diff options
| author | doc HD <doc.divxm@gmail.com> | 2020-03-30 21:14:07 +0300 |
|---|---|---|
| committer | doc HD <doc.divxm@gmail.com> | 2020-03-30 21:15:15 +0300 |
| commit | e1d2ac72c0b05094905aa53c620c08b9f71d1593 (patch) | |
| tree | d7655a106d4b047082e26d921c31dc0a3347c849 | |
| parent | e208e22f670c9aea9073161e53dc8d459c982d12 (diff) | |
| parent | c662fab7f3a135a44249de59fede6d6630efaa86 (diff) | |
Merge branch 'lineage-17.1' of https://github.com/LineageOS/android_device_qcom_sepolicy into q10.0
Change-Id: I4aaa2d35299c22a78749999b9dd660a74d83e981
34 files changed, 178 insertions, 9 deletions
diff --git a/generic/private/property_contexts b/generic/private/property_contexts index 072c1df8..47b554ac 100644 --- a/generic/private/property_contexts +++ b/generic/private/property_contexts @@ -27,3 +27,4 @@ ro.vendor.qti.va_aosp.support u:object_r:vendor_exported_system_prop:s0 exact bool ro.vendor.qti.va_odm.support u:object_r:vendor_exported_odm_prop:s0 exact bool +ro.netflix.bsp_rev u:object_r:vendor_exported_system_prop:s0 exact string diff --git a/generic/vendor/common/hal_imsrtp.te b/generic/vendor/common/hal_imsrtp.te index 0bce04dc..e80a3434 100644 --- a/generic/vendor/common/hal_imsrtp.te +++ b/generic/vendor/common/hal_imsrtp.te @@ -47,3 +47,7 @@ r_dir_file(hal_imsrtp, sysfs_diag) get_prop(hal_imsrtp, ims_prop) binder_call(hal_imsrtp, radio) + +userdebug_or_eng(` +binder_call(hal_imsrtp, vtloopback_app) +') diff --git a/qva/vendor/common/mdm_helper.te b/generic/vendor/common/mdm_helper.te index 5da248c7..94e30a96 100644 --- a/qva/vendor/common/mdm_helper.te +++ b/generic/vendor/common/mdm_helper.te @@ -45,11 +45,23 @@ allow mdm_helper esoc_device:chr_file rw_file_perms; allow mdm_helper vendor_shell_exec:file rx_file_perms; allow mdm_helper mdm_helper_exec :file x_file_perms; +#Rampdump config +# +# User variant +# Probe for write access to vendor tombstones as the +# presense of tombstones on subsystem does not correlate +# to Android user/userdebug config +allow mdm_helper vendor_tombstone_data_file:dir r_dir_perms; +dontaudit mdm_helper vendor_tombstone_data_file:dir write; +# Userdebug/eng variant userdebug_or_eng(` -#Needed for ram dump storage allow mdm_helper vendor_tombstone_data_file:dir create_dir_perms; allow mdm_helper vendor_tombstone_data_file:file create_file_perms; ') +#Ramdump config END + +#Needed to kill its own forked process on efs sync +allow mdm_helper self:capability kill; #Needed by ks in order to access the efs sync partitions. allow mdm_helper block_device:dir r_dir_perms; diff --git a/generic/vendor/common/peripheral_manager.te b/generic/vendor/common/peripheral_manager.te index ee25cc97..f159b623 100644 --- a/generic/vendor/common/peripheral_manager.te +++ b/generic/vendor/common/peripheral_manager.te @@ -40,6 +40,9 @@ binder_call(vendor_per_mgr, rild) allow vendor_per_mgr self:capability net_bind_service; +# allow system reboot (for subsystem requests) +allow vendor_per_mgr self:capability sys_boot; + allow vendor_per_mgr firmware_file:file r_file_perms; allow vendor_per_mgr firmware_file:dir search; @@ -50,6 +53,9 @@ allow vendor_per_mgr ssr_device:chr_file { open read }; # Needed by libmdmdetect to get subsystem info and to check their states allow vendor_per_mgr sysfs_data:file r_file_perms; +# Get config property +get_prop(vendor_per_mgr, vendor_per_mgr_prop); + # Set the peripheral state property set_prop(vendor_per_mgr, vendor_per_mgr_state_prop); diff --git a/generic/vendor/common/property.te