diff options
| -rw-r--r-- | OWNERS | 14 | ||||
| -rw-r--r-- | PREUPLOAD.cfg | 3 | ||||
| -rw-r--r-- | redfin-sepolicy.mk | 1 | ||||
| -rw-r--r-- | tracking_denials/hal_power_default.te | 3 | ||||
| -rw-r--r-- | vendor/google/file_contexts | 4 | ||||
| -rw-r--r-- | vendor/google/hal_dumpstate_impl.te | 3 | ||||
| -rw-r--r-- | vendor/google/pixelstats_vendor.te | 22 | ||||
| -rw-r--r-- | vendor/google/system_server.te | 2 |
8 files changed, 38 insertions, 14 deletions
@@ -1,13 +1,3 @@ -adamshih@google.com -alanstokes@google.com -bowgotsai@google.com -jbires@google.com -jeffv@google.com -jgalenson@google.com -jiyong@google.com -nnk@google.com +include platform/system/sepolicy:/OWNERS + rurumihong@google.com -smoreland@google.com -sspatil@google.com -tomcherry@google.com -trong@google.com diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg new file mode 100644 index 0000000..3591c7f --- /dev/null +++ b/PREUPLOAD.cfg @@ -0,0 +1,3 @@ +[Hook Scripts] +aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "." + diff --git a/redfin-sepolicy.mk b/redfin-sepolicy.mk index a52d988..30ba5ce 100644 --- a/redfin-sepolicy.mk +++ b/redfin-sepolicy.mk @@ -1,2 +1,3 @@ # vendors BOARD_SEPOLICY_DIRS += device/google/redfin-sepolicy/vendor/google +BOARD_SEPOLICY_DIRS += device/google/redfin-sepolicy/tracking_denials diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te new file mode 100644 index 0000000..37f09d2 --- /dev/null +++ b/tracking_denials/hal_power_default.te @@ -0,0 +1,3 @@ +# b/178988508 +dontaudit hal_power_default hal_power_default:capability dac_override ; +dontaudit hal_power_default hal_power_default:capability dac_override ; diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts index d53eadc..97263fe 100644 --- a/vendor/google/file_contexts +++ b/vendor/google/file_contexts @@ -1,4 +1,4 @@ # vendor binaries -/vendor/bin/hw/android\.hardware\.usb@1\.2-service\.redfin u:object_r:hal_usb_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.vibrator@1\.3-service\.redfin u:object_r:hal_vibrator_default_exec:s0 +/vendor/bin/hw/android\.hardware\.usb@1\.3-service\.redfin u:object_r:hal_usb_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.vibrator-service\.redfin u:object_r:hal_vibrator_default_exec:s0 /vendor/bin/hw/android\.hardware\.dumpstate@1\.1-service\.redfin u:object_r:hal_dumpstate_impl_exec:s0 diff --git a/vendor/google/hal_dumpstate_impl.te b/vendor/google/hal_dumpstate_impl.te new file mode 100644 index 0000000..83d1673 --- /dev/null +++ b/vendor/google/hal_dumpstate_impl.te @@ -0,0 +1,3 @@ +# Access to WLC firmware info +allow hal_dumpstate_impl sysfs_wlc:dir r_dir_perms; +allow hal_dumpstate_impl sysfs_wlc:file r_file_perms; diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te new file mode 100644 index 0000000..df2b668 --- /dev/null +++ b/vendor/google/pixelstats_vendor.te @@ -0,0 +1,22 @@ +r_dir_file(pixelstats_vendor, sysfs_pixelstats) + +unix_socket_connect(pixelstats_vendor, chre, chre) + +get_prop(pixelstats_vendor, hwservicemanager_prop) +hwbinder_use(pixelstats_vendor) +allow pixelstats_vendor hal_pixelstats_hwservice:hwservice_manager find; + +allow pixelstats_vendor fwk_stats_hwservice:hwservice_manager find; +binder_call(pixelstats_vendor, statsd) + +binder_use(pixelstats_vendor) +allow pixelstats_vendor fwk_stats_service:service_manager find; + +allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms; + +# wlc +allow pixelstats_vendor sysfs_wlc:dir search; + +# OrientationCollector +allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find; +binder_call(pixelstats_vendor, system_server) diff --git a/vendor/google/system_server.te b/vendor/google/system_server.te new file mode 100644 index 0000000..2adcf05 --- /dev/null +++ b/vendor/google/system_server.te @@ -0,0 +1,2 @@ +# pixelstats_vendor/OrientationCollector +binder_call(system_server, pixelstats_vendor) |