diff options
| author | Xin Li <delphij@google.com> | 2022-08-15 21:59:57 -0700 |
|---|---|---|
| committer | Xin Li <delphij@google.com> | 2022-08-15 21:59:57 -0700 |
| commit | f94cf91bfe3d4e788850fb948885ce12cadfe511 (patch) | |
| tree | 54272dc493eae03d0fe06dec44f9557d54ea8fe6 | |
| parent | 195b57665049b26610726d4b0604eb05491f9366 (diff) | |
| parent | 10b7a5ae208b5a989e3a64f89138b07aa01e8213 (diff) | |
| download | coral-sepolicy-f94cf91bfe3d4e788850fb948885ce12cadfe511.tar.gz | |
DO NOT MERGE - Merge Android 13android-platform-13.0.0_r1android13-platform-release
Bug: 242648940
Merged-In: I51286cfda274bf2724abb3aee39941f13552e834
Change-Id: Iccccc56fb46e07353f7420441c44bf31836efe84
| -rw-r--r-- | vendor/google/device.te | 1 | ||||
| -rw-r--r-- | vendor/google/file.te | 3 | ||||
| -rw-r--r-- | vendor/google/file_contexts | 4 | ||||
| -rw-r--r-- | vendor/google/genfs_contexts | 3 | ||||
| -rw-r--r-- | vendor/google/pixelstats_vendor.te | 6 | ||||
| -rw-r--r-- | vendor/google/property.te | 3 | ||||
| -rw-r--r-- | vendor/google/property_contexts | 5 | ||||
| -rw-r--r-- | vendor/google/service_contexts | 1 | ||||
| -rw-r--r-- | vendor/google/twoshay.te | 6 | ||||
| -rw-r--r-- | vendor/google/wifi_sniffer.te | 17 | ||||
| -rw-r--r-- | vendor/qcom/common/file.te | 4 | ||||
| -rw-r--r-- | vendor/qcom/common/file_contexts | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/genfs_contexts | 3 | ||||
| -rw-r--r-- | vendor/qcom/common/seapp_contexts | 3 | ||||
| -rw-r--r-- | vendor/qcom/common/service.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/service_contexts | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/shell.te | 3 |
17 files changed, 17 insertions, 51 deletions
diff --git a/vendor/google/device.te b/vendor/google/device.te index 03af45f..1821791 100644 --- a/vendor/google/device.te +++ b/vendor/google/device.te @@ -3,7 +3,6 @@ type airbrush_device, dev_type, mlstrustedobject; type airbrush_sm_device, dev_type, mlstrustedobject; type faceauth_device, dev_type; type ipu_device, dev_type, mlstrustedobject; -type touch_offload_device, dev_type; type ramoops_device, dev_type; type maxfg_device, dev_type; type rls_device, dev_type; diff --git a/vendor/google/file.te b/vendor/google/file.te index 78f5c11..9df566d 100644 --- a/vendor/google/file.te +++ b/vendor/google/file.te @@ -78,9 +78,6 @@ type sysfs_knowles_info, fs_type, sysfs_type; # Dumpstats IPA statistics type debugfs_ipa, debugfs_type, fs_type; -# wifi_sniffer -type sysfs_wifi_conmode, sysfs_type, fs_type; - # Incremental file system driver type vendor_incremental_module, vendor_file_type, file_type; diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts index c3dd0d6..025965d 100644 --- a/vendor/google/file_contexts +++ b/vendor/google/file_contexts @@ -13,14 +13,12 @@ /dev/sensor_tunnel u:object_r:rls_device:s0 /dev/subsys_faceauth u:object_r:faceauth_device:s0 /dev/subsys_faceauth_b u:object_r:faceauth_device:s0 -/dev/touch_offload u:object_r:touch_offload_device:s0 /dev/lm36011_flood u:object_r:laser_device:s0 /dev/lm36011_dot u:object_r:laser_device:s0 /dev/iaxxx-module-celldrv u:object_r:pwrstats_device:s0 # system binaries /system/bin/hw/hardware\.google\.pixelstats@1\.0-service u:object_r:pixelstats_system_exec:s0 -/vendor/bin/pixelstats-vendor u:object_r:pixelstats_vendor_exec:s0 # vendor binaries /vendor/bin/hw/android\.hardware\.biometrics\.face@1\.0-service\.google u:object_r:hal_face_default_exec:s0 @@ -47,8 +45,6 @@ /vendor/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0 /vendor/bin/hw/android\.hardware\.graphics\.composer@2\.4-service-sm8150 u:object_r:hal_graphics_composer_default_exec:s0 /vendor/bin/hw/init_dp.sh u:object_r:init_dp_exec:s0 -/vendor/bin/wifi_sniffer u:object_r:wifi_sniffer_exec:s0 -/vendor/bin/twoshay u:object_r:twoshay_exec:s0 /vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 /vendor/bin/hw/android\.hardware\.contexthub@1\.[0-9]-service\.generic u:object_r:hal_contexthub_default_exec:s0 /vendor/bin/hw/android\.hardware\.usb@1\.