b/generic/vendor/common/property.te index a5ae8764..edf06302 100644 --- a/generic/vendor/common/property.te +++ b/generic/vendor/common/property.te @@ -37,6 +37,7 @@ type ipacm-diag_prop, property_type; type vendor_modem_diag_prop, property_type; type msm_irqbalance_prop, property_type; type vendor_per_mgr_state_prop, property_type; +type vendor_per_mgr_prop, property_type; type vendor_dataqti_prop, property_type; type vendor_dataqdp_prop, property_type; type vendor_ramdump_prop, property_type; diff --git a/generic/vendor/common/property_contexts b/generic/vendor/common/property_contexts index 6c47b1ec..782a6ec1 100644 --- a/generic/vendor/common/property_contexts +++ b/generic/vendor/common/property_contexts @@ -72,6 +72,7 @@ ro.vendor.display. u:object_r:vendor_display_prop:s0 persist.vendor.display. u:object_r:vendor_display_prop:s0 vendor.gralloc. u:object_r:vendor_gralloc_prop:s0 vendor.peripheral. u:object_r:vendor_per_mgr_state_prop:s0 +ro.vendor.peripheral. u:object_r:vendor_per_mgr_prop:s0 vendor.ims. u:object_r:ims_prop:s0 ro.vendor.build.software.version u:object_r:ims_prop:s0 persist.vendor.ims. u:object_r:ims_prop:s0 diff --git a/generic/vendor/common/vendor_init.te b/generic/vendor/common/vendor_init.te index 84e0eee0..f811f76e 100644 --- a/generic/vendor/common/vendor_init.te +++ b/generic/vendor/common/vendor_init.te @@ -91,6 +91,10 @@ set_prop(vendor_init, sensors_prop) #Access vendor bluetooth properties set_prop(vendor_init, vendor_bluetooth_prop) + +#Access peripheral manager config +set_prop(vendor_init, vendor_per_mgr_prop) + userdebug_or_eng(` allow vendor_init proc_security:file rw_file_perms; ') diff --git a/generic/vendor/test/vtloopback_app.te b/generic/vendor/test/vtloopback_app.te index 77a6e3af..d78c8dfb 100644 --- a/generic/vendor/test/vtloopback_app.te +++ b/generic/vendor/test/vtloopback_app.te @@ -35,6 +35,7 @@ binder_call(vtloopback_app, hal_imsrtp) allow vtloopback_app hal_imsrtp_hwservice:hwservice_manager find; allow vtloopback_app cameraserver_service:service_manager find; allow vtloopback_app mediaserver_service:service_manager find; +allow vtloopback_app gpu_service:service_manager find; get_prop(vtloopback_app, ims_prop) allow vtloopback_app { app_api_service activity_service }:service_manager find; ') diff --git a/legacy/vendor/common/hal_imsrtp.te b/legacy/vendor/common/hal_imsrtp.te index 51e6f23b..2745c156 100644 --- a/legacy/vendor/common/hal_imsrtp.te +++ b/legacy/vendor/common/hal_imsrtp.te @@ -61,3 +61,7 @@ allow hal_imsrtp sysfs_data:file r_file_perms; get_prop(hal_imsrtp, qcom_ims_prop) binder_call(hal_imsrtp, radio) + +userdebug_or_eng(` +binder_call(hal_imsrtp, vtloopback_app) +') diff --git a/legacy/vendor/common/netmgrd.te b/legacy/vendor/common/netmgrd.te index dc55ac48..e3453e97 100644 --- a/legacy/vendor/common/netmgrd.te +++ b/legacy/vendor/common/netmgrd.te @@ -101,6 +101,7 @@ hwbinder_use(netmgrd) binder_call(netmgrd, netd) allow netmgrd system_net_netd_hwservice:hwservice_manager find; +allow netmgrd self:capability { net_admin net_raw setgid setpcap setuid kill }; allow netmgrd sysfs_net:dir r_dir_perms; allow netmgrd sysfs_net:file rw_file_perms; diff --git a/legacy/vendor/test/vtloopback_app.te b/legacy/vendor/test/vtloopback_app.te index 7b40c825..d0b1242b 100755 --- a/legacy/vendor/test/vtloopback_app.te +++ b/legacy/vendor/test/vtloopback_app.te @@ -35,6 +35,7 @@ binder_call(vtloopback_app, hal_imsrtp) allow vtloopback_app hal_imsrtp_hwservice:hwservice_manager find; allow vtloopback_app