msm8226-common: sepolicy: base bringup to Q
This commit is contained in:
RomanDesigner
parent
e8af831705
commit
6ca1b24cde
|
|
@ -0,0 +1 @@
|
|||
allow audioserver device:chr_file ioctl;
|
||||
|
|
@ -0,0 +1 @@
|
|||
allow crash_dump init:process ptrace;
|
||||
|
|
@ -1,2 +1,3 @@
|
|||
type bluetooth_device, dev_type;
|
||||
type efs_block_device, dev_type;
|
||||
type alarm_device, dev_type, mlstrustedobject;
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
allow domain alarm_device:chr_file r_file_perms;
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
type proc_bt_sleep, fs_type, proc_type;
|
||||
|
||||
# type proc_last_kmsg, fs_type, proc_type;
|
||||
type sysfs_camera, fs_type, sysfs_type;
|
||||
type sysfs_disk_stat, fs_type, sysfs_type;
|
||||
type sysfs_hal_pwr, fs_type, sysfs_type;
|
||||
type sysfs_iio, fs_type, sysfs_type;
|
||||
type sysfs_input, fs_type, sysfs_type;
|
||||
|
|
@ -18,7 +17,6 @@ type sysfs_sec_touchkey, fs_type, sysfs_type;
|
|||
type sysfs_sec_tsp, fs_type, sysfs_type;
|
||||
type sysfs_usb_otg, fs_type, sysfs_type;
|
||||
type sysfs_wifi_writeable, fs_type, sysfs_type;
|
||||
|
||||
type bt_fw_file, file_type;
|
||||
type nfc_fw_file, file_type;
|
||||
type wifi_efs_file, file_type;
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
allow firmware_file labeledfs:filesystem associate;
|
||||
|
|
@ -0,0 +1,115 @@
|
|||
allow flags_health_check alarm_boot_prop:file { getattr open };
|
||||
allow flags_health_check alarm_handled_prop:file { getattr open };
|
||||
allow flags_health_check alarm_instance_prop:file { getattr open };
|
||||
allow flags_health_check apexd_prop:file { getattr open };
|
||||
allow flags_health_check bg_boot_complete_prop:file { getattr open };
|
||||
allow flags_health_check bg_daemon_prop:file { getattr open };
|
||||
allow flags_health_check bluetooth_prop:file { getattr open };
|
||||
allow flags_health_check boot_animation_prop:file { getattr open };
|
||||
allow flags_health_check boot_mode_prop:file { getattr open };
|
||||
allow flags_health_check bootloader_boot_reason_prop:file { getattr open };
|
||||
allow flags_health_check boottime_prop:file { getattr open };
|
||||
allow flags_health_check bpf_progs_loaded_prop:file { getattr open };
|
||||
allow flags_health_check bservice_prop:file { getattr open };
|
||||
allow flags_health_check camera_prop:file { getattr open };
|
||||
allow flags_health_check coresight_prop:file { getattr open };
|
||||
allow flags_health_check crash_prop:file { getattr open };
|
||||
allow flags_health_check ctl_LKCore_prop:file { getattr open };
|
||||
allow flags_health_check ctl_adbd_prop:file { getattr open };
|
||||
allow flags_health_check ctl_bootanim_prop:file { getattr open };
|
||||
allow flags_health_check ctl_bugreport_prop:file { getattr open };
|
||||
allow flags_health_check ctl_console_prop:file { getattr open };
|
||||
allow flags_health_check ctl_default_prop:file { getattr open };
|
||||
allow flags_health_check ctl_dumpstate_prop:file { getattr open };
|
||||
allow flags_health_check ctl_fuse_prop:file { getattr open };
|
||||
allow flags_health_check ctl_gsid_prop:file { getattr open };
|
||||
allow flags_health_check ctl_hbtp_prop:file { getattr open };
|
||||
allow flags_health_check ctl_interface_restart_prop:file { getattr open };
|
||||
allow flags_health_check ctl_interface_start_prop:file { getattr open };
|
||||
allow flags_health_check ctl_interface_stop_prop:file { getattr open };
|
||||
allow flags_health_check ctl_mdnsd_prop:file { getattr open };
|
||||
allow flags_health_check ctl_netmgrd_prop:file { getattr open };
