mirror of
https://github.com/AetherDroid/android_device_samsung_universal7570-common.git
synced 2025-09-04 23:47:47 -04:00
universal7570: sepolicy: Update for exynos 7570
* I still don't know how to import these from stock * So I 'kang' from https://github.com/Yilliee/android_device_samsung_on5xelte , hehe Change-Id: I093d4b91602f1b26750f41bd9b9c056e707dd12d
This commit is contained in:
Hendra Manudinata
parent
926337f331
commit
602b4e4005
53 changed files with 58 additions and 1095 deletions
9
sepolicy/audioloader.te
Normal file
9
sepolicy/audioloader.te
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
type audioloader, domain, coredomain;
|
||||
type audioloader_exec, exec_type, file_type;
|
||||
init_daemon_domain(audioloader)
|
||||
|
||||
binder_use(audioloader)
|
||||
binder_call(audioloader, audioserver)
|
||||
binder_call(audioserver, audioloader)
|
||||
|
||||
allow audioloader audioserver_service:service_manager find;
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
# Allow rild to connect to gpsd
|
||||
# unix_socket_connect(audioserver, property, rild)
|
||||
|
||||
# /efs/maxim
|
||||
r_dir_file(audioserver, efs_file);
|
||||
r_dir_file(audioserver, sec_efs_file);
|
||||
|
||||
# TFA98xx amplifier
|
||||
allow audioserver amplifier_device:chr_file rw_file_perms;
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# /dev/ttySAC3
|
||||
allow bluetooth bluetooth_device:chr_file rw_file_perms ;
|
||||
allow hal_bluetooth_default bluetooth_device:chr_file rw_file_perms;
|
||||
|
||||
# /data/.cid.info
|
||||
allow bluetooth wifi_data_file:file r_file_perms;
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
# /dev/m2m1shot_jpeg
|
||||
allow cameraserver camera_device:chr_file rw_file_perms;
|
||||
|
||||
# /sys/devices/virtual/camera/*/*_camfw
|
||||
allow cameraserver sysfs_camera:dir search;
|
||||
allow cameraserver sysfs_camera:file rw_file_perms;
|
||||
|
||||
# /data/camera/ISP_CV
|
||||
allow cameraserver camera_data_file:file r_file_perms;
|
||||
|
||||
# /data/media(/.*)?
|
||||
r_dir_file(cameraserver, media_rw_data_file);
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow charger sysfs_usb_supply:file rw_file_perms;
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
# modem daemon sec label
|
||||
type cpboot-daemon, domain;
|
||||
type cpboot-daemon_exec, exec_type, file_type, vendor_file_type;
|
||||
|
||||
net_domain(cpboot-daemon)
|
||||
init_daemon_domain(cpboot-daemon)
|
||||
wakelock_use(cpboot-daemon)
|
||||
set_prop(cpboot-daemon, modemloader_prop)
|
||||
|
||||
allow cpboot-daemon self:capability { setuid setgid };
|
||||
|
||||
# FIXME neverallow rule
|
||||
# allow cpboot-daemon self:capability mknod;
|
||||
allow cpboot-daemon kernel:system syslog_read;
|
||||
allow cpboot-daemon cgroup:dir create_dir_perms;
|
||||
|
||||
# /dev/log/*
|
||||
#allow cpboot-daemon log_device:dir r_dir_perms;
|
||||
#allow cpboot-daemon log_device:chr_file rw_file_perms;
|
||||
# /dev/kmsg (write to kernel log)
|
||||
allow cpboot-daemon kmsg_device:chr_file rw_file_perms;
|
||||
|
||||
# /dev/umts_boot0
|
||||
allow cpboot-daemon mif_device:chr_file rw_file_perms;
|
||||
# /dev/mbin0
|
||||
allow cpboot-daemon emmcblk_device:blk_file r_file_perms;
|
||||
# /dev/spi_boot_link
|
||||
allow cpboot-daemon radio_device:chr_file rw_file_perms;
|
||||
# /dev/block/mmcblk0p13
|
||||
allow cpboot-daemon block_device:dir r_dir_perms;
|
||||
allow cpboot-daemon radio_block_device:blk_file r_file_perms;
|
||||
|
||||
# /dev/mipi-lli/lli_control
|
||||
allow cpboot-daemon sysfs_mipi:file rw_file_perms;
|
||||
|
||||
# /efs
|
||||
allow cpboot-daemon efs_file:dir r_dir_perms;
|
||||
|
||||
# /efs/nv_data.bin
|
||||
allow cpboot-daemon bin_nv_data_efs_file:file rw_file_perms;
|
||||
allow cpboot-daemon efs_file:file rw_file_perms;
|
||||
|
||||
# /proc permissions
|
||||
allow cpboot-daemon proc_cmdline:file r_file_perms;
|
||||
allow cpboot-daemon proc_dt_firmware:dir search;
|
||||
allow cpboot-daemon proc_dt_firmware:file { open read };
|
||||
|
||||
# set properties on boot
|
||||
set_prop(cpboot-daemon, cpboot-daemon_prop)
|
||||
set_prop(cpboot-daemon, radio_prop)
|
||||
set_prop(cpboot-daemon, system_prop)
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
# /dev/ttySAC3
|
||||
type bluetooth_device, dev_type;
|
||||
|
||||
# /dev/block/mmcblk0p[0-9] (/dev/mbin0)
|
||||
type emmcblk_device, file_type;
|
||||
|
||||
# Radio block device mounted on /efs.
|
||||
type radio_block_device, dev_type;
|
||||
|
||||
# /dev/umts_boot*, /dev/ehci_power
|
||||
type mif_device, dev_type;
|
||||
|
||||
# /dev/rfkill
|
||||
type rfkill_device, dev_type;
|
||||
|
||||
# /dev/s5p-smem
|
||||
type secmem_device, dev_type;
|
||||
|
||||
# /dev/bbd*, /dev/ttyBCM[0-9]*
|
||||
type bbd_device, dev_type;
|
||||
|
||||
# /dev/vfsspi
|
||||
type fingerprint_device, dev_type;
|
||||
|
||||
# /dev/batch_io
|
||||
type sensor_device, dev_type;
|
||||
|
||||
# /dev/i2c-20 - TFA98xx amplifier
|
||||
type amplifier_device, dev_type;
|
||||
|
||||
# /dev/knox_kap
|
||||
type knox_device, dev_type;
|
||||
|
||||
# GPS
|
||||
type gps_device, dev_type;
|
||||
|
|
@ -1,65 +0,0 @@
|
|||
### efs types
|
||||
type app_efs_file, file_type;
|
||||
type battery_efs_file, file_type;
|
||||
type baro_delta_factoryapp_efs_file, file_type;
|
||||
type bin_nv_data_efs_file, file_type;
|
||||
type sec_efs_file, file_type;
|
||||
|
||||
# widewine, drm
|
||||
type cpk_efs_file, file_type;
|
||||
type drm_efs_file, file_type;
|
||||
type factorymode_factoryapp_efs_file, file_type;
|
||||
type imei_efs_file, file_type;
|
||||
type prov_efs_file, file_type;
|
||||
type radio_factoryapp_efs_file, file_type;
|
||||
type sensor_efs_file, file_type;
|
||||
type sensor_factoryapp_efs_file, file_type;
|
||||
type wifi_efs_file, file_type;
|
||||
|
||||
# gps
|
||||
type gps_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type gps_socket, file_type;
|
||||
|
||||
# proc
|
||||
type proc_vm, fs_type, proc_type;
|
||||
type proc_dt_firmware, fs_type, proc_type;
|
||||
type proc_reset_reason, fs_type, proc_type;
|
||||
type proc_simslot_count, fs_type, proc_type;
|
||||
type proc_input_devices, fs_type, proc_type;
|
||||
type proc_sec, fs_type, proc_type;
|
||||
|
||||
### sysfs types
|
||||
#type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_mdnie, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_mipi, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_multipdp, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_sec, fs_type, sysfs_type, fs_type, mlstrustedobject;
