klte-common: sepolicy: Move common items to msm8974-common
* The bulk of this policy isn't specific to klte, so let's move it somewhere that allows the maintenace of it to help other impacted devices. Change-Id: I57b0d24d25e5871c5aa69d415b94ca21f89c1794
This commit is contained in:
Kevin F. Haggerty
parent
16c0928bde
commit
96de9ccf0d
24 changed files with 1 additions and 136 deletions
|
|
@ -1,7 +0,0 @@
|
|||
allow bluetooth bluetooth_device:chr_file rw_file_perms;
|
||||
allow bluetooth bt_fw_file:file r_file_perms;
|
||||
allow bluetooth firmware_file:dir r_dir_perms;
|
||||
allow bluetooth proc_bt_sleep:dir search;
|
||||
allow bluetooth proc_bt_sleep:file w_file_perms;
|
||||
allow bluetooth sysfs_bt_rfkill_state:file w_file_perms;
|
||||
allow bluetooth wifi_data_file:file r_file_perms;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow cameraserver camera_socket:sock_file w_file_perms;
|
||||
allow cameraserver vendor_file:file execmod;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
type bluetooth_device, dev_type;
|
||||
type efs_block_device, dev_type;
|
||||
|
|
@ -1,11 +1 @@
|
|||
type proc_bt_sleep, fs_type;
|
||||
|
||||
type sysfs_bt_rfkill_state, fs_type, sysfs_type;
|
||||
type sysfs_sec, fs_type, sysfs_type;
|
||||
type sysfs_wifi_fw_path, fs_type, sysfs_type;
|
||||
type sysfs_wifi_nv_path, fs_type, sysfs_type;
|
||||
|
||||
type bt_fw_file, file_type;
|
||||
type nfc_fw_file, file_type;
|
||||
type vcs_data_file, file_type, data_file_type;
|
||||
type wifi_efs_file, file_type;
|
||||
|
|
|
|||
|
|
@ -1,40 +1,6 @@
|
|||
# block devices
|
||||
/dev/block/platform/msm_sdcc\.1/by-name/efs u:object_r:efs_block_device:s0
|
||||
/dev/block/platform/msm_sdcc\.1/by-name/fota u:object_r:misc_block_device:s0
|
||||
|
||||
# data files
|
||||
/data/.cid.info u:object_r:wifi_data_file:s0
|
||||
/data/.wifiver.info u:object_r:wifi_data_file:s0
|
||||
/data/(misc|system)/perfd(/.*)? u:object_r:mpctl_data_file:s0
|
||||
/data/validity(/.*)? u:object_r:vcs_data_file:s0
|
||||
|
||||
# device nodes
|
||||
/dev/batch_io u:object_r:sensors_device:s0
|
||||
/dev/bcm2079x u:object_r:nfc_device:s0
|
||||
/dev/btlock u:object_r:bluetooth_device:s0
|
||||
/dev/pn547 u:object_r:nfc_device:s0
|
||||
/dev/rfkill u:object_r:wlan_device:s0
|
||||
/dev/sec-nfc u:object_r:nfc_device:s0
|
||||
/dev/ttyHS3 u:object_r:audio_device:s0
|
||||
/dev/vfsspi u:object_r:vcs_device:s0
|
||||
|
||||
# efs files
|
||||
/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
|
||||
/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
|
||||
|
||||
# executeables
|
||||
/system/vendor/bin/macloader u:object_r:macloader_exec:s0
|
||||
|
||||
# firmware
|
||||
/system/vendor/firmware/bcm4350(.*).hcd u:object_r:bt_fw_file:s0
|
||||
/system/vendor/firmware/libpn547_fw.so u:object_r:nfc_fw_file:s0
|
||||
|
||||
# sockets
|
||||
/data/cam_socket(.*) u:object_r:camera_socket:s0
|
||||
|
||||
# sysfs
|
||||
/sys/devices/battery.[0-9]+/power_supply/battery(/.*)? u:object_r:sysfs_batteryinfo:s0
|
||||
/sys/module/dhd/parameters/firmware_path u:object_r:sysfs_wifi_fw_path:s0
|
||||
/sys/module/dhd/parameters/nvram_path u:object_r:sysfs_wifi_nv_path:s0
|
||||
/sys/devices/platform/bcm4354_bluetooth/rfkill/rfkill0/state u:object_r:sysfs_bt_rfkill_state:s0
|
||||
/sys/devices/virtual/sec/sec_key/hall_irq_ctrl u:object_r:sysfs_sec:s0
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
allow fsck cache_block_device:blk_file rw_file_perms;
|
||||
allow fsck efs_block_device:blk_file rw_file_perms;
|
||||
|
|
@ -1 +0,0 @@
|
|||
genfscon proc /bluetooth/sleep u:object_r:proc_bt_sleep:s0
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
r_dir_file(hal_wifi_default, wifi_efs_file)
|
||||
|
||||
allow hal_wifi_default sysfs_wifi_fw_path:file w_file_perms;
|
||||
allow hal_wifi_default wifi_data_file:file r_file_perms;
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow hal_wifi_supplicant_default wlan_device:chr_file r_file_perms;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
# Required to load shim libraries
|
||||
allow init { domain -lmkd -crash_dump }:process noatsecure;
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
type macloader, domain;