|
||||
allow flags_health_check ctl_port-bridge_prop:file { getattr open };
|
||||
allow flags_health_check ctl_qmuxd_prop:file { getattr open };
|
||||
allow flags_health_check ctl_restart_prop:file { getattr open };
|
||||
allow flags_health_check ctl_rildaemon_prop:file { getattr open };
|
||||
allow flags_health_check ctl_sigstop_prop:file { getattr open };
|
||||
allow flags_health_check ctl_start_prop:file { getattr open };
|
||||
allow flags_health_check ctl_stop_prop:file { getattr open };
|
||||
allow flags_health_check ctl_vendor_imsrcsservice_prop:file { getattr open };
|
||||
allow flags_health_check ctl_vendor_wigigsvc_prop:file { getattr open };
|
||||
allow flags_health_check device_logging_prop:file { getattr open };
|
||||
allow flags_health_check diag_mdlog_prop:file { getattr open };
|
||||
allow flags_health_check dolby_prop:file { getattr open };
|
||||
allow flags_health_check dumpstate_options_prop:file { getattr open };
|
||||
allow flags_health_check dynamic_system_prop:file { getattr open };
|
||||
allow flags_health_check firstboot_prop:file { getattr open };
|
||||
allow flags_health_check fm_prop:file { getattr open };
|
||||
allow flags_health_check freq_prop:file { getattr open };
|
||||
allow flags_health_check fst_prop:file { getattr open };
|
||||
allow flags_health_check gamed_prop:file { getattr open };
|
||||
allow flags_health_check graphics_vulkan_prop:file { getattr open };
|
||||
allow flags_health_check gsid_prop:file { getattr open };
|
||||
allow flags_health_check heapprofd_enabled_prop:file { getattr open };
|
||||
allow flags_health_check hwservicemanager_prop:file { getattr open };
|
||||
allow flags_health_check hwui_prop:file { getattr open };
|
||||
allow flags_health_check ipacm-diag_prop:file { getattr open };
|
||||
allow flags_health_check ipacm_prop:file { getattr open };
|
||||
allow flags_health_check last_boot_reason_prop:file { getattr open };
|
||||
allow flags_health_check llkd_prop:file { getattr open };
|
||||
allow flags_health_check location_prop:file { getattr open };
|
||||
allow flags_health_check logpersistd_logging_prop:file { getattr open };
|
||||
allow flags_health_check lowpan_prop:file { getattr open };
|
||||
allow flags_health_check lpdumpd_prop:file { getattr open };
|
||||
allow flags_health_check mdm_helper_prop:file { getattr open };
|
||||
allow flags_health_check mmc_prop:file { getattr open };
|
||||
allow flags_health_check mmi_prop:file { getattr open };
|
||||
allow flags_health_check mpdecision_prop:file { getattr open };
|
||||
allow flags_health_check msm_irqbalance_prop:file { getattr open };
|
||||
allow flags_health_check msm_irqbl_sdm630_prop:file { getattr open };
|
||||
allow flags_health_check net_dns_prop:file { getattr open };
|
||||
allow flags_health_check netd_prop:file { getattr open };
|
||||
allow flags_health_check netd_stable_secret_prop:file { getattr open };
|
||||
allow flags_health_check nfc_nq_prop:file { getattr open };
|
||||
allow flags_health_check nnapi_ext_deny_product_prop:file { getattr open };
|
||||
allow flags_health_check opengles_prop:file { getattr open };
|
||||
allow flags_health_check overlay_prop:file { getattr open };
|
||||
allow flags_health_check per_mgr_state_prop:file { getattr open };
|
||||
allow flags_health_check perfd_prop:file { getattr open };
|
||||
allow flags_health_check persistent_properties_ready_prop:file { getattr open };
|
||||
allow flags_health_check postprocessing_prop:file { getattr open };
|
||||
allow flags_health_check ppd_prop:file { getattr open };
|
||||
allow flags_health_check qcom_ims_prop:file { getattr open };
