diff options
author | ChihYao Chien <ccchien@google.com> | 2021-05-21 11:13:29 +0800 |
---|---|---|
committer | Alex Hong <rurumihong@google.com> | 2021-05-21 22:06:42 +0800 |
commit | 9e67b6a0bcbcb4b2c6b56f2044743baf4da17160 (patch) | |
tree | 11441a972e108cff28b55487be59efd3f6923d6f | |
parent | 9f0cf4d36578512e8be01f7b6eeb0da866d3bdb1 (diff) | |
download | sunfish-sepolicy-9e67b6a0bcbcb4b2c6b56f2044743baf4da17160.tar.gz |
Sync QCOM sepolicy rules
1. init_qti_chg_policy sysfs_wakeup:dir read
denied { read } for comm="find" name="wakeup8" dev="sysfs" ino=55134
scontext=u:r:init_qti_chg_policy:s0 tcontext=u:object_r:sysfs_wakeup:s0
tclass=dir permissive=0
init_qti_chg_policy sysfs_iio_devices:dir search
denied { search } for comm="cat" name="devices" dev="sysfs" ino=42746
scontext=u:r:init_qti_chg_policy:s0
tcontext=u:object_r:sysfs_iio_devices:s0 tclass=dir permissive=0
2. cnd default_android_hwservice:hwservice_manager find
denied { find } for
interface=vendor.qti.hardware.mwqemadapter::IMwqemAdapter
sid=u:r:cnd:s0 pid=1224 scontext=u:r:cnd:s0
tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager permissive=0
3. rild default_android_hwservice:hwservice_manager find
denied { find } for
interface=vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo
sid=u:r:rild:s0 pid=1424 scontext=u:r:rild:s0
tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager permissive=0
4. sensors sensors_vendor_data_file:dir search
denied { search } for name="sensors" dev="dm-6" ino=262
scontext=u:r:sensors:s0
tcontext=u:object_r:sensors_vendor_data_file:s0 tclass=dir
permissive=0
5. qtelephony default_android_hwservice:hwservice_manager find
denied { find } for
interface=vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo
sid=u:r:qtelephony:s0:c32,c257,c512,c768 pid=4377
scontext=u:r:qtelephony:s0:c32,c257,c512,c768
tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager permissive=0
6. hvdcp
denied { write } for name="kmsg" dev="tmpfs" ino=26341 scontext=u:r:hvdcp:s0
tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
Bug: 188064567
Change-Id: Ib5e59796a56d6cb39fa1d482599d93903431ab2a
-rw-r--r-- | vendor/google/genfs_contexts | 2 | ||||
-rw-r--r-- | vendor/google/init_qti_chg_policy.te | 7 | ||||
-rw-r--r-- | vendor/qcom/common/cnd.te | 1 | ||||
-rw-r--r-- | vendor/qcom/common/hvdcp.te | 2 | ||||
-rw-r--r-- | vendor/qcom/common/hwservice.te | 1 | ||||
-rw-r--r-- | vendor/qcom/common/hwservice_contexts | 2 | ||||
-rw-r--r-- | vendor/qcom/common/seapp_contexts | 1 | ||||
-rw-r--r-- | vendor/qcom/common/sensors.te | 2 |
8 files changed, 17 insertions, 1 deletions
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts index 0670681..f2173b2 100644 --- a/vendor/google/genfs_contexts +++ b/vendor/google/genfs_contexts @@ -52,6 +52,8 @@ genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0010/iio:device2 u:object_r:sysfs_power_stats:s0 # Not used by PowerStatsHal +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:vadc@3100/iio:device0 +u:object_r:sysfs_power_stats_ignore:s0 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm6150l@4:vadc@3100/iio:device1 u:object_r:sysfs_power_stats_ignore:s0 diff --git a/vendor/google/init_qti_chg_policy.te b/vendor/google/init_qti_chg_policy.te index 44815ce..924d3d1 100644 --- a/vendor/google/init_qti_chg_policy.te +++ b/vendor/google/init_qti_chg_policy.te @@ -7,5 +7,12 @@ allow init_qti_chg_policy vendor_toolbox_exec:file rx_file_perms; allow init_qti_chg_policy sysfs_batteryinfo:file create_file_perms; allow init_qti_chg_policy sysfs_batteryinfo:dir r_dir_perms; allow init_qti_chg_policy sysfs_contaminant:file create_file_perms; +allow init_qti_chg_policy sysfs_wakeup:dir r_dir_perms; +allow init_qti_chg_policy sysfs_wakeup:file getattr; +allow init_qti_chg_policy sysfs_iio_devices:dir search; +allow init_qti_chg_policy sysfs_power_stats_ignore:dir search; +allow init_qti_chg_policy sysfs_power_stats_ignore:file r_file_perms; +allow init_qti_chg_policy sysfs_power_stats:dir