cameraserver_service:service_manager find; allow vtloopback_app mediaserver_service:service_manager find; +allow vtloopback_app gpu_service:service_manager find; get_prop(vtloopback_app, qcom_ims_prop) allow vtloopback_app { app_api_service activity_service }:service_manager find; ') diff --git a/qva/private/seapp_contexts b/qva/private/seapp_contexts index 0eba5016..6a92d1d1 100644 --- a/qva/private/seapp_contexts +++ b/qva/private/seapp_contexts @@ -26,4 +26,4 @@ # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #Add new domain for qti value added Location apps -user=system seinfo=platform name=com.qualcomm.location.XT isPrivApp=true domain=location_app type=system_app_data_file
\ No newline at end of file +user=system seinfo=platform name=com.qualcomm.location.XT isPrivApp=true domain=location_app type=system_app_data_file diff --git a/qva/private/service_contexts b/qva/private/service_contexts index baad4ba2..32d28624 100644 --- a/qva/private/service_contexts +++ b/qva/private/service_contexts @@ -30,6 +30,7 @@ MinkBinderSvc u:object_r:MinkBinderSvc:s0 vendor.perfservice u:object_r:vendor_perf_service:s0 sms-sec u:object_r:radio_service:s0 extphone u:object_r:radio_service:s0 +qti.ims.ext u:object_r:radio_service:s0 com.qualcomm.location.izat.IzatService u:object_r:izat_service:s0 qti.security.seempspa u:object_r:seemp_service:s0 vendor.audio.vrservice u:object_r:audioserver_service:s0 diff --git a/qva/public/attributes b/qva/public/attributes index 870049ac..477d0cf6 100644 --- a/qva/public/attributes +++ b/qva/public/attributes @@ -28,3 +28,7 @@ attribute sigmahal; attribute sigmahal_server; attribute sigmahal_client; + +attribute hal_spu; +attribute hal_spu_client; +attribute hal_spu_server; diff --git a/qva/vendor/bengal/file_contexts b/qva/vendor/bengal/file_contexts index a607e41f..ba05fce0 100644 --- a/qva/vendor/bengal/file_contexts +++ b/qva/vendor/bengal/file_contexts @@ -169,3 +169,13 @@ # same process HAL libs /vendor/lib(64)?/hw/vulkan\.bengal\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/hw/gralloc\.bengal\.so u:object_r:same_process_hal_file:s0 + +# Bluetooth LAZY HAL +/vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti-lazy u:object_r:hal_bluetooth_default_exec:s0 + +################################### +# sysfs files +# +/sys/devices/virtual/block/dm-[0-6]/queue/read_ahead_kb u:object_r:sysfs_mmc_host:s0 + +/sys/devices/platform/soc/1b40000.qfprom/qfprom0/feat_conf10 u:object_r:sysfs_qfprom:s0 diff --git a/qva/vendor/bengal/genfs_contexts b/qva/vendor/bengal/genfs_contexts index 5dc86970..6309ea54 100644 --- a/qva/vendor/bengal/genfs_contexts +++ b/qva/vendor/bengal/genfs_contexts @@ -42,6 +42,7 @@ genfscon sysfs /class/qcom-battery u:object_r:sysfs_battery_supply:s0 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-03/1c40000.qcom,spmi:qcom,pmi632@3:qcom,leds@d000/leds u:object_r:sysfs_graphics:s0 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-03/1c40000.qcom,spmi:qcom,pmi632@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-03/1c40000.qcom,spmi:qcom,pmi632@3:qcom,vibrator@5700/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-01/1c40000.qcom,spmi:qcom,pm2250@1:qcom,vibrator@5600/leds/vibrator u:object_r:sysfs_leds:s0 # Power supply device nodes @@ -62,6 +63,7 @@ genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-ddr-latfloor/devfreq u:ob genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0 #net sysfs +genfscon sysfs /devices/platform/soc/c800000.qcom,icnss u:object_r:sysfs_net:s0 #fps sysfs-node diff --git