diff options
-rw-r--r-- | coral-sepolicy.mk | 1 | ||||
-rw-r--r-- | vendor/google/citadeld.te | 4 | ||||
-rw-r--r-- | vendor/google/device.te | 3 | ||||
-rw-r--r-- | vendor/google/file_contexts | 19 | ||||
-rw-r--r-- | vendor/google/hal_authsecret_citadel.te | 4 | ||||
-rw-r--r-- | vendor/google/hal_keymaster_citadel.te | 4 | ||||
-rw-r--r-- | vendor/google/hal_oemlock_citadel.te | 4 | ||||
-rw-r--r-- | vendor/google/hal_weaver_citadel.te | 4 | ||||
-rw-r--r-- | vendor/google/init-firstboot.te | 4 | ||||
-rw-r--r-- | vendor/google/init-insmod-sh.te | 4 | ||||
-rw-r--r-- | vendor/google/init_citadel.te | 4 | ||||
-rw-r--r-- | vendor/google/ramoops.te | 4 | ||||
-rw-r--r-- | vendor/google/wait_for_strongbox.te | 5 |
13 files changed, 64 insertions, 0 deletions
diff --git a/coral-sepolicy.mk b/coral-sepolicy.mk index 52f7310..4532090 100644 --- a/coral-sepolicy.mk +++ b/coral-sepolicy.mk @@ -2,5 +2,6 @@ BOARD_PLAT_PUBLIC_SEPOLICY_DIR := device/google/coral-sepolicy/public BOARD_PLAT_PRIVATE_SEPOLICY_DIR := device/google/coral-sepolicy/private # vendors +BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/google BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/qcom/common BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/qcom/sm8150 diff --git a/vendor/google/citadeld.te b/vendor/google/citadeld.te new file mode 100644 index 0000000..bd8e4e3 --- /dev/null +++ b/vendor/google/citadeld.te @@ -0,0 +1,4 @@ +type citadeld, domain; +type citadeld_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(citadeld) diff --git a/vendor/google/device.te b/vendor/google/device.te new file mode 100644 index 0000000..d4bb97a --- /dev/null +++ b/vendor/google/device.te @@ -0,0 +1,3 @@ +type citadel_device, dev_type; +type ramoops_device, dev_type; +type maxfg_device, dev_type;
\ No newline at end of file diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts new file mode 100644 index 0000000..66b0d42 --- /dev/null +++ b/vendor/google/file_contexts @@ -0,0 +1,19 @@ +# dev nodes +/dev/citadel0 u:object_r:citadel_device:s0 +/dev/access-metadata u:object_r:ramoops_device:s0 +/dev/access-ramoops u:object_r:ramoops_device:s0 +/dev/maxfg_history u:object_r:maxfg_device:s0 + +/vendor/bin/hw/android\.hardware\.authsecret@1\.0-service\.citadel u:object_r:hal_authsecret_citadel_exec:s0 +/vendor/bin/hw/android\.hardware\.oemlock@1\.0-service\.citadel u:object_r:hal_oemlock_citadel_exec:s0 +/vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel u:object_r:hal_weaver_citadel_exec:s0 +/vendor/bin/hw/android\.hardware\.keymaster@4\.0-service\.citadel u:object_r:hal_keymaster_citadel_exec:s0 +/vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0 +/vendor/bin/hw/init_citadel u:object_r:init_citadel_exec:s0 +/vendor/bin/hw/wait_for_strongbox u:object_r:wait_for_strongbox_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element@1\.0-service-disabled u:object_r:hal_secure_element_default_exec:s0 +/vendor/bin/hw/android\.hardware\.power@1\.3-service\.crosshatch-libperfmgr u:object_r:hal_power_default_exec:s0 +/vendor/bin/init\.firstboot\.sh u:object_r:init-firstboot_exec:s0 +/vendor/bin/ramoops u:object_r:ramoops_exec:s0 +/vendor/bin/init\.ramoops\.sh u:object_r:ramoops_exec:s0 +/vendor/bin/init\.insmod\.sh u:object_r:init-insmod-sh_exec:s0 diff --git a/vendor/google/hal_authsecret_citadel.te b/vendor/google/hal_authsecret_citadel.te new file mode 100644 index 0000000..f8658b8 --- /dev/null +++ b/vendor/google/hal_authsecret_citadel.te @@ -0,0 +1,4 @@ +type hal_authsecret_citadel, domain; +type hal_authsecret_citadel_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(hal_authsecret_citadel) diff --git a/vendor/google/hal_keymaster_citadel.te b/vendor/google/hal_keymaster_citadel.te new file mode 100644 index 0000000..0a18d52 --- /dev/null +++ b/vendor/google/hal_keymaster_citadel.te @@ -0,0 +1,4 @@ +type hal_keymaster_citadel, domain; +type hal_keymaster_citadel_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(hal_keymaster_citadel) diff --git a/vendor/google/hal_oemlock_citadel.te b/vendor/google/hal_oemlock_citadel.te new file mode 100644 index 0000000..4b6273b --- /dev/null +++ b/vendor/google/hal_oemlock_citadel.te @@ -0,0 +1,4 @@ +type hal_oemlock_citadel, domain; +type hal_oemlock_citadel_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(hal_oemlock_citadel) diff --git a/vendor/google/hal_weaver_citadel.te b/vendor/google/hal_weaver_citadel.te new file mode 100644 index 0000000..5cd1c6a --- /dev/null +++ b/vendor/google/hal_weaver_citadel.te @@ -0,0 +1,4 @@ +type hal_weaver_citadel, domain; +type hal_weaver_citadel_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(hal_weaver_citadel) diff --git a/vendor/google/init-firstboot.te b/vendor/google/init-firstboot.te new file mode 100644 index 0000000..a7d5085 --- /dev/null +++ b/vendor/google/init-firstboot.te @@ -0,0 +1,4 @@ +type init-firstboot, domain; +type init-firstboot_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(init-firstboot) diff --git a/vendor/google/init-insmod-sh.te b/vendor/google/init-insmod-sh.te new file mode 100644 index 0000000..ee26bfa --- /dev/null +++ b/vendor/google/init-insmod-sh.te @@ -0,0 +1,4 @@ +type init-insmod-sh, domain; +type init-insmod-sh_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(init-insmod-sh) diff --git a/vendor/google/init_citadel.te b/vendor/google/init_citadel.te new file mode 100644 index 0000000..2c8246b --- /dev/null +++ b/vendor/google/init_citadel.te @@ -0,0 +1,4 @@ +type init_citadel, domain; +type init_citadel_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(init_citadel) diff --git a/vendor/google/ramoops.te b/vendor/google/ramoops.te new file mode 100644 index 0000000..1085067 --- /dev/null +++ b/vendor/google/ramoops.te @@ -0,0 +1,4 @@ +type ramoops, domain; +type ramoops_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(ramoops); diff --git a/vendor/google/wait_for_strongbox.te b/vendor/google/wait_for_strongbox.te new file mode 100644 index 0000000..11e1c45 --- /dev/null +++ b/vendor/google/wait_for_strongbox.te @@ -0,0 +1,5 @@ +# wait_for_strongbox service +type wait_for_strongbox, domain; +type wait_for_strongbox_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(wait_for_strongbox) |