search; +allow init_qti_chg_policy sysfs_power_stats:file r_file_perms; set_prop(init_qti_chg_policy, vendor_hvdcp_opti_prop) diff --git a/vendor/qcom/common/cnd.te b/vendor/qcom/common/cnd.te index 473de1b..30acc21 100644 --- a/vendor/qcom/common/cnd.te +++ b/vendor/qcom/common/cnd.te @@ -20,6 +20,7 @@ allow cnd cnd_data_file:dir rw_dir_perms; wakelock_use(cnd) # To register cnd to hwbinder add_hwservice(cnd, hal_datafactory_hwservice) +add_hwservice(cnd, hal_mwqemadapter_hwservice) userdebug_or_eng(` allow cnd diag_device:chr_file rw_file_perms; ') diff --git a/vendor/qcom/common/hvdcp.te b/vendor/qcom/common/hvdcp.te index 7cdae50..9c1b7eb 100644 --- a/vendor/qcom/common/hvdcp.te +++ b/vendor/qcom/common/hvdcp.te @@ -7,7 +7,7 @@ allow hvdcp sysfs_batteryinfo:dir r_dir_perms; allow hvdcp qg_device:chr_file rw_file_perms; allow hvdcp self:capability2 wake_alarm; allow hvdcp self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; -allow hvdcp kmsg_device:chr_file r_file_perms; +allow hvdcp kmsg_device:chr_file rw_file_perms; allow hvdcp mnt_vendor_file:dir r_dir_perms; allow hvdcp persist_file:dir search; allow hvdcp persist_hvdcp_file:dir search; diff --git a/vendor/qcom/common/hwservice.te b/vendor/qcom/common/hwservice.te index 11c8147..5f091a5 100644 --- a/vendor/qcom/common/hwservice.te +++ b/vendor/qcom/common/hwservice.te @@ -21,3 +21,4 @@ type hal_dataconnection_hwservice, hwservice_manager_type, vendor_hwservice_type type hal_cacert_hwservice, hwservice_manager_type, vendor_hwservice_type; type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type, vendor_hwservice_type; type hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice, vendor_hwservice_type; +type hal_mwqemadapter_hwservice, hwservice_manager_type, protected_hwservice; diff --git a/vendor/qcom/common/hwservice_contexts b/vendor/qcom/common/hwservice_contexts index 75e64a1..f275324 100644 --- a/vendor/qcom/common/hwservice_contexts +++ b/vendor/qcom/common/hwservice_contexts @@ -15,6 +15,7 @@ vendor.qti.hardware.qdutils_disp::IQdutilsDisp u:object vendor.qti.hardware.qteeconnector::IAppConnector u:object_r:hal_qteeconnector_hwservice:s0 vendor.qti.hardware.qteeconnector::IGPAppConnector u:object_r:hal_qteeconnector_hwservice:s0 vendor.qti.hardware.radio.am::IQcRilAudio u:object_r:hal_telephony_hwservice:s0 +vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.lpa::IUimLpa u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.qcrilhook::IQtiOemHook u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.qtiradio::IQtiRadio u:object_r:hal_telephony_hwservice:s0 @@ -35,3 +36,4 @@ vendor.qti.hardware.capabilityconfigstore::ICapabilityConfigStore u:object vendor.qti.hardware.display.allocator::IQtiAllocator u:object_r:hal_graphics_allocator_hwservice:s0 vendor.qti.ims.callinfo::IService u:object_r:hal_imscallinfo_hwservice:s0 vendor.qti.hardware.qseecom::IQSEECom u:object_r:hal_qseecom_hwservice:s0 +vendor.qti.hardware.mwqemadapter::IMwqemAdapter u:object_r:hal_mwqemadapter_hwservice:s0 diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts index 51fdd3d..6b2ff84 100644 --- a/vendor/qcom/common/seapp_contexts +++ b/vendor/qcom/common/seapp_contexts @@ -32,3 +32,4 @@ user=_app seinfo=platform name=com.qualcomm.qti.devicestatisticsservice domain=q # QtiTelephonyService app user=_app seinfo=platform name=com.qualcomm.qti.telephonyservice domain=qtelephony type=app_data_file levelFrom=all + diff --git a/vendor/qcom/common/sensors.te b/vendor/qcom/common/sensors.te index 95737d0..a423192 100644 --- a/vendor/qcom/common/sensors.te +++ b/vendor/qcom/common/sensors.te @@ -12,5 +12,7 @@ allow sensors self:qipcrtr_socket create; allow sensors sensors_persist_file:dir rw_dir_perms; r_dir_file(sensors, sysfs_msm_subsys) allow sensors sysfs_ssr:file r_file_perms; +allow sensors sensors_vendor_data_file:dir rw_dir_perms; +allow sensors sensors_vendor_data_file:file create_file_perms; dontaudit sensors sysfs_esoc:dir r_dir_perms; |