|
||||
type sysfs_sensors, fs_type, sysfs_type, fs_type, mlstrustedobject;
|
||||
type sysfs_input, fs_type, sysfs_type, fs_type, mlstrustedobject;
|
||||
type sysfs_camera, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_gps, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_light, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_wifi, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_usb_supply, sysfs_type, fs_type, mlstrustedobject;
|
||||
type sysfs_mmc, sysfs_type, fs_type, mlstrustedobject;
|
||||
type sysfs_graphics, sysfs_type, fs_type, mlstrustedobject;
|
||||
type sysfs_ion, sysfs_type, fs_type, mlstrustedobject;
|
||||
type sysfs_block, sysfs_type, fs_type, mlstrustedobject;
|
||||
type sysfs_jack, sysfs_type, fs_type, mlstrustedobject;
|
||||
type sysfs_v4l, sysfs_type, fs_type, mlstrustedobject;
|
||||
type sysfs_sswap, sysfs_type, fs_type, mlstrustedobject;
|
||||
|
||||
### data types
|
||||
type biometrics_vendor_data_file, file_type, data_file_type;
|
||||
type camera_vendor_data_file, file_type, data_file_type;
|
||||
type conn_vendor_data_file, file_type, data_file_type;
|
||||
type display_vendor_data_file, file_type, data_file_type;
|
||||
type gk_vendor_data_file, file_type, data_file_type;
|
||||
type gps_vendor_data_file, file_type, data_file_type;
|
||||
type log_vendor_data_file, file_type, data_file_type;
|
||||
type log_cbd_vendor_data_file, file_type, data_file_type;
|
||||
type media_vendor_data_file, file_type, data_file_type;
|
||||
type mediadrm_vendor_data_file, file_type, data_file_type;
|
||||
type radio_vendor_data_file, file_type, data_file_type;
|
||||
type sswap_vendor_data_file, file_type, data_file_type;
|
||||
type wifi_vendor_data_file, file_type, data_file_type;
|
||||
|
|
@ -1,221 +1,22 @@
|
|||
##########################
|
||||
# Devices
|
||||
#
|
||||
/dev/mali[0-9]* u:object_r:gpu_device:s0
|
||||
# Audio
|
||||
/system/bin/audioloader u:object_r:audioloader_exec:s0
|
||||
/system/etc/usb_audio_policy_configuration.xml u:object_r:vendor_configs_file:s0
|
||||
|
||||
/dev/bcm2079x u:object_r:nfc_device:s0
|
||||
/dev/sec-nfc u:object_r:nfc_device:s0
|
||||
# Bluetooth
|
||||
/sys/devices/platform/bluetooth/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
|
||||
/sys/devices/platform/bluetooth/rfkill/rfkill0/type u:object_r:sysfs_bluetooth_writable:s0
|
||||
|
||||
/dev/ttySAC3 u:object_r:bluetooth_device:s0
|
||||
# Block device for ZRAM
|
||||
/dev/block/zram0 u:object_r:swap_block_device:s0
|
||||
|
||||
/dev/s5p-smem u:object_r:secmem_device:s0
|
||||
/dev/mobicore u:object_r:tee_device:s0
|
||||
/dev/mobicore-user u:object_r:tee_device:s0
|
||||
# LPM
|
||||
/system/bin/lpm u:object_r:lpm_exec:s0
|
||||
|
||||
/dev/v4l-subdev[0-9]* u:object_r:video_device:s0
|
||||
/dev/m2m1shot_scaler[0-9]* u:object_r:video_device:s0
|
||||
/dev/media[0-3]* u:object_r:camera_device:s0
|
||||
/dev/m2m1shot_jpeg u:object_r:camera_device:s0
|
||||
# Power HAL
|
||||
/system/bin/hw/android.hardware\.power@1\.0-service\.7570 u:object_r:hal_power_7570_exec:s0
|
||||
|
||||
/dev/__cbd_msg_ u:object_r:mif_device:s0
|
||||
/dev/umts.* u:object_r:mif_device:s0
|
||||
/dev/ehci_power u:object_r:mif_device:s0
|
||||
/dev/mipi-lli/lli_control u:object_r:mif_device:s0
|
||||
# Lights HAL
|
||||
/system/bin/hw/android.hardware\.light@2\.0-service\.7570 u:object_r:hal_light_7570_exec:s0
|
||||
|
||||
/dev/ttyBCM[0-9]* u:object_r:bbd_device:s0
|
||||
/dev/ttySAC[0-9]* u:object_r:bluetooth_device:s0
|
||||
#/dev/ttySAC0 u:object_r:hci_attach_dev:s0
|
||||
|
||||
/dev/block/vnswap0 u:object_r:sswap_device:s0
|
||||
|
||||
/dev/block/mmcblk0p[0-9]* u:object_r:emmcblk_device:s0
|
||||
|
||||
#/dev/block/platform/13540000.dwmmc0/by-name/EFS u:object_r:efs_block_device:s0
|
||||
#/dev/block/platform/13540000.dwmmc0/by-name/CPEFS u:object_r:sec_efs_file:s0
|
||||
#/dev/block/platform/13540000.dwmmc0/by-name/RADIO u:object_r:radio_block_device:s0
|
||||
|
||||
/dev/rfkill u:object_r:rfkill_device:s0
|
||||
|
||||
/dev/bbd_control u:object_r:bbd_device:s0
|
||||
/dev/bbd_packet u:object_r:bbd_device:s0
|
||||
/dev/bbd_patch u:object_r:bbd_device:s0
|
||||
/dev/bbd_reliable u:object_r:bbd_device:s0
|
||||
/dev/bbd_sensor u:object_r:bbd_device:s0
|
||||
/dev/bbd_sio u:object_r:bbd_device:s0
|
||||
#/dev/ttyBCM[0-9]* u:object_r:bbd_device:s0
|
||||
|
||||
/dev/esfp0 u:object_r:fingerprint_device:s0
|
||||
/dev/vfsspi u:object_r:fingerprint_device:s0
|
||||
|
||||
/dev/batch_io u:object_r:sensor_device:s0
|
||||
/dev/ssp_sensorhub u:object_r:sensor_device:s0
|
||||
|
||||
# TFA98xx amplifier
|
||||
/dev/i2c-0 u:object_r:amplifier_device:s0
|
||||
|
||||
# Knox status
|
||||
/dev/knox_kap u:object_r:knox_device:s0
|
||||
|
||||
####################################
|
||||
# efs files
|
||||
/efs/FactoryApp(/.*)? u:object_r:app_efs_file:s0
|
||||
/efs/FactoryApp/baro_delta u:object_r:baro_delta_factoryapp_efs_file:s0
|
||||
/efs/FactoryApp/factorymode u:object_r:factorymode_factoryapp_efs_file:s0
|
||||
/efs/FactoryApp/fdata u:object_r:radio_factoryapp_efs_file:s0
|
||||
/efs/FactoryApp/hist_nv u:object_r:radio_factoryapp_efs_file:s0
|
||||
/efs/FactoryApp/prox_cal u:object_r:sensor_factoryapp_efs_file:s0
|
||||
/efs/FactoryApp/test_nv u:object_r:radio_factoryapp_efs_file:s0
|
||||
|
||||
/efs/Battery(/.*)? u:object_r:battery_efs_file:s0
|
||||
/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
|
||||
/efs/drm(/.*)? u:object_r:drm_efs_file:s0
|
||||
/efs/gyro_cal_data u:object_r:sensor_efs_file:s0
|
||||
/efs/h2k\.dat u:object_r:cpk_efs_file:s0
|
||||
/efs/imei(/.*)? u:object_r:imei_efs_file:s0
|
||||
/efs/nv_data.bin(.*) u:object_r:bin_nv_data_efs_file:s0
|
||||
/efs/nv.log u:object_r:bin_nv_data_efs_file:s0
|
||||
/efs/\.nv_core\.bak(.*) u:object_r:bin_nv_data_efs_file:s0
|
||||
/efs/prov(/.*)? u:object_r:prov_efs_file:s0
|
||||
/efs/prov_data(/.*)? u:object_r:prov_efs_file:s0
|
||||
/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
|
||||
/efs/wv\.keys u:object_r:cpk_efs_file:s0
|
||||
/cpefs(/.*)? u:object_r:sec_efs_file:s0
|
||||
|
||||
####################################
|
||||
# data files
|
||||
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
|
||||
/data/\.cid\.info u:object_r:wifi_data_file:s0
|
||||
/data/misc/conn/\.wifiver\.info u:object_r:wifi_data_file:s0
|
||||
/data/misc/radio(/.*)? u:object_r:radio_data_file:s0
|
||||
|
||||
# gps
|
