diff options
| author | Xin Li <delphij@google.com> | 2023-10-05 15:36:19 -0700 |
|---|---|---|
| committer | Xin Li <delphij@google.com> | 2023-10-05 15:36:19 -0700 |
| commit | 49350366a8351bc38a4fce31fb1ab56f8358ac29 (patch) | |
| tree | a4cc1ea4a01305d7f2d99d9d53bdb28ccf4ccaef | |
| parent | 24593c8ae18a03f82d04008ef8509d51e0035ffc (diff) | |
| parent | 5461a62527cafb08d3ee1104be50fc5ce08ec891 (diff) | |
| download | redfin-sepolicy-49350366a8351bc38a4fce31fb1ab56f8358ac29.tar.gz | |
Merge Android 14
Bug: 298295554
Merged-In: Ic75ad7e3e999a49457f67af13ae85f40201f4cc2
Change-Id: I41cb9e2d4102d93f72acce15f171a96851d391fa
| -rw-r--r-- | tracking_denials/bug_map | 10 | ||||
| -rw-r--r-- | tracking_denials/dumpstate.te | 2 | ||||
| -rw-r--r-- | tracking_denials/shell.te | 10 | ||||
| -rw-r--r-- | vendor/google/genfs_contexts | 1 | ||||
| -rw-r--r-- | vendor/google/hal_health_default.te | 2 | ||||
| -rw-r--r-- | vendor/google/pixelstats_vendor.te | 3 | ||||
| -rw-r--r-- | wireless_charger/file_contexts | 1 | ||||
| -rw-r--r-- | wireless_charger/hal_dumpstate_default.te | 3 | ||||
| -rw-r--r-- | wireless_charger/hal_googlebattery.te | 2 | ||||
| -rw-r--r-- | wireless_charger/hal_health_default.te | 1 | ||||
| -rw-r--r-- | wireless_charger/hal_sensors_default.te | 1 | ||||
| -rw-r--r-- | wireless_charger/hal_wireless_charger.te | 20 | ||||
| -rw-r--r-- | wireless_charger/pixelstats_vendor.te | 3 | ||||
| -rw-r--r-- | wireless_charger/service_contexts | 1 |
14 files changed, 53 insertions, 7 deletions
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 1d5e695..7537c74 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,7 +1,9 @@ +adbd sysfs_msm_subsys dir b/269369858 +derive_sdk system_app dir b/269044764 dumpstate hal_input_processor_default process b/238263647 dumpstate incident process b/238263647 +dumpstate system_data_file dir b/264600011 +hal_camera_default graphics_config_prop file b/268147541 hal_drm_widevine default_prop file b/238263747 -init app_data_file dir b/241172516 -init gsi_data_file file b/241172516 -init privapp_data_file dir b/241172516 -init system_app_data_file dir b/241172516 +shell build_attestation_prop file b/269370035 +system_server vendor_incremental_module file b/264483807 diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te new file mode 100644 index 0000000..87e51ff --- /dev/null +++ b/tracking_denials/dumpstate.te @@ -0,0 +1,2 @@ +# b/277155912 +dontaudit dumpstate default_android_service:service_manager { find }; diff --git a/tracking_denials/shell.te b/tracking_denials/shell.te new file mode 100644 index 0000000..8bbbda7 --- /dev/null +++ b/tracking_denials/shell.te @@ -0,0 +1,10 @@ +# b/269370035 +dontaudit shell incident_service:service_manager { find }; +dontaudit shell installd_service:service_manager { find }; +dontaudit shell mdns_service:service_manager { find }; +dontaudit shell netd_service:service_manager { find }; +dontaudit shell system_suspend_control_service:service_manager { find }; +dontaudit shell system_suspend_control_internal_service:service_manager { find }; +dontaudit shell vold_service:service_manager { find }; +dontaudit shell dnsresolver_service:service_manager { find }; +dontaudit shell gatekeeper_service:service_manager { find }; diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts new file mode 100644 index 0000000..9c3ee01 --- /dev/null +++ b/vendor/google/genfs_contexts @@ -0,0 +1 @@ +genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-1/1-003b u:object_r:sysfs_wlc:s0 diff --git a/vendor/google/hal_health_default.te b/vendor/google/hal_health_default.te new file mode 100644 index 