[0-9]-service\.coral u:object_r:hal_usb_impl_exec:s0 diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts index 4dd3f60..9fa146f 100644 --- a/vendor/google/genfs_contexts +++ b/vendor/google/genfs_contexts @@ -182,9 +182,6 @@ genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.q # Dumpstats IPA statistics genfscon debugfs /ipa/ipa_statistics_msg u:object_r:debugfs_ipa:s0 -# wifi_sniffer -genfscon sysfs /module/wlan/parameters/con_mode u:object_r:sysfs_wifi_conmode:s0 - # Wakeup stats (new) # https://lkml.org/lkml/2019/8/6/1275 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0 diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te index 7f13472..bc8b05b 100644 --- a/vendor/google/pixelstats_vendor.te +++ b/vendor/google/pixelstats_vendor.te @@ -1,9 +1,3 @@ -# pixelstats vendor -type pixelstats_vendor, domain; - -type pixelstats_vendor_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(pixelstats_vendor) - get_prop(pixelstats_vendor, hwservicemanager_prop) hwbinder_use(pixelstats_vendor) allow pixelstats_vendor hal_pixelstats_hwservice:hwservice_manager find; diff --git a/vendor/google/property.te b/vendor/google/property.te index 4b6a601..cc45aa3 100644 --- a/vendor/google/property.te +++ b/vendor/google/property.te @@ -29,9 +29,6 @@ vendor_internal_prop(ecoservice_prop) vendor_internal_prop(vendor_shutdown_prop) vendor_internal_prop(vendor_battery_defender_prop) -# wifi_sniffer -vendor_internal_prop(vendor_wifi_sniffer_prop) - vendor_internal_prop(vendor_device_prop) # Logger diff --git a/vendor/google/property_contexts b/vendor/google/property_contexts index 8eaff6d..993a356 100644 --- a/vendor/google/property_contexts +++ b/vendor/google/property_contexts @@ -70,11 +70,6 @@ persist.vendor.mdm. u:object_r:vendor_modem_prop:s0 # ramoops vendor.ramoops. u:object_r:vendor_ramoops_prop:s0 -# wifi_sniffer -persist.vendor.wifi.sniffer.freq u:object_r:vendor_wifi_sniffer_prop:s0 -persist.vendor.wifi.sniffer.bandwidth u:object_r:vendor_wifi_sniffer_prop:s0 -vendor.wifi.sniffer.start u:object_r:vendor_wifi_sniffer_prop:s0 - vendor.all.modules.ready u:object_r:vendor_device_prop:s0 vendor.all.devices.ready u:object_r:vendor_device_prop:s0 diff --git a/vendor/google/service_contexts b/vendor/google/service_contexts index d7a1e46..4bac73b 100644 --- a/vendor/google/service_contexts +++ b/vendor/google/service_contexts @@ -1 +1,2 @@ +android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0 com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0 diff --git a/vendor/google/twoshay.te b/vendor/google/twoshay.te deleted file mode 100644 index ddc06e1..0000000 --- a/vendor/google/twoshay.te +++ /dev/null @@ -1,6 +0,0 @@ -type twoshay, domain; -type twoshay_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(twoshay) - -allow twoshay touch_offload_device:chr_file rw_file_perms; diff --git a/vendor/google/wifi_sniffer.te b/vendor/google/wifi_sniffer.te index b87a51f..17cdca8 100644 --- a/vendor/google/wifi_sniffer.te +++ b/vendor/google/wifi_sniffer.te @@ -1,20 +1,3 @@ -type wifi_sniffer, domain; -type wifi_sniffer_exec, exec_type, vendor_file_type, file_type; - userdebug_or_eng(` - # make transition from init to its domain - init_daemon_domain(wifi_sniffer) - net_domain(wifi_sniffer) - -# configurate con mode - allow wifi_sniffer self:capability net_admin; - allow wifi_sniffer sysfs_wifi_conmode:file rw_file_perms; - -# interface up - allowxperm wifi_sniffer self:udp_socket ioctl SIOCSIFFLAGS; - allow wifi_sniffer self:netlink_generic_socket create_socket_perms_no_ioctl; - - get_prop(wifi_sniffer, vendor_wifi_sniffer_prop) - dontaudit wifi_sniffer debugfs_wlan:dir search; ') diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te index aa14724..4ba1c4a 100644 --- a/vendor/qcom/common/file.te +++ b/vendor/qcom/common/file.te @@ -200,6 +200,8 @@ type persist_time_file, file_type, vendor_persist_type; # kgsl file type for sysfs access type sysfs_kgsl, sysfs_type, fs_type; type sysfs_kgsl_proc, sysfs_type, fs_type; +type sysfs_kgsl_shell, sysfs_type, fs_type; + # kgsl snapshot file type for sysfs access type sysfs_kgsl_snapshot, sysfs_type, fs_type; @@ -338,4 +340,4 @@ type cnss_vendor_data_file, file_type, data_file_type, mlstrustedobject; type modem_fdr_file, file_type, data_file_type; # Warm reset -type sysfs_poweroff, sysfs_type, fs_type;
