result, they could have the +# sysfs label, not the sysfs_devices_system_cpu label. +# Allow write access for now until we figure out a better solution. +# For example, the following files pop in and out of existance: +# /sys/devices/system/cpu/cpu1/cpufreq/cpuinfo_min_freq +# /sys/devices/system/cpu/cpu1/cpufreq/scaling_min_freq +allow thermal-engine sysfs:file write; diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te deleted file mode 100644 index 9f734f4..0000000 --- a/sepolicy/ueventd.te +++ /dev/null @@ -1,4 +0,0 @@ -allow ueventd sdcard_external:dir search; -allow ueventd sdcard_external:file r_file_perms; -allow ueventd wifi_data_file:dir search; -allow ueventd wifi_data_file:file r_file_perms; diff --git a/sepolicy/wpa.te b/sepolicy/wpa.te deleted file mode 100644 index c8f185f..0000000 --- a/sepolicy/wpa.te +++ /dev/null @@ -1 +0,0 @@ -allow wpa devpts:chr_file rw_file_perms; |