||||
/data/system/gps(/.*)? u:object_r:gps_data_file:s0
|
||||
/data/gps/ctrlpipe u:object_r:gps_data_file:s0
|
||||
/data/gps/\.gpslogd\.pipe u:object_r:gps_data_file:s0
|
||||
/data/gps/nmeapipe u:object_r:gps_data_file:s0
|
||||
|
||||
/data/biometrics(/.*)? u:object_r:fingerprintd_data_file:s0
|
||||
|
||||
# camera
|
||||
/data/camera/ISP_CV u:object_r:camera_data_file:s0
|
||||
|
||||
# vendor
|
||||
/data/vendor/biometrics(/.*)? u:object_r:biometrics_vendor_data_file:s0
|
||||
/data/vendor/conn(/.*)? u:object_r:conn_vendor_data_file:s0
|
||||
/data/vendor/gps(/.*)? u:object_r:gps_vendor_data_file:s0
|
||||
/data/vendor/wifi(/.*)? u:object_r:wifi_vendor_data_file:s0
|
||||
/data/vendor/log(/.*)? u:object_r:log_vendor_data_file:s0
|
||||
/data/vendor/log/cbd(/.*)? u:object_r:log_cbd_vendor_data_file:s0
|
||||
/data/vendor/secradio(/.*)? u:object_r:radio_vendor_data_file:s0
|
||||
|
||||
/data/vendor/camera(/.*)? u:object_r:camera_vendor_data_file:s0
|
||||
/data/vendor/display(/.*)? u:object_r:display_vendor_data_file:s0
|
||||
/data/vendor/media(/.*)? u:object_r:media_vendor_data_file:s0
|
||||
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
|
||||
/data/vendor/gk(/.*)? u:object_r:gk_vendor_data_file:s0
|
||||
/data/camera(/.*)? u:object_r:camera_data_file:s0
|
||||
|
||||
####################################
|
||||
# sysfs files
|
||||
#/sys/class/power_supply/battery/music -- u:object_r:sysfs_writable:s0
|
||||
#/sys/class/devfreq/exynos5-busfreq-mif(/.*)? -- u:object_r:sysfs_writable:s0
|
||||
#/sys/class/lcd(/.*)? -- u:object_r:sysfs_writable:s0
|
||||
|
||||
# bluetooth
|
||||
/sys/devices/bluetooth.[0-9]*/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
|
||||
/sys/devices/bluetooth.[0-9]*/rfkill/rfkill0/type u:object_r:sysfs_bluetooth_writable:s0
|
||||
/sys/class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
|
||||
/sys/class/rfkill/rfkill0/type u:object_r:sysfs_bluetooth_writable:s0
|
||||
|
||||
# CP device
|
||||
/dev/spi_boot_link u:object_r:radio_device:s0
|
||||
|
||||
# cbd
|
||||
/sys/devices/10f24000.mipi-lli/lli_control u:object_r:sysfs_mipi:s0
|
||||
|
||||
# efs
|
||||
#/cpefs(/.*)? u:object_r:sec_efs_file:s0
|
||||
#/efs/Battery(/.*)? u:object_r:battery_efs_file:s0
|
||||
#/efs/DAK(/.*)? u:object_r:prov_efs_file:s0
|
||||
#/efs/afc(/.*)? u:object_r:sec_efs_file:s0
|
||||
#/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
|
||||
#/efs/cpk(/.*)? u:object_r:cpk_efs_file:s0
|
||||
#/efs/imei(/.*)? u:object_r:imei_efs_file:s0
|
||||
#/efs/nfc(/.*)? u:object_r:nfc_efs_file:s0
|
||||
#/efs/nv_data\.bin(.*) u:object_r:bin_nv_data_efs_file:s0
|
||||
#/efs/pfw_data(/.*)? u:object_r:pfw_efs_file:s0
|
||||
#/efs/prov(/.*)? u:object_r:prov_efs_file:s0
|
||||
#/efs/prov_data(/.*)? u:object_r:prov_efs_file:s0
|
||||
#/efs/root(/.*)? u:object_r:app_efs_file:s0
|
||||
#/efs/tee(/.*)? u:object_r:tee_efs_file:s0
|
||||
#/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
|
||||
|
||||
/mnt/vendor/efs(/.*)? u:object_r:efs_file:s0
|
||||
/mnt/vendor/efs/DAK(/.*)? u:object_r:prov_efs_file:s0
|
||||
/mnt/vendor/efs/afc(/.*)? u:object_r:sec_efs_file:s0
|
||||
/mnt/vendor/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
|
||||
/mnt/vendor/efs/cpk(/.*)? u:object_r:cpk_efs_file:s0
|
||||
/mnt/vendor/efs/imei(/.*)? u:object_r:imei_efs_file:s0
|
||||
/mnt/vendor/efs/nv_data\.bin(.*) u:object_r:bin_nv_data_efs_file:s0
|
||||
#/mnt/vendor/efs/pfw_data(/.*)? u:object_r:pfw_efs_file:s0
|
||||
/mnt/vendor/efs/prov(/.*)? u:object_r:prov_efs_file:s0
|
||||
/mnt/vendor/efs/prov_data(/.*)? u:object_r:prov_efs_file:s0
|
||||
/mnt/vendor/efs/root(/.*)? u:object_r:app_efs_file:s0
|
||||
#/mnt/vendor/efs/tee(/.*)? u:object_r:tee_efs_file:s0
|
||||
/mnt/vendor/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
|
||||
|
||||
# gps
|
||||
/sys/class/sec/gps u:object_r:sysfs_gps:s0
|
||||
/sys/devices/soc0/machine u:object_r:sysfs_gps:s0
|
||||
/sys/devices/soc0/revision u:object_r:sysfs_gps:s0
|
||||
/sys/devices/139c0000.pinctrl/gpio/gpio137/value u:object_r:sysfs_gps:s0
|
||||
|
||||
# rild
|
||||
/sys/devices/virtual/misc/multipdp(/.*) u:object_r:sysfs_multipdp:s0
|
||||
/dev/socket/rild2 u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-debug2 u:object_r:rild_debug_socket:s0
|
||||
|
||||
# mDNIe
|
||||
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/accessibility u:object_r:sysfs_mdnie:s0
|
||||
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/mode u:object_r:sysfs_mdnie:s0
|
||||
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/scenario u:object_r:sysfs_mdnie:s0
|
||||
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/lux u:object_r:sysfs_mdnie:s0
|
||||
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/sensorRGB u:object_r:sysfs_mdnie:s0
|
||||
|
||||
# Lights
|
||||
/sys/devices/virtual/sec/sec_touchkey/brightness u:object_r:sysfs_light:s0
|
||||
/sys/devices/14800000.dsim/backlight/panel(/.*)? u:object_r:sysfs_light:s0
|
||||
/sys/class/leds(/.*)? u:object_r:sysfs_light:s0
|
||||
/sys/devices/virtual/sec/led(/.*)? u:object_r:sysfs_light:s0
|
||||
/sys/class/lcd/panel/power_reduce u:object_r:sysfs_light:s0
|
||||
/sys/devices/i2c.24/i2c-6/6-0030/leds(/.*)? u:object_r:sysfs_light:s0
|
||||
|
||||
# Wifi
|
||||
/sys/module/dhd/parameters/firmware_path u:object_r:sysfs_wifi:s0
|
||||
|
||||
####################################
|
||||
# deamons
|
||||
#
|
||||
|
||||
/(vendor|system/vendor)/bin/mcDriverDaemon u:object_r:tee_exec:s0
|
||||
/(vendor|system/vendor)/bin/modemloader u:object_r:modemloader_exec:s0
|
||||
/(vendor|system/vendor)/bin/wifiloader u:object_r:wifiloader_exec:s0
|
||||
|
||||
/(vendor|system/vendor)/bin/cbd u:object_r:cpboot-daemon_exec:s0
|
||||
/(vendor|system/vendor)/bin/gpsd u:object_r:gpsd_exec:s0
|
||||
/(vendor|system/vendor)/bin/sswap u:object_r:sswap_exec:s0
|
||||
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service\.samsung-exynos u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.samsung u:object_r:hal_lineage_touch_default_exec:s0
|
||||
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.widevine u:object_r:hal_drm_widevine_exec:s0
|
||||
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.samsung u:object_r:hal_light_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.samsung u:object_r:hal_fingerprint_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service\.exynos u:object_r:hal_power_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@2\.0-service\.samsung u:object_r:hal_thermal_default_exec:s0