\ No newline at end of file +type sysfs_poweroff, sysfs_type, fs_type; diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts index cd58b3b..cfbb63c 100644 --- a/vendor/qcom/common/file_contexts +++ b/vendor/qcom/common/file_contexts @@ -76,7 +76,7 @@ /(vendor|system/vendor)/bin/ssr_diag u:object_r:vendor_ssr_diag_exec:s0 /(vendor|system/vendor)/bin/hw/qcrild u:object_r:rild_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.widevine u:object_r:hal_drm_widevine_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.drm(@[0-9]+\.[0-9]+)?-service\.widevine u:object_r:hal_drm_widevine_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@.*-service-qti u:object_r:hal_gnss_qti_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.gnss@.*-service u:object_r:hal_gnss_qti_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti u:object_r:hal_bluetooth_default_exec:s0 diff --git a/vendor/qcom/common/genfs_contexts b/vendor/qcom/common/genfs_contexts index d0eecd2..29a9078 100644 --- a/vendor/qcom/common/genfs_contexts +++ b/vendor/qcom/common/genfs_contexts @@ -4,6 +4,7 @@ genfscon sysfs /kernel/boot_cdsp/boot genfscon sysfs /kernel/boot_slpi/boot u:object_r:sysfs_msm_boot:s0 genfscon sysfs /class/uio u:object_r:sysfs_uio:s0 genfscon sysfs /devices/virtual/kgsl/kgsl/proc u:object_r:sysfs_kgsl_proc:s0 +genfscon sysfs /devices/platform/soc/2c00000.qcom,kgsl-3d0/kgsl/kgsl-3d0/perfcounter u:object_r:sysfs_kgsl_shell:s0 genfscon sysfs /devices/platform/soc/0.qcom,rmtfs_sharedmem u:object_r:sysfs_rmtfs:s0 genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp u:object_r:sysfs_msm_subsys:s0 genfscon sysfs /devices/platform/soc/soc:qcom,spss_utils u:object_r:sysfs_spss:s0 @@ -27,6 +28,8 @@ genfscon sysfs /module/diagchar/parameters/timestamp_switch genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws@1e08000 u:object_r:sysfs_data:s0 genfscon sysfs /devices/virtual/xt_hardidletimer/timers u:object_r:sysfs_data:s0 genfscon sysfs /devices/virtual/xt_idletimer/timers u:object_r:sysfs_data:s0 +genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd-secure/wakeup u:object_r:sysfs_wakeup:s0 # Poweroff for warm_reset in recovery mode genfscon sysfs /module/msm_poweroff u:object_r:sysfs_poweroff:s0 diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts index b1582f9..c772f16 100644 --- a/vendor/qcom/common/seapp_contexts +++ b/vendor/qcom/common/seapp_contexts @@ -34,3 +34,6 @@ user=_app seinfo=platform name=com.qualcomm.qti.devicestatisticsservice domain=q # QtiTelephonyService app user=_app seinfo=platform name=com.qualcomm.qti.telephonyservice domain=qtelephony type=app_data_file levelFrom=all + +#Add ExtTelephonyService to vendor_qtelephony +user=_app seinfo=platform name=com.qti.phone domain=qtelephony type=app_data_file levelFrom=all diff --git a/vendor/qcom/common/service.te b/vendor/qcom/common/service.te index 9b84941..1854107 100644 --- a/vendor/qcom/common/service.te +++ b/vendor/qcom/common/service.te @@ -4,4 +4,4 @@ type imsrcs_service, service_manager_type; type improve_touch_service, service_manager_type; type gba_auth_service, service_manager_type; type qtitetherservice_service, service_manager_type; -type hal_telephony_service, service_manager_type, hal_service_type; +type hal_telephony_service, service_manager_type, hal_service_type, protected_service; diff --git a/vendor/qcom/common/service_contexts b/vendor/qcom/common/service_contexts index 405f768..c11263b 100644 --- a/vendor/qcom/common/service_contexts +++ b/vendor/qcom/common/service_contexts @@ -1 +1,3 @@ vendor.qti.hardware.radio.ims.IImsRadio/default u:object_r:hal_telephony_service:s0 +vendor.qti.hardware.radio.ims.IImsRadio/imsradio0 u:object_r:hal_telephony_service:s0 +vendor.qti.hardware.radio.ims.IImsRadio/imsradio1 u:object_r:hal_telephony_service:s0 diff --git a/vendor/qcom/common/shell.te b/vendor/qcom/common/shell.te new file mode 100644 index 0000000..cd0e4a4 --- /dev/null +++ b/vendor/qcom/common/shell.te @@ -0,0 +1,3 @@ +# allow shell users to control kgsl perfcounters +allow shell sysfs_kgsl_shell:file rw_file_perms; +allow shell sysfs_msm_subsys:dir r_dir_perms; |