|
||||
allow flags_health_check qdma_prop:file { getattr open };
|
||||
allow flags_health_check qemu_gles_prop:file { getattr open };
|
||||
allow flags_health_check qti_prop:file { getattr open };
|
||||
allow flags_health_check reschedule_service_prop:file { getattr open };
|
||||
allow flags_health_check rmnet_mux_prop:file { getattr open };
|
||||
allow flags_health_check safemode_prop:file { getattr open };
|
||||
allow flags_health_check scr_enabled_prop:file { getattr open };
|
||||
allow flags_health_check sdm_idle_time_prop:file { getattr open };
|
||||
allow flags_health_check sensors_prop:file { getattr open };
|
||||
allow flags_health_check serialno_prop:file { getattr open };
|
||||
allow flags_health_check spcomlib_prop:file { getattr open };
|
||||
allow flags_health_check sys_usb_configfs_prop:file { getattr open };
|
||||
allow flags_health_check sys_usb_controller_prop:file { getattr open };
|
||||
allow flags_health_check sys_usb_tethering_prop:file { getattr open };
|
||||
allow flags_health_check system_boot_reason_prop:file { getattr open };
|
||||
allow flags_health_check system_lmk_prop:file { getattr open };
|
||||
allow flags_health_check system_trace_prop:file { getattr open };
|
||||
allow flags_health_check test_boot_reason_prop:file { getattr open };
|
||||
allow flags_health_check theme_prop:file { getattr open };
|
||||
allow flags_health_check time_prop:file { getattr open };
|
||||
allow flags_health_check traced_enabled_prop:file { getattr open };
|
||||
allow flags_health_check traced_lazy_prop:file { getattr open };
|
||||
allow flags_health_check uicc_prop:file { getattr open };
|
||||
allow flags_health_check usf_prop:file { getattr open };
|
||||
allow flags_health_check vendor_mpctl_prop:file { getattr open };
|
||||
allow flags_health_check vendor_rild_libpath_prop:file { getattr open };
|
||||
allow flags_health_check vendor_system_prop:file { getattr open };
|
||||
allow flags_health_check vendor_wifi_prop:file { getattr open };
|
||||
allow flags_health_check vm_bms_prop:file { getattr open };
|
||||
allow flags_health_check wifi_prop:file { getattr open };
|
||||
allow flags_health_check wififtmd_prop:file { getattr open };
|
||||
allow flags_health_check wigig_prop:file { getattr open };
|
||||
allow flags_health_check xlat_prop:file { getattr open };
|
||||
|
|
@ -0,0 +1 @@
|
|||
allow hal_graphics_composer_default default_android_vndservice:service_manager add;
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
allow hal_lineage_touch_default sysfs_sec_touchkey:dir search;
|
||||
allow hal_lineage_touch_default sysfs_sec_tsp:dir search;
|
||||
allow hal_lineage_touch_default sysfs_sec_tsp:file rw_file_perms;
|
||||
allow hal_lineage_touch_default sysfs_sec_touchkey:dir search;
|
||||
|
|
|
|||
|
|
@ -3,3 +3,4 @@ r_dir_file(hal_wifi_default, wifi_efs_file)
|
|||
allow hal_wifi_default efs_file:dir search;
|
||||
allow hal_wifi_default sysfs_wifi_writeable:file w_file_perms;
|
||||
allow hal_wifi_default wifi_data_file:file r_file_perms;
|
||||
allow hal_wifi_default default_prop:property_service set;
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ allow init {
|
|||
}:lnk_file read;
|
||||
|
||||
allow init {
|
||||
proc
|
||||
sysfs_audio
|
||||
sysfs_batteryinfo
|
||||
sysfs_bluetooth_writable
|
||||
|
|
@ -57,3 +58,8 @@ allow init {
|
|||
|
||||
allow init sysfs:file setattr;
|
||||
allow init sysfs_devfreq:file setattr;
|
||||
allow init efs_file:dir mounton;
|
||||
allow init init:capability2 block_suspend;
|
||||
allow init system_file:file mounton;
|
||||