|
||||
|
||||
# Samsung proprietaries
|
||||
/(vendor|system/vendor)/bin/hw/sec\.android\.hardware\.nfc@1\.2-service u:object_r:hal_nfc_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.samsung\.hardware\.gnss@2\.0-service u:object_r:hal_gnss_default_exec:s0
|
||||
# Vibrator HAL
|
||||
/system/bin/hw/android.hardware\.vibrator@1\.0-service\.7570 u:object_r:hal_vibrator_7570_exec:s0
|
||||
|
|
|
|||
|
|
@ -1,16 +0,0 @@
|
|||
# allow hal_fingerprint_default to communicate with various devices
|
||||
binder_call(system_app, hal_fingerprint_default)
|
||||
|
||||
# kernel fp device
|
||||
allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
|
||||
|
||||
# secure memory device
|
||||
allow hal_fingerprint_default secmem_device:chr_file rw_file_perms;
|
||||
|
||||
# trust zone device
|
||||
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default tee:unix_stream_socket connectto;
|
||||
|
||||
# /data/biometrics/*
|
||||
# allow hal_fingerprint_default fingerprintd_data_file:dir create_dir_perms;
|
||||
# allow hal_fingerprint_default fingerprintd_data_file:file create_file_perms;
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
# /dev/block/mmcblk0p[0-9]*
|
||||
allow fsck emmcblk_device:blk_file rw_file_perms;
|
||||
allowxperm fsck emmcblk_device:blk_file ioctl { BLKDISCARDZEROES BLKROGET };
|
||||
|
|
@ -1,115 +0,0 @@
|
|||
genfscon proc /device-tree u:object_r:proc_dt_firmware:s0
|
||||
|
||||
genfscon proc /sys/vm/dirty_ratio u:object_r:proc_vm:s0
|
||||
genfscon proc /sys/vm/dirty_bytes u:object_r:proc_vm:s0
|
||||
genfscon proc /sys/vm/dirty_background_bytes u:object_r:proc_vm:s0
|
||||
genfscon proc /sys/vm/min_free_kbytes u:object_r:proc_vm:s0
|
||||
|
||||
genfscon proc /sys/vm/swappiness u:object_r:proc_vm:s0
|
||||
genfscon proc /sys/vm/vfs_cache_pressure u:object_r:proc_vm:s0
|
||||
|
||||
genfscon proc /reset_reason u:object_r:proc_reset_reason:s0
|
||||
genfscon proc /simslot_count u:object_r:proc_simslot_count:s0
|
||||
|
||||
genfscon proc /bus/input/devices u:object_r:proc_input_devices:s0
|
||||
|
||||
# SEC devices
|
||||
genfscon proc /sec_log u:object_r:proc_sec:s0
|
||||
#genfscon sysfs /class/sec u:object_r:sysfs_sec:s0
|
||||
|
||||
# Power supply devices
|
||||
genfscon sysfs /devices/battery.20/power_supply u:object_r:sysfs_usb_supply:s0
|
||||
genfscon sysfs /devices/i2c.26/i2c-8/8-0034/s2mu003-charger/power_supply u:object_r:sysfs_usb_supply:s0
|
||||
genfscon sysfs /devices/13890000.hsi2c/i2c-2/2-0035/power_supply u:object_r:sysfs_usb_supply:s0
|
||||
genfscon sysfs /devices/platform/htc_battery/power_supply/ps u:object_r:sysfs_usb_supply:s0
|
||||
|
||||
# Input devices
|
||||
genfscon sysfs /devices/virtual/sec/sec_touchkey u:object_r:sysfs_input:s0
|
||||
genfscon sysfs /devices/virtual/sec/sec_key u:object_r:sysfs_input:s0
|
||||
genfscon sysfs /devices/virtual/sec/tsp u:object_r:sysfs_input:s0
|
||||
genfscon sysfs /devices/virtual/secgpio_check u:object_r:sysfs_input:s0
|
||||
genfscon sysfs /devices/virtual/input u:object_r:sysfs_input:s0
|
||||
|
||||
# A3 power devices
|
||||
genfscon sysfs /devices/i2c.21/i2c-4/4-0035/power_supply u:object_r:sysfs_usb_supply:s0
|
||||
genfscon sysfs /devices/13890000.hsi2c/i2c-2/2-0034/s2mu003-charger/power_supply u:object_r:sysfs_usb_supply:s0
|
||||
|
||||
# A3 Input devices
|
||||
genfscon sysfs /devices/13850000.i2c/i2c-10/10-0050/input/input3 u:object_r:sysfs_input:s0
|
||||
genfscon sysfs /devices/i2c.23/i2c-5/5-0020/input/input2 u:object_r:sysfs_input:s0
|
||||
|
||||
# A5 power supply devices
|
||||
genfscon sysfs /devices/battery.43/power_supply u:object_r:sysfs_usb_supply:s0
|
||||
genfscon sysfs /devices/i2c.42/i2c-7/7-0071/power_supply u:object_r:sysfs_usb_supply:s0
|
||||
genfscon sysfs /devices/13890000.hsi2c/i2c-2/2-0049/sm5705-charger/power_supply u:object_r:sysfs_usb_supply:s0
|
||||
|
||||
# A5 Input devices
|
||||
genfscon sysfs /devices/13850000.i2c/i2c-10/10-0020/input/input3 u:object_r:sysfs_input:s0
|
||||
genfscon sysfs /devices/i2c.20/i2c-4/4-0020/input/input2 u:object_r:sysfs_input:s0
|
||||
genfscon sysfs /devices/virtual/fingerprint/fingerprint u:object_r:sysfs_input:s0
|
||||
|
||||
# S5 NEO Input devices
|
||||
genfscon sysfs /devices/13860000.i2c/i2c-11/11-0048/input/input2 u:object_r:sysfs_input:s0
|
||||
genfscon sysfs /devices/i2c.22/i2c-4/4-0020/input/input1 u:object_r:sysfs_input:s0
|
||||
|
||||
# SEC GPIO input devices
|
||||
genfscon sysfs /class/secgpio_check/secgpio_check_all/gpioinit_check u:object_r:sysfs_input:s0
|
||||
genfscon sysfs /class/secgpio_check/secgpio_check_all/gpiosleep_check u:object_r:sysfs_input:s0
|
||||
genfscon sysfs /class/secgpio_check/secgpio_check_all/checked_sleepGPIO u:object_r:sysfs_input:s0
|
||||
|
||||
# Input booster
|
||||
genfscon sysfs /class/input_booster/level u:object_r:sysfs_input:s0
|
||||
genfscon sysfs /class/input_booster/head u:object_r:sysfs_input:s0
|
||||
genfscon sysfs /class/input_booster/tail u:object_r:sysfs_input:s0
|
||||
|
||||
# Swap
|
||||
genfscon sysfs /devices/virtual/block/vnswap0 u:object_r:sysfs_sswap:s0
|
||||
|
||||
# CPU/Scheduler devices
|
||||
genfscon sysfs /power/cpufreq_table u:object_r:sysfs_devices_system_cpu:s0
|
||||
genfscon sysfs /power/cpufreq_min_limit u:object_r:sysfs_devices_system_cpu:s0
|
||||
genfscon sysfs /power/cpufreq_max_limit u:object_r:sysfs_devices_system_cpu:s0
|
||||
|
||||
genfscon sysfs /module/cpuidle/parameters/off u:object_r:sysfs_devices_system_cpu:s0
|
||||
genfscon sysfs /module/cpuidle_exynos64_smp/parameters/enable_mask u:object_r:sysfs_devices_system_cpu:s0
|
||||
|
||||
genfscon sysfs /module/workqueue/parameters/power_efficient u:object_r:sysfs_devices_system_cpu:s0
|
||||
|
||||
# Camera
|
||||
genfscon sysfs /devices/virtual/camera u:object_r:sysfs_camera:s0
|
||||
|
||||
# GPS
|
||||
genfscon sysfs /devices/virtual/sec/gps u:object_r:sysfs_gps:s0
|
||||
|
||||
# Audio sysfs
|
||||
genfscon sysfs /devices/virtual/audio/earjack u:object_r:sysfs_jack:s0
|
||||
|
||||
# USB lun device
|
||||
genfscon sysfs /devices/13580000.usb/gadget/lun0 u:object_r:sysfs_android_usb:s0
|
||||
|
||||
# MMC block device cache files
|
||||
genfscon sysfs /devices/virtual/bdi/179:0/read_ahead_kb u:object_r:sysfs_block:s0
|
||||
genfscon sysfs /devices/virtual/bdi/179:32/read_ahead_kb u:object_r:sysfs_block:s0
|
||||
|
||||
# ION
|
||||
genfscon sysfs /devices/virtual/ion_cma u:object_r:sysfs_ion:s0
|
||||
|
||||
# Sensors
|
||||
