universal7870: update sepolicy (wip)

2025-09-06 08:18:06 -04:00 · 2020-03-26 11:38:15 +01:00 · 2020-03-26 11:38:15 +01:00 · 4cd64b76bd
commit 4cd64b76bd
parent 841f56ecbf
46 changed files with 515 additions and 184 deletions
--- a/sepolicy/kernel.te
+++ b/sepolicy/kernel.te
@ -1,29 +1,27 @@
 allow kernel self:capability { chown mknod };
+dontaudit kernel kernel:capability { dac_override dac_read_search };

 # /dev/mbin0
 allow kernel emmcblk_device:blk_file r_file_perms;
 allow kernel device:blk_file { create setattr getattr unlink };
-
 # /bus/usb/001/001
 allow kernel device:dir { create write remove_name rmdir add_name };
 allow kernel device:chr_file { create setattr getattr unlink };

 # /sys/devices/system/cpu/cpu[0-9]/cpufreq/*
 allow kernel sysfs_devices_system_cpu:file { setattr };
-allow kernel sysfs:file { setattr open };
+allow kernel sysfs:file { setattr };

 # /efs contents
 allow kernel { app_efs_file battery_efs_file efs_file sensor_efs_file }:dir r_dir_perms;
 allow kernel { app_efs_file battery_efs_file efs_file sensor_efs_file }:file rw_file_perms;

-allow kernel sysfs_sec:dir search;
-allow kernel sysfs_sec:lnk_file read;
-
-allow kernel device:blk_file { create setattr };
-
 # /efs/wifi/.mac.info
 allow kernel wifi_efs_file:dir r_dir_perms;
 allow kernel wifi_efs_file:file r_file_perms;

 # /data/misc/conn/.wifiver.info
 allow kernel wifi_data_file:file rw_file_perms;
+
+# sysfs_lcd
+allow kernel sysfs_lcd:file { open read };