diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2019-05-22 03:05:13 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-05-22 03:05:13 +0000 |
commit | e90c1ccf418b2d31bec42dc0127207707e90ff69 (patch) | |
tree | 9623a64ef7acfdd7c79f6f2107cfa29592dd30e0 | |
parent | 158f31a89fe26dbaace0af463d5fef28d558ef05 (diff) | |
parent | 31ab061ff7a82aac2cfc465f380b6dd72f4f69a9 (diff) | |
download | crosshatch-sepolicy-e90c1ccf418b2d31bec42dc0127207707e90ff69.tar.gz |
Snap for 5591509 from 31ab061ff7a82aac2cfc465f380b6dd72f4f69a9 to qt-release
Change-Id: I10e527e3dd4230d551aa84a940e2b4d6fd4cccf9
-rw-r--r-- | vendor/google/google_camera_app.te | 3 | ||||
-rw-r--r-- | vendor/qcom/common/cnd.te | 4 | ||||
-rw-r--r-- | vendor/qcom/common/domain.te | 4 | ||||
-rw-r--r-- | vendor/qcom/common/hal_gnss_qti.te | 4 | ||||
-rw-r--r-- | vendor/qcom/common/hal_graphics_composer_default.te | 4 | ||||
-rw-r--r-- | vendor/qcom/common/hal_imsrtp.te | 4 | ||||
-rw-r--r-- | vendor/qcom/common/hal_rcsservice.te | 4 | ||||
-rw-r--r-- | vendor/qcom/common/hal_sensors_default.te | 4 | ||||
-rw-r--r-- | vendor/qcom/common/ims.te | 4 | ||||
-rw-r--r-- | vendor/qcom/common/netmgrd.te | 4 | ||||
-rw-r--r-- | vendor/qcom/common/netutils_wrapper.te | 4 | ||||
-rw-r--r-- | vendor/qcom/common/rild.te | 4 | ||||
-rw-r--r-- | vendor/qcom/common/system_app.te | 3 |
13 files changed, 46 insertions, 4 deletions
diff --git a/vendor/google/google_camera_app.te b/vendor/google/google_camera_app.te index 621a976..0605048 100644 --- a/vendor/google/google_camera_app.te +++ b/vendor/google/google_camera_app.te @@ -46,3 +46,6 @@ allow google_camera_app system_app_data_file:file { read write getattr }; allow google_camera_app hal_paintbox_hwservice:hwservice_manager find; binder_call(google_camera_app, easel) allow google_camera_app easel_device:chr_file rw_file_perms; + +# Allow notifying Perfetto traced daemon that a notable event has occurred. +unix_socket_connect(google_camera_app, traced_producer, traced) diff --git a/vendor/qcom/common/cnd.te b/vendor/qcom/common/cnd.te index 5e0a85d..abf4511 100644 --- a/vendor/qcom/common/cnd.te +++ b/vendor/qcom/common/cnd.te @@ -13,6 +13,10 @@ allow cnd wpa_data_file:dir rw_dir_perms; allow cnd wpa_data_file:sock_file create_file_perms; allow cnd wpa_socket:sock_file write; +userdebug_or_eng(` + allow cnd diag_device:chr_file rw_file_perms; +') + allow cnd self:udp_socket create_socket_perms; allowxperm cnd self:udp_socket ioctl SIOCGIFMTU; allow cnd self:{ diff --git a/vendor/qcom/common/domain.te b/vendor/qcom/common/domain.te index bb6b3b7..7291b54 100644 --- a/vendor/qcom/common/domain.te +++ b/vendor/qcom/common/domain.te @@ -1,7 +1,3 @@ -userdebug_or_eng(` - allow domain diag_device:chr_file rw_file_perms; -') - # In order for /sys/kernel/debug/kgsl/proc/<pid>/mem # to be created for memory tracking, the domain of # the tracked process must have permission to search diff --git a/vendor/qcom/common/hal_gnss_qti.te b/vendor/qcom/common/hal_gnss_qti.te index bdd76f1..84e2f91 100644 --- a/vendor/qcom/common/hal_gnss_qti.te +++ b/vendor/qcom/common/hal_gnss_qti.te @@ -35,4 +35,8 @@ allow hal_gnss_qti netmgrd_socket:dir search; allow hal_gnss_qti self:netlink_generic_socket { bind create read }; allow hal_gnss_qti self:netlink_route_socket { bind create nlmsg_read read write }; +userdebug_or_eng(` + allow hal_gnss_qti diag_device:chr_file rw_file_perms; +') + dontaudit hal_gnss_qti kernel:system module_request; diff --git a/vendor/qcom/common/hal_graphics_composer_default.te b/vendor/qcom/common/hal_graphics_composer_default.te index 50815e2..e476b79 100644 --- a/vendor/qcom/common/hal_graphics_composer_default.te +++ b/vendor/qcom/common/hal_graphics_composer_default.te @@ -9,6 +9,10 @@ allow hal_graphics_composer_default sysfs_msm_subsys:file r_file_perms; allow hal_graphics_composer_default sysfs_mdss_mdp_caps:file r_file_perms; allow hal_graphics_composer_default persist_file:dir search; +userdebug_or_eng(` + allow hal_graphics_composer_default diag_device:chr_file rw_file_perms; +') + # Allow dir search in '/mnt/vendor' allow hal_graphics_composer_default mnt_vendor_file:dir search; allow hal_graphics_composer_default mnt_vendor_file:file r_file_perms; diff --git a/vendor/qcom/common/hal_imsrtp.te b/vendor/qcom/common/hal_imsrtp.te index 70d7479..b85b7a6 100644 --- a/vendor/qcom/common/hal_imsrtp.te +++ b/vendor/qcom/common/hal_imsrtp.te @@ -15,6 +15,10 @@ unix_socket_connect(hal_imsrtp, ims, ims) allow hal_imsrtp sysfs_timestamp_switch:file r_file_perms; +userdebug_or_eng(` + allow hal_imsrtp diag_device:chr_file rw_file_perms; +') + # ioctlcmd=c302 allowxperm hal_imsrtp self:socket ioctl msm_sock_ipc_ioctls; diff --git a/vendor/qcom/common/hal_rcsservice.te b/vendor/qcom/common/hal_rcsservice.te index 13c4b13..cd333ab 100644 --- a/vendor/qcom/common/hal_rcsservice.te +++ b/vendor/qcom/common/hal_rcsservice.te @@ -41,4 +41,8 @@ allow hal_rcsservice self:capability net_bind_service; set_prop(hal_rcsservice, ctl_vendor_imsrcsservice_prop) +userdebug_or_eng(` + allow hal_rcsservice diag_device:chr_file rw_file_perms; +') + dontaudit hal_rcsservice kernel:system module_request; diff --git a/vendor/qcom/common/hal_sensors_default.te b/vendor/qcom/common/hal_sensors_default.te index c5bc960..a3e1c22 100644 --- a/vendor/qcom/common/hal_sensors_default.te +++ b/vendor/qcom/common/hal_sensors_default.te @@ -12,6 +12,10 @@ r_dir_file(hal_sensors_default, sysfs_msm_subsys); allow hal_sensors_default qdsp_device:chr_file r_file_perms; +userdebug_or_eng(` + allow hal_sensors_default diag_device:chr_file rw_file_perms; +') + allow hal_sensors_default sensors_vendor_data_file:dir create_dir_perms; allow hal_sensors_default sensors_vendor_data_file:file create_file_perms; diff --git a/vendor/qcom/common/ims.te b/vendor/qcom/common/ims.te index 23541e9..9966e99 100644 --- a/vendor/qcom/common/ims.te +++ b/vendor/qcom/common/ims.te @@ -15,6 +15,10 @@ allow ims sysfs_timestamp_switch:file r_file_perms; allow ims self:capability net_bind_service; +userdebug_or_eng(` + allow ims diag_device:chr_file rw_file_perms; +') + allow ims ion_device:chr_file r_file_perms; unix_socket_connect(ims, cnd, cnd) diff --git a/vendor/qcom/common/netmgrd.te b/vendor/qcom/common/netmgrd.te index 28c2b32..36af3e6 100644 --- a/vendor/qcom/common/netmgrd.te +++ b/vendor/qcom/common/netmgrd.te @@ -23,6 +23,10 @@ allow netmgrd sysfs_soc:file r_file_perms; allow netmgrd sysfs_msm_subsys:dir r_dir_perms; allow netmgrd sysfs_msm_subsys:file r_file_perms; +userdebug_or_eng(` + allow netmgrd diag_device:chr_file rw_file_perms; +') + r_dir_file(netmgrd, sysfs_msm_subsys) wakelock_use(netmgrd) diff --git a/vendor/qcom/common/netutils_wrapper.te b/vendor/qcom/common/netutils_wrapper.te index bea7374..0653256 100644 --- a/vendor/qcom/common/netutils_wrapper.te +++ b/vendor/qcom/common/netutils_wrapper.te @@ -2,6 +2,10 @@ allow netutils_wrapper netmgrd:fd use; allow netutils_wrapper netmgrd:fifo_file { getattr read write append }; +userdebug_or_eng(` + allow netutils_wrapper diag_device:chr_file rw_file_perms; +') + dontaudit netutils_wrapper netmgrd:unix_stream_socket { read write }; dontaudit netutils_wrapper netmgrd:socket { read write }; dontaudit netutils_wrapper netmgrd:netlink_socket { getattr read write append }; diff --git a/vendor/qcom/common/rild.te b/vendor/qcom/common/rild.te index a603ec5..b583cc0 100644 --- a/vendor/qcom/common/rild.te +++ b/vendor/qcom/common/rild.te @@ -12,6 +12,10 @@ allow rild vendor_file:file { execute_no_trans lock ioctl }; allow rild per_mgr_service:service_manager find; +userdebug_or_eng(` + allow rild diag_device:chr_file rw_file_perms; +') + add_hwservice(rild, vnd_ims_radio_hwservice) add_hwservice(rild, vnd_qcrilhook_hwservice) diff --git a/vendor/qcom/common/system_app.te b/vendor/qcom/common/system_app.te index 98d25c7..5520821 100644 --- a/vendor/qcom/common/system_app.te +++ b/vendor/qcom/common/system_app.te @@ -1,3 +1,6 @@ typeattribute system_app system_writes_vendor_properties_violators; +userdebug_or_eng(` + allow system_app diag_device:chr_file rw_file_perms; +') set_prop(system_app, vendor_bluetooth_prop) |