genfscon sysfs /devices/virtual/sensors u:object_r:sysfs_sensors:s0
|
||||
genfscon sysfs /devices/13870000.hsi2c/i2c-0/0-0028/iio:device0 u:object_r:sysfs_sensors:s0
|
||||
genfscon sysfs /devices/13870000.hsi2c/i2c-0/0-0068/iio:device1 u:object_r:sysfs_sensors:s0
|
||||
genfscon sysfs /devices/13870000.hsi2c/i2c-0/0-002e/iio:device2 u:object_r:sysfs_sensors:s0
|
||||
|
||||
|
||||
genfscon sysfs /devices/13540000.dwmmc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_mmc:s0
|
||||
|
||||
genfscon sysfs /devices/virtual/net/rmnet0 u:object_r:sysfs_net:s0
|
||||
genfscon sysfs /devices/virtual/net/rmnet1 u:object_r:sysfs_net:s0
|
||||
genfscon sysfs /devices/virtual/net/rmnet2 u:object_r:sysfs_net:s0
|
||||
genfscon sysfs /devices/virtual/net/rmnet3 u:object_r:sysfs_net:s0
|
||||
|
||||
genfscon sysfs /devices/14830000.decon_fb u:object_r:sysfs_graphics:s0
|
||||
genfscon sysfs /devices/14800000.dsim u:object_r:sysfs_graphics:s0
|
||||
|
||||
# video4linux
|
||||
genfscon sysfs /devices/12800000.mfc0/video4linux u:object_r:sysfs_v4l:s0
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
type gpsd, domain, netdomain;
|
||||
type gpsd_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
# gpsd is started by init, type transit from init domain to gpsd domain
|
||||
init_daemon_domain(gpsd)
|
||||
|
||||
allow gpsd rild:unix_stream_socket connectto;
|
||||
|
||||
get_prop(gpsd, exported_radio_prop)
|
||||
get_prop(gpsd, exported_config_prop)
|
||||
|
||||
get_prop(gpsd, hwservicemanager_prop)
|
||||
hwbinder_use(gpsd)
|
||||
allow gpsd system_suspend_hwservice:hwservice_manager { find };
|
||||
allow gpsd fwk_sensor_hwservice:hwservice_manager { find };
|
||||
|
||||
binder_call(gpsd, system_suspend_server)
|
||||
binder_call(gpsd, system_server)
|
||||
binder_call(system_server, gpsd)
|
||||
|
||||
allow gpsd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
||||
allow gpsd self:{ tcp_socket udp_socket } create_stream_socket_perms;
|
||||
allow gpsd port:tcp_socket { name_bind name_connect };
|
||||
allow gpsd port:udp_socket name_bind;
|
||||
allow gpsd node:{ tcp_socket udp_socket } node_bind;
|
||||
|
||||
# /acct/tasks
|
||||
allow gpsd cgroup:file getattr;
|
||||
|
||||
# /dev/socket/fwmarkd
|
||||
allow gpsd fwmarkd_socket:sock_file write;
|
||||
|
||||
# /data/vendor/gps
|
||||
allow gpsd gps_vendor_data_file:dir rw_dir_perms;
|
||||
allow gpsd gps_vendor_data_file:file create_file_perms;
|
||||
allow gpsd gps_vendor_data_file:fifo_file create_file_perms;
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# /dev/ttySAC3
|
||||
allow hal_bluetooth_default bluetooth_device:chr_file rw_file_perms;
|
||||
|
||||
# /efs
|
||||
allow hal_bluetooth_default efs_file:dir search;
|
||||
r_dir_file(hal_bluetooth_default, bluetooth_efs_file)
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
allow hal_camera_default sysfs_camera:dir search;
|
||||
allow hal_camera_default sysfs_camera:file rw_file_perms;
|
||||
|
||||
allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find;
|
||||
|
||||
vndbinder_use(hal_camera_default)
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
# hal_drm_clearkey.te
|
||||
|
||||
type hal_drm_clearkey, domain;
|
||||
hal_server_domain(hal_drm_clearkey, hal_drm)
|
||||
|
||||
type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_drm_clearkey)
|
||||
|
||||
hwbinder_use(hal_drm_clearkey)
|
||||
get_prop(hal_drm_clearkey, hwservicemanager_prop)
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
vndbinder_use(hal_drm_default)
|
||||
|
||||
# /dev/s5p-smem
|
||||
allow hal_drm_default secmem_device:chr_file rw_file_perms;
|
||||
allow hal_drm_default tee:unix_stream_socket connectto;
|
||||
allow hal_drm_default efs_file:dir search;
|
||||
allow hal_drm_default cpk_efs_file:file r_file_perms;
|
||||
|
||||
allow hal_drm_default media_vendor_data_file:file create_file_perms;
|
||||
allow hal_drm_default media_vendor_data_file:dir create_dir_perms;
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
# hal_drm_widevine.te
|
||||
type hal_drm_widevine, domain;
|
||||
hal_server_domain(hal_drm_widevine, hal_drm)
|
||||
|
||||
type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_drm_widevine)
|
||||
|
||||
allow hal_drm_widevine mediacodec:fd use;
|
||||
allow hal_drm_widevine { appdomain -isolated_app }:fd use;
|
||||
|
||||
# /data/vendor/mediadrm/
|
||||
allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
|
||||
allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
|
||||
|
||||
# /dev/s5p-smem
|
||||
allow hal_drm_widevine secmem_device:chr_file rw_file_perms;
|
||||
|
||||
# /dev/tzdev
|
||||
#allow hal_drm_widevine tz_user_device:chr_file rw_file_perms;
|
||||
|
||||
# /efs/wv.keys
|
||||
allow hal_drm_widevine efs_file:dir search;
|
||||
allow hal_drm_widevine sec_efs_file:file r_file_perms;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow hal_fingerprint_default sysfs_input:dir search;
|
||||
allow hal_fingerprint_default sysfs_input:file rw_file_perms;
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
# hal_gnss_default.te
|
||||
|
||||
# cgroups tasks
|
||||
allow hal_gnss_default cgroup:file getattr;
|
||||
|
||||
# /data/vendor/gps
|
||||
allow hal_gnss_default gps_vendor_data_file:dir rw_dir_perms;
|
||||
allow hal_gnss_default gps_vendor_data_file:file create_file_perms;
|
||||
allow hal_gnss_default gps_vendor_data_file:fifo_file create_file_perms;
|
||||
|
||||
# /mnt/vendor
|
||||
allow hal_gnss_default mnt_vendor_file:dir search;
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# Graphics sysfs
|
||||
allow hal_graphics_composer_default sysfs_graphics:dir search;
|
||||
allow hal_graphics_composer_default sysfs_graphics:file rw_file_perms;
|
||||
|
||||
# uevent socket
|
||||
allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
||||
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
r_dir_file(hal_health_default, sysfs_usb_supply)
|
||||
allow hal_health_default sysfs_usb_supply:file rw_file_perms;
|
||||
7
sepolicy/hal_light_7570.te
Normal file
7
sepolicy/hal_light_7570.te
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
type hal_light_7570, domain, coredomain;
|
||||
hal_server_domain(hal_light_7570, hal_light)
|
||||
|
||||
type hal_light_7570_exec, exec_type, file_type;
|
||||
init_daemon_domain(hal_light_7570)
|
||||
|
||||
allow hal_light_7570 sysfs:file rw_file_perms;
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
allow hal_light_default sysfs_light:dir search;
|
||||