a/qva/vendor/common/attributes b/qva/vendor/common/attributes index 62d70f63..c06997bb 100644 --- a/qva/vendor/common/attributes +++ b/qva/vendor/common/attributes @@ -119,10 +119,6 @@ attribute hal_bluetooth_dun; attribute hal_bluetooth_dun_client; attribute hal_bluetooth_dun_server; -attribute hal_spu; -attribute hal_spu_client; -attribute hal_spu_server; - attribute hal_embmssl; attribute hal_embmssl_client; attribute hal_embmssl_server; diff --git a/qva/vendor/common/cnd.te b/qva/vendor/common/cnd.te index b4d2b743..9444bf01 100644 --- a/qva/vendor/common/cnd.te +++ b/qva/vendor/common/cnd.te @@ -61,6 +61,10 @@ allowxperm cnd self:udp_socket ioctl wlan_sock_ioctls; add_hwservice(cnd, hal_latency_hwservice) +add_hwservice(cnd,hal_slmadapter_hwservice) + +get_prop(cnd,slm_prop) + ############################################################## #for using public interface vendor.qti.data.factory #client should add their domain to cnd.te diff --git a/qva/vendor/common/dataservice_app.te b/qva/vendor/common/dataservice_app.te new file mode 100644 index 00000000..8a80e161 --- /dev/null +++ b/qva/vendor/common/dataservice_app.te @@ -0,0 +1,28 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow dataservice_app hal_slmadapter_hwservice:hwservice_manager find; diff --git a/qva/vendor/common/file.te b/qva/vendor/common/file.te index da27bdd7..05dbcf72 100644 --- a/qva/vendor/common/file.te +++ b/qva/vendor/common/file.te @@ -128,3 +128,7 @@ type vendor_qspmhal_data_file, file_type, data_file_type; type sysfs_memory_offline, sysfs_type, fs_type; type sysfs_qfprom, fs_type, sysfs_type; + +#slub-debug +type sysfs_slab_zshandle_storeuser, fs_type, sysfs_type; +type sysfs_slab_zspage_storeuser, fs_type, sysfs_type; diff --git a/qva/vendor/common/genfs_contexts b/qva/vendor/common/genfs_contexts index d3d6aa88..37f03230 100644 --- a/qva/vendor/common/genfs_contexts +++ b/qva/vendor/common/genfs_contexts @@ -41,3 +41,6 @@ genfscon sysfs /module/rmnet_perf/parameters u:object_r:sysfs_rmnet:s0 genfscon sysfs /kernel/qvr_external_sensor u:object_r:sysfs_qvr_external_sensor:s0 genfscon sysfs /devices/system/memory/ u:object_r:sysfs_memory_offline:s0 + +genfscon sysfs /kernel/slab/zs_handle/store_user u:object_r:sysfs_slab_zshandle_storeuser:s0 +genfscon sysfs /kernel/slab/zspage/store_user u:object_r:sysfs_slab_zspage_storeuser:s0 diff --git a/qva/vendor/common/hal_spu_qti.te b/qva/vendor/common/hal_spu_qti.te index d3664bfc..950e4a20 100644 --- a/qva/vendor/common/hal_spu_qti.te +++ b/qva/vendor/common/hal_spu_qti.te @@ -41,6 +41,9 @@ binder_call(hal_spu_server, hal_spu_client) # Allow the service to be added to hwservice list hal_attribute_hwservice(hal_spu, hal_spu_hwservice) +# Allow access to spss_utils device +allow hal_spu_qti spss_utils_device:chr_file rw_file_perms; + # Allow access to spcom devices allow hal_spu_qti spcom_device:chr_file rw_file_perms; allow hal_spu_qti skp_device:chr_file rw_file_perms; diff --git a/qva/vendor/common/hwservice.te b/qva/vendor/common/hwservice.te index b0083e0a..c7b8e490 100644 --- a/qva/vendor/common/hwservice.te +++ b/qva/vendor/common/hwservice.te @@ -53,3 +53,4 @@ type hal_bluetooth_dun_hwservice, hwservice_manager_type; type hal_qseecom_hwservice, hwservice_manager_type; type hal_spu_hwservice, hwservice_manager_type; type hal_embmssl_hwservice, hwservice_manager_type; +type hal_slmadapter_hwservice, hwservice_manager_type; diff --git a/qva/vendor/common/hwservice_contexts b/qva/vendor/common/hwservice_contexts index 