diff options
-rw-r--r-- | coral-sepolicy.mk | 1 | ||||
-rw-r--r-- | tracking_denials/bootanim.te | 2 | ||||
-rw-r--r-- | tracking_denials/gmscore_app.te | 4 | ||||
-rw-r--r-- | tracking_denials/hal_audio_default.te | 2 | ||||
-rw-r--r-- | tracking_denials/hal_face_default.te | 2 | ||||
-rw-r--r-- | tracking_denials/hal_graphics_allocator_default.te | 2 | ||||
-rw-r--r-- | tracking_denials/ims.te | 2 | ||||
-rw-r--r-- | tracking_denials/init-insmod-sh.te | 2 | ||||
-rw-r--r-- | tracking_denials/init.te | 2 | ||||
-rw-r--r-- | tracking_denials/location.te | 2 | ||||
-rw-r--r-- | tracking_denials/platform_app.te | 2 | ||||
-rw-r--r-- | tracking_denials/priv_app.te | 2 | ||||
-rw-r--r-- | tracking_denials/radio.te | 2 | ||||
-rw-r--r-- | tracking_denials/surfaceflinger.te | 2 | ||||
-rw-r--r-- | tracking_denials/system_app.te | 3 | ||||
-rw-r--r-- | tracking_denials/system_server.te | 2 | ||||
-rw-r--r-- | tracking_denials/tee.te | 2 | ||||
-rw-r--r-- | tracking_denials/thermal-engine.te | 9 | ||||
-rw-r--r-- | tracking_denials/time_daemon.te | 3 | ||||
-rw-r--r-- | tracking_denials/untrusted_app_29.te | 2 | ||||
-rw-r--r-- | tracking_denials/vendor_pd_mapper.te | 3 | ||||
-rw-r--r-- | tracking_denials/wcnss_service.te | 2 |
22 files changed, 55 insertions, 0 deletions
diff --git a/coral-sepolicy.mk b/coral-sepolicy.mk index c03312c..8ea3e0a 100644 --- a/coral-sepolicy.mk +++ b/coral-sepolicy.mk @@ -6,3 +6,4 @@ BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/google BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/qcom/common BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/qcom/sm8150 BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/knowles/common +BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/tracking_denials diff --git a/tracking_denials/bootanim.te b/tracking_denials/bootanim.te new file mode 100644 index 0000000..977590d --- /dev/null +++ b/tracking_denials/bootanim.te @@ -0,0 +1,2 @@ +# b/128958090 +dontaudit bootanim sysfs_msm_subsys:dir search; diff --git a/tracking_denials/gmscore_app.te b/tracking_denials/gmscore_app.te new file mode 100644 index 0000000..edab2c3 --- /dev/null +++ b/tracking_denials/gmscore_app.te @@ -0,0 +1,4 @@ +# b/149543390 +dontaudit gmscore_app firmware_file:filesystem getattr; +dontaudit gmscore_app mnt_vendor_file:dir search; +dontaudit gmscore_app sysfs_msm_subsys:file read; diff --git a/tracking_denials/hal_audio_default.te b/tracking_denials/hal_audio_default.te new file mode 100644 index 0000000..f0bd336 --- /dev/null +++ b/tracking_denials/hal_audio_default.te @@ -0,0 +1,2 @@ +# b/129111829 +dontaudit hal_audio_default exported3_system_prop:file read; diff --git a/tracking_denials/hal_face_default.te b/tracking_denials/hal_face_default.te new file mode 100644 index 0000000..1be13a5 --- /dev/null +++ b/tracking_denials/hal_face_default.te @@ -0,0 +1,2 @@ +# b/134894179 +dontaudit hal_face_default exported_camera_prop:file read; diff --git a/tracking_denials/hal_graphics_allocator_default.te b/tracking_denials/hal_graphics_allocator_default.te new file mode 100644 index 0000000..68eb040 --- /dev/null +++ b/tracking_denials/hal_graphics_allocator_default.te @@ -0,0 +1,2 @@ +# b/149542444 +dontaudit hal_graphics_allocator_default sysfs_msm_subsys:dir search; diff --git a/tracking_denials/ims.te b/tracking_denials/ims.te new file mode 100644 index 0000000..255f3ec --- /dev/null +++ b/tracking_denials/ims.te @@ -0,0 +1,2 @@ +# b/129460752 +dontaudit ims sysfs_faceauth:dir search; diff --git a/tracking_denials/init-insmod-sh.te b/tracking_denials/init-insmod-sh.te new file mode 100644 index 0000000..d4039af --- /dev/null +++ b/tracking_denials/init-insmod-sh.te @@ -0,0 +1,2 @@ +# b/149543972 +dontaudit init-insmod-sh proc_cmdline:file read; diff --git a/tracking_denials/init.te b/tracking_denials/init.te new file mode 100644 index 0000000..d4ce80b --- /dev/null +++ b/tracking_denials/init.te @@ -0,0 +1,2 @@ +# b/149542343 +dontaudit init kernel:system module_request; diff --git a/tracking_denials/location.te b/tracking_denials/location.te new file mode 100644 index 0000000..6e64ef1 --- /dev/null +++ b/tracking_denials/location.te @@ -0,0 +1,2 @@ +# b/149544069 +dontaudit location qtidataservices_app:binder call; diff --git a/tracking_denials/platform_app.te b/tracking_denials/platform_app.te new file mode 100644 index 0000000..d58e641 --- /dev/null +++ b/tracking_denials/platform_app.te @@ -0,0 +1,2 @@ +# b/149542783 +dontaudit platform_app sysfs_msm_subsys:dir search; diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te new file mode 100644 index 0000000..3878ed5 --- /dev/null +++ b/tracking_denials/priv_app.te @@ -0,0 +1,2 @@ +# b/149543179 +dontaudit priv_app sysfs_msm_subsys:file read; diff --git a/tracking_denials/radio.te b/tracking_denials/radio.te new file mode 100644 index 0000000..7a81617 --- /dev/null +++ b/tracking_denials/radio.te @@ -0,0 +1,2 @@ +# b/129455852 +dontaudit radio proc_filesystems:file read; diff --git a/tracking_denials/surfaceflinger.te b/tracking_denials/surfaceflinger.te new file mode 100644 index 0000000..9c96382 --- /dev/null +++ b/tracking_denials/surfaceflinger.te @@ -0,0 +1,2 @@ +# b/149544591 +dontaudit surfaceflinger sysfs_msm_subsys:dir search; diff --git a/tracking_denials/system_app.te b/tracking_denials/system_app.te new file mode 100644 index 0000000..7037625 --- /dev/null +++ b/tracking_denials/system_app.te @@ -0,0 +1,3 @@ +# b/149544592 +dontaudit system_app apk_verity_prop:file read; +dontaudit system_app sysfs_msm_subsys:dir search; diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te new file mode 100644 index 0000000..79d8a91 --- /dev/null +++ b/tracking_denials/system_server.te @@ -0,0 +1,2 @@ +# b/149544018 +dontaudit system_server sysfs_msm_subsys:file read; diff --git a/tracking_denials/tee.te b/tracking_denials/tee.te new file mode 100644 index 0000000..3f996b5 --- /dev/null +++ b/tracking_denials/tee.te @@ -0,0 +1,2 @@ +# b/132393475 +dontaudit tee sysfs_wake_lock:file append; diff --git a/tracking_denials/thermal-engine.te b/tracking_denials/thermal-engine.te new file mode 100644 index 0000000..9fd5ba2 --- /dev/null +++ b/tracking_denials/thermal-engine.te @@ -0,0 +1,9 @@ +# b/124250714 +dontaudit thermal-engine socket_device:dir write; +dontaudit thermal-engine sysfs_batteryinfo:dir search; +dontaudit thermal-engine sysfs:dir read; +dontaudit thermal-engine sysfs_esoc:dir search; +dontaudit thermal-engine sysfs_faceauth:dir search; +dontaudit thermal-engine sysfs_leds:dir search; +dontaudit thermal-engine sysfs_soc:dir search; +dontaudit thermal-engine sysfs_ssr:file read; diff --git a/tracking_denials/time_daemon.te b/tracking_denials/time_daemon.te new file mode 100644 index 0000000..a3ab78c --- /dev/null +++ b/tracking_denials/time_daemon.te @@ -0,0 +1,3 @@ +# b/136426663 +dontaudit time_daemon sysfs_esoc:dir search; +dontaudit time_daemon sysfs_msm_subsys:dir search; diff --git a/tracking_denials/untrusted_app_29.te b/tracking_denials/untrusted_app_29.te new file mode 100644 index 0000000..047852d --- /dev/null +++ b/tracking_denials/untrusted_app_29.te @@ -0,0 +1,2 @@ +# b/149544802 +dontaudit untrusted_app_29 sysfs_msm_subsys:dir search; diff --git a/tracking_denials/vendor_pd_mapper.te b/tracking_denials/vendor_pd_mapper.te new file mode 100644 index 0000000..4930dd1 --- /dev/null +++ b/tracking_denials/vendor_pd_mapper.te @@ -0,0 +1,3 @@ +# b/129744410 +dontaudit vendor_pd_mapper sysfs_esoc:dir search; +dontaudit vendor_pd_mapper sysfs_msm_subsys:dir search; diff --git a/tracking_denials/wcnss_service.te b/tracking_denials/wcnss_service.te new file mode 100644 index 0000000..9b4b83d --- /dev/null +++ b/tracking_denials/wcnss_service.te @@ -0,0 +1,2 @@ +# b/130262158 +dontaudit wcnss_service kernel:system module_request; |