allow init sysfs_leds:lnk_file read;
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
allow installd device:file write;
|
||||
allow installd device:file open;
|
||||
|
|
@ -1,5 +1,13 @@
|
|||
allow mediaserver cameraproxy_service:service_manager find;
|
||||
allow mediaserver device:dir read;
|
||||
allow mediaserver hal_camera_default:binder { call transfer };
|
||||
allow mediaserver hal_camera_hwservice:hwservice_manager find;
|
||||
allow mediaserver sensor_privacy_service:service_manager find;
|
||||
allow mediaserver sysfs_camera:dir search;
|
||||
allow mediaserver sysfs_camera:file r_file_perms;
|
||||
allow mediaserver vendor_file:file execmod;
|
||||
allow mediaserver system_data_file:sock_file write;
|
||||
allow mediaserver hal_lineage_camera_motor_hwservice:hwservice_manager find;
|
||||
allow mediaserver cameraserver_service:service_manager add;
|
||||
allow mediaserver fwk_camera_hwservice:hwservice_manager add;
|
||||
allow mediaserver hidl_base_hwservice:hwservice_manager add;
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
allow mediaswcodec servicemanager:binder call;
|
||||
|
|
@ -1 +1,2 @@
|
|||
allow system_app netd:binder call;
|
||||
allow netd device:file { open write };
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
allow qti_init_shell bluetooth_loader_exec:file getattr;
|
||||
allow qti_init_shell bluetooth_loader_exec:file execute;
|
||||
allow qti_init_shell bluetooth_loader_exec:file { open read };
|
||||
allow qti_init_shell bluetooth_loader_exec:file execute_no_trans;
|
||||
allow qti_init_shell efs_file:dir search;
|
||||
allow qti_init_shell bluetooth_efs_file:dir search;
|
||||
allow qti_init_shell bluetooth_efs_file:file read;
|
||||
allow qti_init_shell bluetooth_efs_file:file open;
|
||||
allow qti_init_shell bluetooth_efs_file:file getattr;
|
||||
|
|
@ -0,0 +1 @@
|
|||
allow radio alarm_device:chr_file rw_file_perms;
|
||||
|
|
@ -6,6 +6,10 @@ allow rild radio_data_file:lnk_file read;
|
|||
|
||||
allow rild proc_net:file w_file_perms;
|
||||
allow rild sysfs_sec_key:file rw_file_perms;
|
||||
allow rild unlabeled:dir search;
|
||||
|
||||
allow rild unlabeled:dir search;
|
||||
allow rild unlabeled:file { getattr open read };
|
||||
|
||||
allow rild device:chr_file read;
|
||||
allow rild device:chr_file open;
|
||||
allow rild device:chr_file ioctl;
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
allow servicemanager mediaswcodec:dir search;
|
||||
allow servicemanager mediaswcodec:file { open read };
|
||||
allow servicemanager mediaswcodec:process getattr;
|
||||
allow surfaceflinger hal_graphics_allocator_hwservice:hwservice_manager add;
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
get_prop(appdomain, camera_prop)
|
||||
binder_call(appdomain, gpuservice)
|
||||
|
|
@ -1,2 +1,8 @@
|
|||
allow system_app apex_service:service_manager find;
|
||||
allow system_app proc_pagetypeinfo:file { open read };
|
||||
allow system_app sysfs_mdnie:dir search;
|
||||
allow system_app sysfs_mdnie:file rw_file_perms;
|
||||
allow system_app system_suspend_control_service:service_manager find;
|
||||
allow system_app apk_data_file:dir write;
|
||||
allow system_app proc_pagetypeinfo:file getattr;
|
||||
allow system_app sysfs_zram:dir search;
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ allow system_server {
|
|||
|
||||
allow system_server {
|
||||
efs_file
|
||||
proc_last_kmsg
|
||||
qti_debugfs
|
||||
}:file r_file_perms;
|
||||
|
||||
|
|
@ -14,4 +15,7 @@ allow system_server {
|
|||
sysfs_sec_touchkey
|
||||
}:file w_file_perms;
|
||||
|
||||
allow system_server init:binder call;
|