82443ec9..6158afa6 100755 --- a/qva/vendor/common/hwservice_contexts +++ b/qva/vendor/common/hwservice_contexts @@ -72,3 +72,4 @@ vendor.qti.hardware.cryptfshw::ICryptfsHw u:object_r:hal_keym vendor.qti.hardware.qseecom::IQSEECom u:object_r:hal_qseecom_hwservice:s0 vendor.qti.spu::ISPUManager u:object_r:hal_spu_hwservice:s0 vendor.qti.hardware.embmssl::IEmbms u:object_r:hal_embmssl_hwservice:s0 +vendor.qti.hardware.slmadapter::ISlmAdapter u:object_r:hal_slmadapter_hwservice:s0 diff --git a/qva/vendor/common/init_shell.te b/qva/vendor/common/init_shell.te index a36a37d2..b9f46de2 100644 --- a/qva/vendor/common/init_shell.te +++ b/qva/vendor/common/init_shell.te @@ -49,3 +49,12 @@ userdebug_or_eng(` set_prop(qti_init_shell, vendor_audio_debug_prop) set_prop(qti_init_shell, vendor_coresight_prop) ') + +#allow configuring slub debug options +allow qti_init_shell sysfs_slab_zshandle_storeuser:file w_file_perms; +allow qti_init_shell sysfs_slab_zspage_storeuser:file w_file_perms; + +allow qti_init_shell { + sysfs_mmc_host +}:file w_file_perms; + diff --git a/qva/vendor/common/lmkd.te b/qva/vendor/common/lmkd.te index 72b30760..48d9296b 100644 --- a/qva/vendor/common/lmkd.te +++ b/qva/vendor/common/lmkd.te @@ -33,7 +33,7 @@ allow lmkd hwservicemanager:binder call; # Used by LMKD to work with EPOLLWAKEUP events. allow lmkd self:global_capability2_class_set block_suspend; - +allow lmkd proc_vmstat:file r_file_perms; userdebug_or_eng(` allow lmkd kmsg_device:chr_file rw_file_perms; ') diff --git a/qva/vendor/common/property.te b/qva/vendor/common/property.te index c8241d41..69220f66 100644 --- a/qva/vendor/common/property.te +++ b/qva/vendor/common/property.te @@ -91,3 +91,6 @@ type vendor_qvr_prop, property_type; #qmuxd property type ctl_qmuxd_prop, property_type; + +#slm property +type slm_prop, property_type; diff --git a/qva/vendor/common/property_contexts b/qva/vendor/common/property_contexts index d3131271..483d062c 100644 --- a/qva/vendor/common/property_contexts +++ b/qva/vendor/common/property_contexts @@ -123,3 +123,6 @@ ctl.start$vendor.qmuxd u:object_r:ctl_qmuxd_prop:s0 #bluetooth property ro.vendor.bt.enablelazyhal u:object_r:bluetooth_prop:s0 exact bool + +#SLM +persist.vendor.slm. u:object_r:slm_prop:s0 diff --git a/qva/vendor/common/sec_nvm.te b/qva/vendor/common/sec_nvm.te index 2fde9d32..5a06e348 100644 --- a/qva/vendor/common/sec_nvm.te +++ b/qva/vendor/common/sec_nvm.te @@ -40,6 +40,9 @@ allow sec_nvm persist_secnvm_file:file create_file_perms; allow sec_nvm sysfs_scsi_host:file rw_file_perms; +# Allow access to spss_utils device +allow sec_nvm spss_utils_device:chr_file rw_file_perms; + allow sec_nvm spcom_device:chr_file { getattr rw_file_perms }; allow sec_nvm sp_ssr_device:chr_file rw_file_perms; set_prop(sec_nvm, spcomlib_prop) diff --git a/qva/vendor/kona/hal_biometricsface.te b/qva/vendor/kona/hal_biometricsface.te index 7b5e7e39..c1404d43 100644 --- a/qva/vendor/kona/hal_biometricsface.te +++ b/qva/vendor/kona/hal_biometricsface.te @@ -45,7 +45,7 @@ allow vendor_biometricsface qdsp_device:chr_file rw_file_perms; allow vendor_biometricsface dsp_device:chr_file rw_file_perms; # Access for sdcard -userdebug_or_eng(' +userdebug_or_eng(` allow vendor_biometricsface sdcard_type:dir rw_dir_perms; allow vendor_biometricsface sdcard_type:file create_file_perms; ') diff --git a/qva/vendor/lito/genfs_contexts b/qva/vendor/lito/genfs_contexts index b80b103c..83c31949 100644 --- a/qva/vendor/lito/genfs_contexts +++ b/qva/vendor/lito/genfs_contexts @@ -1,4 +1,4 @@ -# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -37,6 +37,8 @@ genfscon sysfs /class/qcom-battery u:object_r:sysfs_battery_supply:s0 genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-2/2-000c/98c000.i2c:qcom,smb1355@c:qcom,smb1355-charger@1000/power_supply/parallel u:object_r:sysfs_battery_supply:s0 genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-2/2-0010/98c000.i2c:qcom,smb1390@10:qcom,charge_pump/power_supply/charge_pump_master u:object_r:sysfs_battery_supply:s0 genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-2/2-0018/98c000.i2c:qcom,smb1390_slave@18:qcom,charge_pump_slave/power_supply/cp_slave u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-2/2-0034/98c000.i2c:qcom,smb1396@34:qcom,div2_cp/power_supply/charge_pump_master u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-2/2-0035/98c000.i2c:qcom,smb1396@35:qcom,div2_cp_slave/power_supply/cp_slave u:object_r:sysfs_battery_supply:s0 #qdss sysfs-node genfscon sysfs /devices/platform/soc/6b05000.tmc/coresight-tmc-etf u:object_r:sysfs_qdss_dev:s0 genfscon sysfs /devices/platform/soc/6048000.tmc/coresight-tmc-etr u:object_r:sysfs_qdss_dev:s0 diff --git a/qva/vendor/test/dualsta_app.te b/qva/vendor/test/dualsta_app.te new file mode 100644 index 00000000..851b67a2 --- /dev/null +++ b/qva/vendor/test/dualsta_app.te @@ -0,0 +1,50 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# qva/private/location_app_test.te - sepolicy rules for qti value added +# location apps (internal) that will be part of system image. eg: ODLT, Qlogcat + +type dualsta_app, domain; +app_domain(dualsta_app) + +userdebug_or_eng(` + binder_call(cnd,dualsta_app) + binder_call(dualsta_app,cnd) + allow dualsta_app hal_datafactory_hwservice:hwservice_manager find; + allow dualsta_app activity_service:service_manager find; + allow dualsta_app activity_task_service:service_manager find; + allow dualsta_app audio_service:service_manager find; + allow dualsta_app autofill_service:service_manager find; + allow dualsta_app cgroup:file write; + allow dualsta_app gpu_service:service_manager find; + allow dualsta_app gpuservice:binder call; + allow dualsta_app surfaceflinger_service:service_manager find; + allow dualsta_app system_app_data_file:dir { add_name getattr remove_name search write }; + allow dualsta_app system_app_data_file:file { create getattr map open read setattr unlink write }; + allow dualsta_app textservices_service:service_manager find; +') + diff --git a/qva/vendor/test/location_app_test.te b/qva/vendor/test/location_app_test.te index bbb9ac82..b8fe158e 100644 --- a/qva/vendor/test/location_app_test.te +++ b/qva/vendor/test/location_app_test.te @@ -52,4 +52,7 @@ userdebug_or_eng(` allow location_app_test self:qipcrtr_socket create_socket_perms_no_ioctl; allow location_app_test audioserver_service:service_manager find; + + #dontaudit denial location_app_test to access hwservice_manager + dontaudit location_app_test hal_qspmhal_hwservice:hwservice_manager find; ') diff --git a/qva/vendor/test/seapp_contexts b/qva/vendor/test/seapp_contexts index 4aba4c49..a17b0157 100644 --- a/qva/vendor/test/seapp_contexts +++ b/qva/vendor/test/seapp_contexts @@ -32,3 +32,6 @@ user=system seinfo=platform name=.loopbackservice domain=qtiloopback_app type=sy #Add new domain for QDMAUtils user=system seinfo=platform name=com.qualcomm.qti.qdmautils domain=qdmautils_app type=system_app_data_file + +user=_app seinfo=platform name=com.qualcomm.qti.dualstaapp domain=dualsta_app type=app_data_file levelfrom=all + |