allow hal_light_default sysfs_light:file rw_file_perms;
|
||||
|
||||
allow hal_light_default sysfs_graphics:dir search;
|
||||
allow hal_light_default sysfs_graphics:file rw_file_perms;
|
||||
|
||||
allow hal_light_default sysfs_input:dir search;
|
||||
allow hal_light_default sysfs_input:lnk_file read;
|
||||
allow hal_light_default sysfs_input:file rw_file_perms;
|
||||
|
||||
allow hal_light_default sysfs_sec:dir search;
|
||||
allow hal_light_default sysfs_sec:lnk_file read;
|
||||
allow hal_light_default sysfs_sec:file rw_file_perms;
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
# Allow LiveDisplay to store files under /data/vendor/display and access them
|
||||
allow hal_lineage_livedisplay_sysfs display_vendor_data_file:dir rw_dir_perms;
|
||||
allow hal_lineage_livedisplay_sysfs display_vendor_data_file:file create_file_perms;
|
||||
|
||||
# Allow LiveDisplay to read and write to files in sysfs_graphics, sysfs_mdnie
|
||||
allow hal_lineage_livedisplay_sysfs {
|
||||
sysfs_graphics
|
||||
sysfs_mdnie
|
||||
}:dir search;
|
||||
|
||||
allow hal_lineage_livedisplay_sysfs {
|
||||
sysfs_graphics
|
||||
sysfs_mdnie
|
||||
}:file rw_file_perms;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow hal_lineage_touch_default sysfs_input:dir search;
|
||||
allow hal_lineage_touch_default sysfs_input:file rw_file_perms;
|
||||
9
sepolicy/hal_power_7570.te
Normal file
9
sepolicy/hal_power_7570.te
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
type hal_power_7570, domain, coredomain;
|
||||
hal_server_domain(hal_power_7570, hal_power)
|
||||
|
||||
type hal_power_7570_exec, exec_type, file_type;
|
||||
init_daemon_domain(hal_power_7570)
|
||||
|
||||
allow hal_power_7570 cgroup:file rw_file_perms;
|
||||
allow hal_power_7570 sysfs:file rw_file_perms;
|
||||
allow hal_power_7570 sysfs_devices_system_cpu:file rw_file_perms;
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
# Allow reading of sysfs nodes to find input devices
|
||||
allow hal_power_default sysfs:dir r_dir_perms;
|
||||
allow hal_power_default sysfs:file r_file_perms;
|
||||
|
||||
# Input devices
|
||||
allow hal_power_default sysfs_input:dir r_dir_perms;
|
||||
allow hal_power_default sysfs_input:file rw_file_perms;
|
||||
|
||||
# CPU devices
|
||||
allow hal_power_default sysfs_devices_system_cpu:dir search;
|
||||
allow hal_power_default sysfs_devices_system_cpu:file rw_file_perms;
|
||||
|
||||
# Lights
|
||||
allow hal_power_default sysfs_light:dir search;
|
||||
allow hal_power_default sysfs_light:file rw_file_perms;
|
||||
|
||||
# Graphics
|
||||
allow hal_power_default sysfs_graphics:dir search;
|
||||
allow hal_power_default sysfs_graphics:file rw_file_perms;
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
# hal_sensors_default.te
|
||||
|
||||
# cgroup tasks
|
||||
allow hal_sensors_default cgroup:file getattr;
|
||||
8
sepolicy/hal_vibrator_7570.te
Normal file
8
sepolicy/hal_vibrator_7570.te
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
type hal_vibrator_7570, domain, coredomain;
|
||||
hal_server_domain(hal_vibrator_7570, hal_vibrator)
|
||||
|
||||
type hal_vibrator_7570_exec, exec_type, file_type;
|
||||
init_daemon_domain(hal_vibrator_7570)
|
||||
|
||||
allow hal_vibrator_7570 sysfs:file rw_file_perms;
|
||||
allow hal_vibrator_7570 sysfs_vibrator:file rw_file_perms;
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
allow hal_wifi_default efs_file:dir search;
|
||||
|
||||
allow hal_wifi_default wifi_efs_file:dir search;
|
||||
allow hal_wifi_default wifi_efs_file:file r_file_perms;
|
||||
|
||||
# allow hal_wifi_default wifi_data_file:file r_file_perms;
|
||||
|
||||
allow hal_wifi_default sysfs_wifi:file write;
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
allow healthd rtc_device:chr_file rw_file_perms;
|
||||
|
||||
allow healthd sysfs_usb_supply:file rw_file_perms;
|
||||
102
sepolicy/init.te
102
sepolicy/init.te
|
|
@ -1,97 +1,5 @@
|
|||
# Mount debugfs on /sys/kernel/debug.
|
||||
allow init debugfs:dir mounton;
|
||||
|
||||
# Mount EFS on /efs
|
||||
allow init efs_file:dir mounton;
|
||||
|
||||
# Mount CPEFS on /cpefs
|
||||
allow init sec_efs_file:dir mounton;
|
||||
|
||||
# /dev/block/mmcblk0p[0-9]
|
||||
allow init emmcblk_device:blk_file rw_file_perms;
|
||||
|
||||
allow init block_device:lnk_file setattr;
|
||||
allow init tmpfs:lnk_file create_file_perms;
|
||||
|
||||
# /sys/class/power_supply/battery and /sys/class/android_usb/android0
|
||||
allow init sysfs_usb_supply:file { rw_file_perms setattr };
|
||||
|
||||
# /data
|
||||
allow init sdcardd_exec:file r_file_perms;
|
||||
|
||||
# sysfs iio:device[0-9]
|
||||
allow init sysfs:lnk_file setattr;
|
||||
|
||||
# sysfs ion device
|
||||
allow init sysfs_ion:file setattr;
|
||||
|
||||
# sysfs usb device
|
||||
allow init sysfs_android_usb:file setattr;
|
||||
|
||||
# read/chown mDNIE symlinks
|
||||
allow init sysfs_mdnie:lnk_file { r_file_perms setattr };
|
||||
allow init sysfs_mdnie:file rw_file_perms;
|
||||
|
||||
# read/chown camera firmware
|
||||
allow init sysfs_camera:file { relabelto setattr };
|
||||
allow init sysfs_camera:filesystem associate;
|
||||
|
||||
# WiFi firmware permissions
|
||||
allow init sysfs_wifi:file setattr;
|
||||
|
||||
# Input devices
|
||||
allow init sysfs_input:file { rw_file_perms setattr };
|
||||
|
||||
# BT permissions
|
||||
allow init sysfs_bluetooth_writable:file setattr;
|
||||
|
||||
# GPS permissions
|
||||
allow init sysfs_gps:lnk_file read;
|
||||
allow init sysfs_gps:file { rw_file_perms setattr };
|
||||
allow init gps_data_file:fifo_file write;
|
||||
allow init gps_data_file:file lock;
|
||||
allow init gps_device:chr_file { open read write };
|
||||
|
||||
# CPU permissions
|
||||
allow init sysfs_devices_system_cpu:file rw_file_perms;
|
||||
|
||||
# umts permissions
|
||||
allow init mif_device:chr_file rw_file_perms;
|
||||
|
||||
# sswap permissions
|
||||
allow init sswap_device:blk_file write;
|
||||
allow init sysfs_sswap:file { open write };
|
||||
|
||||
# Block device sysfs
|
||||
allow init sysfs_block:file rw_file_perms;
|
||||
|
||||
# Audio Jack
|
||||
allow init sysfs_jack:file setattr;
|
||||
|
||||
unix_socket_connect(init, property, rild)
|
||||
|
||||
# Allow access to /proc/device-tree nodes
|
||||
r_dir_file(init, proc_dt_firmware)
|
||||
|
||||
allow init sysfs_mmc:file { w_file_perms setattr };
|
||||
allow init sysfs_net:file rw_file_perms;
|
||||
allow init sysfs_graphics:file { rw_file_perms setattr };
