diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 01:12:17 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 01:12:17 +0000 |
commit | db83713a6392558da492c2ae136319a58a207d8c (patch) | |
tree | a4cc1ea4a01305d7f2d99d9d53bdb28ccf4ccaef | |
parent | 9957c9cc44cf306e6b0ccf16f831120989a968d4 (diff) | |
parent | 29db264f27140fd954fb6b37c51da411c840610a (diff) | |
download | redfin-sepolicy-aml_net_341610030.tar.gz |
Snap for 10447354 from 29db264f27140fd954fb6b37c51da411c840610a to mainline-networking-releaseaml_net_341710020aml_net_341610030aml_net_341510050aml_net_341510000aml_net_341411030aml_net_341311010aml_net_341310020aml_net_341014000aml_net_340913000android14-mainline-networking-release
Change-Id: I7b5ada453899ecc69faff05d51aa9cf0b40555f9
-rw-r--r-- | tracking_denials/bug_map | 9 | ||||
-rw-r--r-- | tracking_denials/dumpstate.te | 2 | ||||
-rw-r--r-- | tracking_denials/shell.te | 10 | ||||
-rw-r--r-- | vendor/google/genfs_contexts | 1 | ||||
-rw-r--r-- | vendor/google/hal_health_default.te | 2 | ||||
-rw-r--r-- | vendor/google/pixelstats_vendor.te | 6 | ||||
-rw-r--r-- | vendor/google/shell.te | 2 | ||||
-rw-r--r-- | wireless_charger/file_contexts | 1 | ||||
-rw-r--r-- | wireless_charger/hal_dumpstate_default.te | 3 | ||||
-rw-r--r-- | wireless_charger/hal_googlebattery.te | 2 | ||||
-rw-r--r-- | wireless_charger/hal_health_default.te | 1 | ||||
-rw-r--r-- | wireless_charger/hal_sensors_default.te | 1 | ||||
-rw-r--r-- | wireless_charger/hal_wireless_charger.te | 20 | ||||
-rw-r--r-- | wireless_charger/pixelstats_vendor.te | 3 | ||||
-rw-r--r-- | wireless_charger/service_contexts | 1 |
15 files changed, 61 insertions, 3 deletions
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map new file mode 100644 index 0000000..7537c74 --- /dev/null +++ b/tracking_denials/bug_map @@ -0,0 +1,9 @@ +adbd sysfs_msm_subsys dir b/269369858 +derive_sdk system_app dir b/269044764 +dumpstate hal_input_processor_default process b/238263647 +dumpstate incident process b/238263647 +dumpstate system_data_file dir b/264600011 +hal_camera_default graphics_config_prop file b/268147541 +hal_drm_widevine default_prop file b/238263747 +shell build_attestation_prop file b/269370035 +system_server vendor_incremental_module file b/264483807 diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te new file mode 100644 index 0000000..87e51ff --- /dev/null +++ b/tracking_denials/dumpstate.te @@ -0,0 +1,2 @@ +# b/277155912 +dontaudit dumpstate default_android_service:service_manager { find }; diff --git a/tracking_denials/shell.te b/tracking_denials/shell.te new file mode 100644 index 0000000..8bbbda7 --- /dev/null +++ b/tracking_denials/shell.te @@ -0,0 +1,10 @@ +# b/269370035 +dontaudit shell incident_service:service_manager { find }; +dontaudit shell installd_service:service_manager { find }; +dontaudit shell mdns_service:service_manager { find }; +dontaudit shell netd_service:service_manager { find }; +dontaudit shell system_suspend_control_service:service_manager { find }; +dontaudit shell system_suspend_control_internal_service:service_manager { find }; +dontaudit shell vold_service:service_manager { find }; +dontaudit shell dnsresolver_service:service_manager { find }; +dontaudit shell gatekeeper_service:service_manager { find }; diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts new file mode 100644 index 0000000..9c3ee01 --- /dev/null +++ b/vendor/google/genfs_contexts @@ -0,0 +1 @@ +genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-1/1-003b u:object_r:sysfs_wlc:s0 diff --git a/vendor/google/hal_health_default.te b/vendor/google/hal_health_default.te new file mode 100644 index 0000000..1bf05c1 --- /dev/null +++ b/vendor/google/hal_health_default.te @@ -0,0 +1,2 @@ +r_dir_file(hal_health_default, sysfs_wlc) +allow hal_health_default