||||
allow system_server unlabeled:file unlink;
|
||||
allow system_server proc:file { getattr open read };
|
||||
allow system_server crash_dump:process getpgid;
|
||||
|
|
@ -0,0 +1 @@
|
|||
allow tee rpmb_device:blk_file ioctl;
|
||||
|
|
@ -3,3 +3,7 @@ type_transition thermal-engine socket_device:sock_file thermal_socket "thermal-r
|
|||
type_transition thermal-engine socket_device:sock_file thermal_socket "thermal-recv-passive-client";
|
||||
|
||||
allow thermal-engine self:capability chown;
|
||||
|
||||
allow thermal-engine sysfs_batteryinfo:dir search;
|
||||
allow thermal-engine sysfs_batteryinfo:file read;
|
||||
allow thermal-engine sysfs_batteryinfo:file open;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
allow time_daemon device:chr_file { read write };
|
||||
allow time_daemon device:chr_file open;
|
||||
allow time_daemon device:chr_file ioctl;
|
||||
|
|
@ -1,2 +1,9 @@
|
|||
allow ueventd vfat:dir search;
|
||||
allow ueventd vfat:file { getattr open read };
|
||||
|
||||
allow ueventd exfat:dir search;
|
||||
allow ueventd exfat:file read;
|
||||
allow ueventd exfat:file open;
|
||||
allow ueventd exfat:file getattr;
|
||||
|
||||
allow ueventd proc:file { read };
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
dontaudit untrusted_app_25 net_dns_prop:file read;
|
||||
dontaudit untrusted_app_25 proc:file read;
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
allow vendor_init firmware_file:lnk_file { read };
|
||||
allow vendor_init kernel:security { check_context };
|
||||
allow vendor_init packages_list_file:file { getattr open read };
|
||||
allow vendor_init radio_data_file:lnk_file { relabelto unlink };
|
||||
allow vendor_init seapp_contexts_file:file { getattr open read };
|
||||
allow vendor_init selinuxfs:file { write };
|
||||
allow vendor_init sysfs:file { relabelfrom };
|
||||
allow vendor_init sysfs:dir { relabelfrom };
|
||||
allow vendor_init system_data_file:file { setattr write };
|
||||
allow vendor_init system_data_file:lnk_file { create getattr relabelfrom };
|
||||
allow vendor_init wifi_data_file:file { getattr setattr write };
|
||||
|
||||
type_transition vendor_init system_data_file:file wifi_data_file;
|
||||
|
||||
allow vendor_init packages_list_file:file r_file_perms;
|
||||
allow vendor_init proc_security:file rw_file_perms;
|
||||
allow vendor_init radio_data_file:lnk_file create_file_perms;
|
||||
allow vendor_init seapp_contexts_file:file r_file_perms;
|
||||
allow vendor_init wifi_data_file:dir rw_dir_perms;
|
||||
allow vendor_init wifi_data_file:file create_file_perms;
|
||||
allow vendor_init system_data_file:lnk_file unlink;
|
||||
allow vendor_init wcnss_device:chr_file write;
|
||||
allow vendor_init wcnss_device:chr_file open;
|
||||
allow vendor_init firmware_file:dir create;
|
||||
allow vendor_init firmware_file:dir setattr;
|
||||
allow vendor_init bluetooth_data_file:file setattr;
|
||||
|
|
@ -2,6 +2,8 @@ allow vold efs_file:dir rw_dir_perms;
|
|||
allow vold efs_file:file create;
|
||||
allow vold persist_data_file:dir { open read };
|
||||
|
||||
allow vold hal_bootctl_hwservice:hwservice_manager find;
|
||||
|
||||
allow vold {
|
||||
block_device
|
||||
cache_block_device
|
||||
|
|
|
|||
|
|
@ -1 +1,3 @@
|
|||
allow webview_zygote zygote:unix_dgram_socket write;
|
||||
|
||||
allow webview_zygote app_data_file:dir getattr;
|
||||
|
|
|
|||
|
|
@ -15,5 +15,6 @@
|
|||
#
|
||||
|
||||
include device/qcom/sepolicy-legacy/sepolicy.mk
|
||||
|
||||
BOARD_SEPOLICY_DIRS += \
|
||||
device/samsung/msm8226-common/sepolicy/common
|
||||
|
|
|
|||
Loading…
Reference in New Issue