|
||||
allow init sysfs_light:file { rw_file_perms setattr };
|
||||
allow init sysfs_light:lnk_file { rw_file_perms setattr };
|
||||
allow init sysfs_mdnie:file setattr;
|
||||
allow init sysfs_sec:file { rw_file_perms setattr };
|
||||
allow init sysfs_sec:lnk_file read;
|
||||
allow init sysfs_sensors:file { rw_file_perms setattr };
|
||||
allow init sysfs_sensors:lnk_file read;
|
||||
allow init sysfs_multipdp:file setattr;
|
||||
|
||||
# Proc files
|
||||
allow init proc_reset_reason:file { rw_file_perms setattr };
|
||||
allow init proc_vm:file rw_file_perms;
|
||||
allow init proc_simslot_count:file rw_file_perms;
|
||||
allow init proc_sec:file { rw_file_perms setattr };
|
||||
|
||||
# Sockets
|
||||
allow init socket_device:sock_file { read write getattr setattr create unlink };
|
||||
|
||||
# allow init hal_drm_hwservice:hwservice_manager add;
|
||||
allow init vendor_configs_file:file mounton;
|
||||
allow init vendor_overlay_file:dir mounton;
|
||||
allow init ram_device:blk_file write;
|
||||
allow init sysfs_zram:file { create_file_perms rw_file_perms };
|
||||
allow init sysfs_zram:dir rw_dir_perms;
|
||||
|
|
|
|||
|
|
@ -1,22 +1 @@
|
|||
allow kernel self:capability { chown mknod };
|
||||
|
||||
# /dev/mbin0
|
||||
allow kernel emmcblk_device:blk_file r_file_perms;
|
||||
|
||||
# /sys/devices/system/cpu/cpu[0-9]/cpufreq/*
|
||||
allow kernel sysfs_devices_system_cpu:file setattr;
|
||||
|
||||
# /efs contents
|
||||
allow kernel { app_efs_file battery_efs_file efs_file sensor_efs_file }:dir r_dir_perms;
|
||||
allow kernel { app_efs_file battery_efs_file efs_file sensor_efs_file }:file rw_file_perms;
|
||||
|
||||
# /efs/wifi/.mac.info
|
||||
r_dir_file(kernel, wifi_efs_file);
|
||||
|
||||
# /data/misc/conn/.wifiver.info
|
||||
allow kernel wifi_data_file:file rw_file_perms;
|
||||
|
||||
# Allow kernel to search tmpfs
|
||||
allow kernel tmpfs:dir search;
|
||||
|
||||
allow kernel self:capability sys_module;
|
||||
allow kernel vendor_file:file r_file_perms;
|
||||
|
|
|
|||
1
sepolicy/lpm.te
Normal file
1
sepolicy/lpm.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
type lpm_exec, exec_type, file_type;
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# /system/lib/omx/
|
||||
allow mediacodec system_file:dir r_dir_perms;
|
||||
|
||||
# /sys/class/video4linux/*
|
||||
r_dir_file(mediacodec, sysfs_v4l);
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
# /efs
|
||||
allow mediaserver efs_file:dir r_dir_perms;
|
||||
|
||||
# /efs/wv.keys
|
||||
allow mediaserver efs_file:file r_file_perms;
|
||||
|
||||
# /dev/m2m1shot_jpeg
|
||||
allow mediaserver camera_device:chr_file rw_file_perms;
|
||||
|
||||
# Snap permissions
|
||||
allow mediaserver sensorservice_service:service_manager find;
|
||||
allow mediaserver system_server:unix_stream_socket rw_stream_socket_perms;
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
#### modemloader
|
||||
#
|
||||
type modemloader, domain;
|
||||
type modemloader_exec, exec_type, file_type, vendor_file_type;
|
||||
|
||||
init_daemon_domain(modemloader)
|
||||
|
||||
allow modemloader proc:file r_file_perms;
|
||||
|
||||
set_prop(modemloader, modemloader_prop)
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
# allow netd self:capability sys_module;
|
||||
# allow netd gpsd:fd use;
|
||||
# allow netd gpsd:udp_socket rw_socket_perms;
|
||||
# allow netd gpsd:tcp_socket rw_socket_perms;
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
# CP-Boot Daemon
|
||||
type cpboot-daemon_prop, property_type;
|
||||
|
||||
# modemloader
|
||||
type modemloader_prop, property_type;
|
||||
|
||||
# mobicore (tee)
|
||||
type tee_prop, property_type;
|
||||
|
||||
# sswap
|
||||
type sswap_prop, property_type;
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
# bluetooth
|
||||
persist.bluetooth_fw_ver u:object_r:bluetooth_prop:s0
|
||||
ro.bluetooth.tty u:object_r:bluetooth_prop:s0
|
||||
wc_transport. u:object_r:bluetooth_prop:s0
|
||||
|
||||
# modemloader
|
||||
hw.revision u:object_r:modemloader_prop:s0
|
||||
ro.cbd.dt_revision u:object_r:modemloader_prop:s0
|
||||
ril.cbd.dt_revision u:object_r:modemloader_prop:s0
|
||||
ro.modemloader.done u:object_r:modemloader_prop:s0
|
||||
|
||||
# mobicore
|
||||
sys.mobicoredaemon.enable u:object_r:tee_prop:s0
|
||||
|
||||
# radio
|
||||
persist.ril.modem.board u:object_r:radio_prop:s0
|
||||
persist.ril.ims.eutranParam u:object_r:radio_prop:s0
|
||||
persist.ril.ims.utranParam u:object_r:radio_prop:s0
|
||||
persist.ril.interfaceconf.failed u:object_r:radio_prop:s0
|
||||
|
||||
# sswap
|
||||
persist.sys.swapoff u:object_r:sswap_prop:s0
|
||||
|
|
@ -1,66 +0,0 @@
|
|||
# rild.te
|
||||
|
||||
allow rild block_device:dir search;
|
||||
allow rild mnt_vendor_file:dir { getattr search };
|
||||
|
||||
# audio hal
|
||||
allow rild hal_audio_default:dir search;
|
||||
allow rild hal_audio_default:file r_file_perms;
|
||||
|
||||
# gps
|
||||
allow rild gpsd:dir search;
|
||||
allow rild gpsd:file r_file_perms;
|
||||
|
||||
# /data
|
||||
allow rild system_data_file:dir getattr;
|
||||
|
||||
# /data/vendor/log
|
||||
allow rild log_vendor_data_file:dir rw_dir_perms;
|
||||
allow rild log_vendor_data_file:file create_file_perms;
|
||||
|
||||
# /dev/block/platform/.+/by-name/radio
|
||||
allow rild radio_block_device:blk_file r_file_perms;
|
||||
|
||||
# /dev/drb
|
||||
# allow rild drb_device:chr_file rw_file_perms;
|
||||
|
||||
# /dev/umts_*
|
||||
# /dev/umts_ipc*
|
||||
# allow rild vendor_radio_device:chr_file rw_file_perms;
|
||||
|
||||
# /data/vendor/secradio
|
||||
allow rild radio_vendor_data_file:dir rw_dir_perms;
|
||||
allow rild radio_vendor_data_file:file create_file_perms;
|
||||
|
||||
# /efs/FactoryApp/
|
||||
# /mnt/vendor/efs/root
|
||||
allow rild app_efs_file:dir r_dir_perms;
|
||||
allow rild app_efs_file:file { rw_file_perms setattr };
|
||||
|
||||
# /efs/imei
|
||||
allow rild imei_efs_file:dir r_dir_perms;
|
||||
allow rild imei_efs_file:file r_file_perms;
|
||||
|
||||
# /mnt/vendor/efs/
|
||||
allow rild prov_efs_file:dir r_dir_perms;
|
||||
allow rild prov_efs_file:file r_file_perms;
|
||||
|
||||
# /mnt/vendor/efs/nv_data.bin
|
||||
allow rild bin_nv_data_efs_file:file { rw_file_perms setattr unlink };
|
||||
|
||||
# /proc/net/xt_qtaguid/iface_stat_fmt
|
||||
allow rild proc_qtaguid_stat:file r_file_perms;
|
||||
|
||||
# /proc/sys/net/ipv6/conf/*/accept_ra_defrtr
|
||||
allow rild proc_net:file rw_file_perms;