sysfs_wlc:dir r_dir_perms; diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te index df2b668..0b0e6ed 100644 --- a/vendor/google/pixelstats_vendor.te +++ b/vendor/google/pixelstats_vendor.te @@ -14,9 +14,9 @@ allow pixelstats_vendor fwk_stats_service:service_manager find; allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms; -# wlc -allow pixelstats_vendor sysfs_wlc:dir search; - # OrientationCollector +# HIDL sensorservice allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find; +# AIDL sensorservice +allow pixelstats_vendor fwk_sensor_service:service_manager find; binder_call(pixelstats_vendor, system_server) diff --git a/vendor/google/shell.te b/vendor/google/shell.te new file mode 100644 index 0000000..cd4fb18 --- /dev/null +++ b/vendor/google/shell.te @@ -0,0 +1,2 @@ +# wlc +dontaudit shell sysfs_wlc:dir search; diff --git a/wireless_charger/file_contexts b/wireless_charger/file_contexts new file mode 100644 index 0000000..004c7a1 --- /dev/null +++ b/wireless_charger/file_contexts @@ -0,0 +1 @@ +/vendor/bin/hw/vendor\.google\.wireless_charger-default u:object_r:hal_wireless_charger_exec:s0 diff --git a/wireless_charger/hal_dumpstate_default.te b/wireless_charger/hal_dumpstate_default.te new file mode 100644 index 0000000..748345c --- /dev/null +++ b/wireless_charger/hal_dumpstate_default.te @@ -0,0 +1,3 @@ +allow hal_dumpstate_default sysfs_wlc:dir search; +allow hal_dumpstate_default sysfs_wlc:dir r_dir_perms; +allow hal_dumpstate_default sysfs_wlc:file r_file_perms; diff --git a/wireless_charger/hal_googlebattery.te b/wireless_charger/hal_googlebattery.te new file mode 100644 index 0000000..6fda60f --- /dev/null +++ b/wireless_charger/hal_googlebattery.te @@ -0,0 +1,2 @@ +r_dir_file(hal_googlebattery, sysfs_wlc) +allow hal_googlebattery sysfs_wlc:file rw_file_perms; diff --git a/wireless_charger/hal_health_default.te b/wireless_charger/hal_health_default.te new file mode 100644 index 0000000..51ef352 --- /dev/null +++ b/wireless_charger/hal_health_default.te @@ -0,0 +1 @@ +allow hal_health_default sysfs_wlc:dir search; diff --git a/wireless_charger/hal_sensors_default.te b/wireless_charger/hal_sensors_default.te new file mode 100644 index 0000000..ed0efd0 --- /dev/null +++ b/wireless_charger/hal_sensors_default.te @@ -0,0 +1 @@ +allow hal_sensors_default sysfs_wlc:dir r_dir_perms; diff --git a/wireless_charger/hal_wireless_charger.te b/wireless_charger/hal_wireless_charger.te new file mode 100644 index 0000000..75021d7 --- /dev/null +++ b/wireless_charger/hal_wireless_charger.te @@ -0,0 +1,20 @@ + +init_daemon_domain(hal_wireless_charger) + +r_dir_file(hal_wireless_charger, sysfs_batteryinfo) +r_dir_file(hal_wireless_charger, sysfs_wlc) + +allow hal_wireless_charger sysfs_batteryinfo:file rw_file_perms; +allow hal_wireless_charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; +allow hal_wireless_charger sysfs_wlc:file rw_file_perms; + + +binder_call(hal_wireless_charger, servicemanager) +add_service(hal_wireless_charger, hal_wireless_charger_service) + +userdebug_or_eng(` + domain_auto_trans(shell, hal_wireless_charger_exec, hal_wireless_charger) +') + +binder_call(hal_wireless_charger, platform_app) +binder_call(hal_wireless_charger, system_app) diff --git a/wireless_charger/pixelstats_vendor.te b/wireless_charger/pixelstats_vendor.te new file mode 100644 index 0000000..cc2bd92 --- /dev/null +++ b/wireless_charger/pixelstats_vendor.te @@ -0,0 +1,3 @@ +# Wireless charge +allow pixelstats_vendor sysfs_wlc:dir search; +allow pixelstats_vendor sysfs_wlc:file rw_file_perms; diff --git a/wireless_charger/service_contexts b/wireless_charger/service_contexts new file mode 100644 index 0000000..5813e35 --- /dev/null +++ b/wireless_charger/service_contexts @@ -0,0 +1 @@ +vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0 |