|
||||
type macloader_exec, exec_type, file_type;
|
||||
init_daemon_domain(macloader)
|
||||
|
||||
type_transition macloader system_data_file:file wifi_data_file;
|
||||
|
||||
r_dir_file(macloader, wifi_efs_file)
|
||||
|
||||
allow macloader efs_file:dir search;
|
||||
allow macloader sysfs_wifi_nv_path:file w_file_perms;
|
||||
allow macloader wifi_data_file:file create_file_perms;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow mediaprovider cache_private_backup_file:dir getattr;
|
||||
allow mediaprovider cache_recovery_file:dir r_dir_perms;
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
allow mediaserver camera_socket:sock_file write;
|
||||
allow mediaserver mm-qcamerad:unix_dgram_socket sendto;
|
||||
allow mediaserver thermal-engine:unix_stream_socket connectto;
|
||||
allow mediaserver vendor_file:file execmod;
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
type_transition mm-qcamerad system_data_file:sock_file camera_socket;
|
||||
|
||||
allow mm-qcamerad camera_socket:sock_file create_file_perms;
|
||||
|
||||
# Allow mm-qcamera-daemon to create the socket camera_socket
|
||||
allow mm-qcamerad system_data_file:dir w_dir_perms;
|
||||
|
||||
allow mm-qcamerad vendor_file:file execmod;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow mpdecision mpctl_data_file:dir w_dir_perms;
|
||||
allow mpdecision mpctl_data_file:sock_file create_file_perms;
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow nfc nfc_fw_file:file rx_file_perms;
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
get_prop(priv_app, camera_prop)
|
||||
get_prop(priv_app, qemu_hw_mainkeys_prop)
|
||||
|
||||
allow priv_app device:dir r_dir_perms;
|
||||
allow priv_app proc_interrupts:file r_file_perms;
|
||||
|
|
@ -1 +0,0 @@
|
|||
service.camera.hdmi_preview u:object_r:camera_prop:s0
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
set_prop(rild, net_radio_prop)
|
||||
|
||||
allow rild radio_data_file:dir rw_dir_perms;
|
||||
allow rild radio_data_file:file create_file_perms;
|
||||
allow rild radio_data_file:lnk_file read;
|
||||
|
||||
allow rild proc_net:file w_file_perms;
|
||||
allow rild sysfs_sec:file rw_file_perms;
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
get_prop(system_server, alarm_boot_prop)
|
||||
|
||||
allow system_server efs_file:dir search;
|
||||
allow system_server efs_file:file r_file_perms;
|
||||
allow system_server mpctl_data_file:dir search;
|
||||
allow system_server mpctl_data_file:sock_file w_file_perms;
|
||||
allow system_server mpdecision:unix_stream_socket connectto;
|
||||
allow system_server qmuxd:unix_stream_socket connectto;
|
||||
allow system_server qmuxd_socket:dir w_dir_perms;
|
||||
allow system_server qmuxd_socket:sock_file { create setattr write };
|
||||
allow system_server qti_debugfs:file r_file_perms;
|
||||
allow system_server sensors_device:chr_file r_file_perms;
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
type_transition thermal-engine socket_device:sock_file thermal_socket "thermal-send-client";
|
||||
type_transition thermal-engine socket_device:sock_file thermal_socket "thermal-recv-client";
|
||||
type_transition thermal-engine socket_device:sock_file thermal_socket "thermal-recv-passive-client";
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow vold efs_file:dir rw_dir_perms;
|
||||
allow vold efs_file:file create;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow mediaextractor exfat:file r_file_perms;
|
||||
allow mediaextractor sdcardfs:file r_file_perms;
|
||||
|
|
@ -14,15 +14,6 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
|
||||
-include device/qcom/sepolicy/sepolicy.mk
|
||||
-include device/qcom/sepolicy/legacy-sepolicy.mk
|
||||
|
||||
# Board specific SELinux policy variable definitions
|
||||
BOARD_SEPOLICY_DIRS += \
|
||||
device/samsung/klte-common/sepolicy/common \
|
||||
|
||||
BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \
|
||||
device/samsung/klte-common/sepolicy/public
|
||||
|
||||
BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
|
||||
device/samsung/klte-common/sepolicy/private
|
||||
device/samsung/klte-common/sepolicy/common
|
||||
|
|
|
|||
Loading…
Reference in a new issue