0000000..1bf05c1 --- /dev/null +++ b/vendor/google/hal_health_default.te @@ -0,0 +1,2 @@ +r_dir_file(hal_health_default, sysfs_wlc) +allow hal_health_default sysfs_wlc:dir r_dir_perms; diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te index e13073f..0b0e6ed 100644 --- a/vendor/google/pixelstats_vendor.te +++ b/vendor/google/pixelstats_vendor.te @@ -14,9 +14,6 @@ allow pixelstats_vendor fwk_stats_service:service_manager find; allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms; -# wlc -allow pixelstats_vendor sysfs_wlc:dir search; - # OrientationCollector # HIDL sensorservice allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find; diff --git a/wireless_charger/file_contexts b/wireless_charger/file_contexts new file mode 100644 index 0000000..004c7a1 --- /dev/null +++ b/wireless_charger/file_contexts @@ -0,0 +1 @@ +/vendor/bin/hw/vendor\.google\.wireless_charger-default u:object_r:hal_wireless_charger_exec:s0 diff --git a/wireless_charger/hal_dumpstate_default.te b/wireless_charger/hal_dumpstate_default.te new file mode 100644 index 0000000..748345c --- /dev/null +++ b/wireless_charger/hal_dumpstate_default.te @@ -0,0 +1,3 @@ +allow hal_dumpstate_default sysfs_wlc:dir search; +allow hal_dumpstate_default sysfs_wlc:dir r_dir_perms; +allow hal_dumpstate_default sysfs_wlc:file r_file_perms; diff --git a/wireless_charger/hal_googlebattery.te b/wireless_charger/hal_googlebattery.te new file mode 100644 index 0000000..6fda60f --- /dev/null +++ b/wireless_charger/hal_googlebattery.te @@ -0,0 +1,2 @@ +r_dir_file(hal_googlebattery, sysfs_wlc) +allow hal_googlebattery sysfs_wlc:file rw_file_perms; diff --git a/wireless_charger/hal_health_default.te b/wireless_charger/hal_health_default.te new file mode 100644 index 0000000..51ef352 --- /dev/null +++ b/wireless_charger/hal_health_default.te @@ -0,0 +1 @@ +allow hal_health_default sysfs_wlc:dir search; diff --git a/wireless_charger/hal_sensors_default.te b/wireless_charger/hal_sensors_default.te new file mode 100644 index 0000000..ed0efd0 --- /dev/null +++ b/wireless_charger/hal_sensors_default.te @@ -0,0 +1 @@ +allow hal_sensors_default sysfs_wlc:dir r_dir_perms; diff --git a/wireless_charger/hal_wireless_charger.te b/wireless_charger/hal_wireless_charger.te new file mode 100644 index 0000000..75021d7 --- /dev/null +++ b/wireless_charger/hal_wireless_charger.te @@ -0,0 +1,20 @@ + +init_daemon_domain(hal_wireless_charger) + +r_dir_file(hal_wireless_charger, sysfs_batteryinfo) +r_dir_file(hal_wireless_charger, sysfs_wlc) + +allow hal_wireless_charger sysfs_batteryinfo:file rw_file_perms; +allow hal_wireless_charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; +allow hal_wireless_charger sysfs_wlc:file rw_file_perms; + + +binder_call(hal_wireless_charger, servicemanager) +add_service(hal_wireless_charger, hal_wireless_charger_service) + +userdebug_or_eng(` + domain_auto_trans(shell, hal_wireless_charger_exec, hal_wireless_charger) +') + +binder_call(hal_wireless_charger, platform_app) +binder_call(hal_wireless_charger, system_app) diff --git a/wireless_charger/pixelstats_vendor.te b/wireless_charger/pixelstats_vendor.te new file mode 100644 index 0000000..cc2bd92 --- /dev/null +++ b/wireless_charger/pixelstats_vendor.te @@ -0,0 +1,3 @@ +# Wireless charge +allow pixelstats_vendor sysfs_wlc:dir search; +allow pixelstats_vendor sysfs_wlc:file rw_file_perms; diff --git a/wireless_charger/service_contexts b/wireless_charger/service_contexts new file mode 100644 index 0000000..5813e35 --- /dev/null +++ b/wireless_charger/service_contexts @@ -0,0 +1 @@ +vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0 |