|
||||
|
||||
# mdc.
|
||||
# persist.sys.omc_support
|
||||
# ro.csc.
|
||||
get_prop(rild, exported_config_prop);
|
||||
|
||||
# ro.boot.cpboot, ril.NwNmId[0-9]
|
||||
get_prop(rild, exported_radio_prop)
|
||||
|
||||
# vendor.cbd.
|
||||
# set_prop(rild, vendor_cbd_prop)
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
# HWC
|
||||
Exynos.HWCService u:object_r:surfaceflinger_service:s0
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
type sswap, domain;
|
||||
type sswap_exec, exec_type, file_type, vendor_file_type;
|
||||
type sswap_device, dev_type;
|
||||
|
||||
init_daemon_domain(sswap);
|
||||
|
||||
allow sswap sswap_device:blk_file rw_file_perms;
|
||||
allow sswap sysfs_sswap:file rw_file_perms;
|
||||
allow sswap sysfs_sswap:dir search;
|
||||
allow sswap block_device:dir search;
|
||||
allow sswap self:capability sys_admin;
|
||||
|
||||
allow sswap proc_meminfo:file r_file_perms;
|
||||
|
||||
allow sswap properties_device:dir r_dir_perms;
|
||||
r_dir_file(sswap, proc_stat);
|
||||
|
||||
set_prop(sswap, sswap_prop)
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
# HWC
|
||||
allow surfaceflinger secmem_device:chr_file rw_file_perms;
|
||||
allow surfaceflinger sysfs_graphics:file rw_file_perms;
|
||||
r_dir_file(surfaceflinger, sysfs_graphics)
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
allow system_app sysfs_mdnie:{ file lnk_file } rw_file_perms;
|
||||
allow system_app sysfs_mdnie:dir search;
|
||||
allow system_app sysfs_graphics:dir search;
|
||||
allow system_app wificond:binder call;
|
||||
|
|
@ -1,57 +1,2 @@
|
|||
# /efs
|
||||
allow system_server efs_file:dir r_dir_perms;
|
||||
|
||||
# /efs/gyro_cal_data
|
||||
allow system_server sensor_efs_file:file r_file_perms;
|
||||
|
||||
# /data/system/gps/.gps.interface.pipe.*
|
||||
type_transition system_server system_data_file:fifo_file gps_data_file ".flp.interface.pipe.to_gpsd";
|
||||
type_transition system_server system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_gpsd";
|
||||
type_transition system_server system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_jni";
|
||||
allow system_server gps_data_file:fifo_file create_file_perms;
|
||||
allow system_server gps_data_file:dir rw_dir_perms;
|
||||
|
||||
# /data/system/gps/chip.info
|
||||
allow system_server gps_data_file:file r_file_perms;
|
||||
|
||||
# /efs/prox_cal
|
||||
allow system_server efs_file:file r_file_perms;
|
||||
|
||||
# /efs/FactoryApp
|
||||
allow system_server app_efs_file:dir r_dir_perms;
|
||||
allow system_server app_efs_file:file r_file_perms;
|
||||
|
||||
# WifiMachine
|
||||
allow system_server self:capability sys_module;
|
||||
allow system_server wifi_efs_file:dir r_dir_perms;
|
||||
allow system_server wifi_efs_file:file r_file_perms;
|
||||
|
||||
# mDNIE
|
||||
allow system_server sysfs_mdnie:lnk_file rw_file_perms;
|
||||
#allow system_server sysfs_mdnie:dir rw_dir_perms;
|
||||
allow system_server sysfs_mdnie:file rw_file_perms;
|
||||
|
||||
# memtrack HAL
|
||||
allow system_server debugfs:dir r_dir_perms;
|
||||
|
||||
# sensor HAL
|
||||
allow system_server sensor_device:chr_file rw_file_perms;
|
||||
allow system_server baro_delta_factoryapp_efs_file:file r_file_perms;
|
||||
allow system_server sensor_factoryapp_efs_file:file r_file_perms;
|
||||
allow system_server sysfs_sensors:file rw_file_perms;
|
||||
|
||||
# /data/system/gps/xtraee.bin
|
||||
allow system_server gps_data_file:file create_file_perms;
|
||||
|
||||
# Bluetooth buildprop
|
||||
get_prop(system_server, bluetooth_prop)
|
||||
|
||||
# Grpahics sysfs
|
||||
allow system_server sysfs_graphics:file rw_file_perms;
|
||||
|
||||
# Input sysfs
|
||||
allow system_server sysfs_input:file rw_file_perms;
|
||||
|
||||
allow system_server proc_input_devices:file r_file_perms;
|
||||
|
||||
# unix_socket_connect(system_server, property, gpsd)
|
||||
type boot_prop, property_type;
|
||||
set_prop(system_server, boot_prop);
|
||||
|
|
|
|||
|
|
@ -1,9 +0,0 @@
|
|||
# /efs
|
||||
allow tee { efs_file prov_efs_file }:dir r_dir_perms;
|
||||
allow tee { efs_file prov_efs_file }:file r_file_perms;
|
||||
|
||||
# Allow mobicore to search apk data
|
||||
# allow tee apk_data_file:dir search;
|
||||
|
||||
# sys.mobicore.enable
|
||||
set_prop(tee, tee_prop)
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
# /dev/block/mmcblk0p[0-9]
|
||||
allow ueventd emmcblk_device:blk_file { relabelfrom relabelto create setattr unlink rw_file_perms };
|
||||
|
||||
# /sys/devices/virtual/misc/multipdp/uevent
|
||||
allow ueventd sysfs_multipdp:file rw_file_perms;
|
||||
|
||||
# read/chown camera firmware
|
||||
allow ueventd sysfs_camera:file { relabelto rw_file_perms };
|
||||
allow ueventd sysfs_camera:filesystem associate;
|
||||
|
||||
allow ueventd sysfs_usb_supply:file w_file_perms;
|
||||
|
||||
# Allow access to /proc/device-tree nodes
|
||||
r_dir_file(ueventd, proc_dt_firmware)
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow uncrypt emmcblk_device:blk_file w_file_perms;
|
||||
allow uncrypt emmcblk_device:dir r_dir_perms;
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
# /efs
|
||||
allow vold efs_file:dir r_dir_perms;
|
||||
# /dev/block/mmcblk0p[0-9]
|
||||
allow vold emmcblk_device:dir create_dir_perms;
|
||||
allow vold emmcblk_device:blk_file { setattr unlink rw_file_perms };
|
||||
|
||||
allow vold sysfs_mmc:file w_file_perms;
|
||||
r_dir_file(vold, proc_dt_firmware)
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
#### wifiloader
|
||||
#
|
||||
type wifiloader, domain;
|
||||
type wifiloader_exec, exec_type, file_type, vendor_file_type;
|
||||
|
||||
init_daemon_domain(wifiloader)
|
||||
unix_socket_connect(wifiloader, property, init)
|
||||
|
||||
allow wifiloader proc:file r_file_perms;
|
||||
allow wifiloader sysfs_wlan_fwpath:file setattr;
|
||||
# allow wifiloader wifi_data_file:file rw_file_perms;
|
||||
set_prop(wifiloader, wifi_prop);
|
||||
|
||||
# /efs
|
||||
allow wifiloader efs_file:dir search;
|
||||
|
||||
# /efs/wifi
|
||||
allow wifiloader wifi_efs_file:dir search;
|
||||
allow wifiloader wifi_efs_file:file r_file_perms;
|
||||
|
||||
# load .ko modules
|
||||
allow wifiloader self:capability { chown sys_module };
|
||||
|
|
@ -1 +0,0 @@
|
|||
dontaudit zygote proc_cmdline:file r_file_perms;
|
||||
Loading…
Add table
Add a link
Reference in a new issue