diff options
| author | Adam Shih <adamshih@google.com> | 2021-07-05 09:50:03 +0800 |
|---|---|---|
| committer | Adam Shih <adamshih@google.com> | 2021-07-13 08:29:57 +0800 |
| commit | 375055f0abc5963af2cc581ee0fbd3eb155f8c51 (patch) | |
| tree | 5f6f8104f541f30070828832b991ad359461c63a /vendor | |
| parent | c8e6b9e74b9280d6a3bdec49637101200dce6b60 (diff) | |
| download | sunfish-sepolicy-375055f0abc5963af2cc581ee0fbd3eb155f8c51.tar.gz | |
sync codebase
Bug: 162370942
Test: build pass
Change-Id: Ib6042e79d74dedae3b07c91769958f58e439f62b
Merged-In: I4c2275e155bd71793d554e5d44d7833d4c4ab9da
Diffstat (limited to 'vendor')
41 files changed, 185 insertions, 110 deletions
diff --git a/vendor/google/bug_map b/vendor/google/bug_map index 660ff62..ed89df6 100644 --- a/vendor/google/bug_map +++ b/vendor/google/bug_map @@ -1,6 +1,12 @@ +cnd wifi_hal_prop file b/162700455 +google_camera_app selinuxfs file b/175910397 hal_health_default unlabeled file b/156200409 +hal_neuralnetworks_default default_prop file b/159570217 +hal_vibrator_default default_prop file b/162700134 +init_qti_chg_policy sysfs_charge file b/162702119 +pixelstats_vendor sysfs file b/161875858 +platform_app default_android_hwservice hwservice_manager b/156059972 shell debugfs file b/175106535 shell device_config_runtime_native_boot_prop file b/175106535 shell sysfs file b/175106535 -tee tee capability2 156045688 -platform_app default_android_hwservice hwservice_manager 156059972 +tee tee capability2 b/156045688 diff --git a/vendor/google/file.te b/vendor/google/file.te index 8ac5b01..1e3a2de 100644 --- a/vendor/google/file.te +++ b/vendor/google/file.te @@ -9,11 +9,9 @@ type debugfs_batteryinfo, debugfs_type, fs_type; type sysfs_chargelevel, sysfs_type, fs_type; type sysfs_display, sysfs_type, fs_type; type sysfs_touch, sysfs_type, fs_type; -type sysfs_power_stats, sysfs_type, fs_type; type sysfs_power_stats_ignore, sysfs_type, fs_type; type sysfs_poweroff, sysfs_type, fs_type; type sysfs_msm_boardid, fs_type, sysfs_type; -type sysfs_iio_devices, fs_type, sysfs_type; type sysfs_pixelstats, fs_type, sysfs_type; type sysfs_wlc, sysfs_type, fs_type; type sysfs_pstore, sysfs_type, fs_type; @@ -47,5 +45,6 @@ type debugfs_ipa_data_stall_detection, debugfs_type, fs_type; # Incremental file system driver type vendor_incremental_module, vendor_file_type, file_type; -# RamdumpFS -allow ramdump_vendor_mnt_file self:filesystem associate; +# Firmware mount +type firmware_file, file_type, contextmount_type, vendor_file_type; +allow firmware_file self:filesystem associate; diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts index 5b0a6b0..45193da 100644 --- a/vendor/google/file_contexts +++ b/vendor/google/file_contexts @@ -16,14 +16,13 @@ /dev/battery_history u:object_r:battery_history_device:s0 # vendor binaries -/vendor/bin/hw/android\.hardware\.atrace@1\.0-service.pixel u:object_r:hal_atrace_default_exec:s0 -/vendor/bin/hw/android\.hardware\.camera\.provider@2\.6-service-google u:object_r:hal_camera_default_exec:s0 -/vendor/bin/hw/android\.hardware\.contexthub@1\.1-service\.generic u:object_r:hal_contexthub_default_exec:s0 +/vendor/bin/hw/android\.hardware\.camera\.provider@2\.7-service-google u:object_r:hal_camera_default_exec:s0 +/vendor/bin/hw/android\.hardware\.contexthub@1\.2-service\.generic u:object_r:hal_contexthub_default_exec:s0 /vendor/bin/hw/android\.hardware\.dumpstate@1\.1-service\.sunfish u:object_r:hal_dumpstate_impl_exec:s0 /vendor/bin/hw/android\.hardware\.neuralnetworks@1\.0-service-paintbox u:object_r:hal_neuralnetworks_paintbox_exec:s0 /vendor/bin/hw/android\.hardware\.neuralnetworks@1\.2-service-noronha u:object_r:hal_neuralnetworks_darwinn_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats@1\.0-service\.pixel u:object_r:hal_power_stats_default_exec:s0 -/vendor/bin/hw/android\.hardware\.usb@1\.2-service\.sunfish u:object_r:hal_usb_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.usb@1\.3-service\.sunfish u:object_r:hal_usb_impl_exec:s0 /vendor/bin/hw/android\.hardware\.vibrator@1\.3-service\.sunfish u:object_r:hal_vibrator_default_exec:s0 /vendor/bin/hw/hardware\.google\.light@1\.1-service u:object_r:hal_light_default_exec:s0 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0 @@ -31,8 +30,8 @@ /vendor/bin/init\.ramoops\.sh u:object_r:ramoops_exec:s0 /vendor/bin/modem_svc u:object_r:modem_svc_exec:s0 /vendor/bin/ramoops u:object_r:ramoops_exec:s0 -/vendor/bin/ramdump u:object_r:ramdump_exec:s0 /vendor/bin/init\.radio\.sh u:object_r:init_radio_exec:s0 +/vendor/bin/init\.insmod\.sh u:object_r:init-insmod-sh_exec:s0 /vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor u:object_r:hal_wifi_ext_exec:s0 /vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor-lazy u:object_r:hal_wifi_ext_exec:s0 /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 @@ -44,6 +43,9 @@ /vendor/bin/init\.qti\.chg_policy\.sh u:object_r:init_qti_chg_policy_exec:s0 /vendor/bin/hw/android\.hardware\.graphics\.composer@2\.4-service-sm8150 u:object_r:hal_graphics_composer_default_exec:s0 +# Vendor firmware +/vendor/firmware_mnt(/.*)? u:object_r:firmware_file:s0 + /mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 /mnt/vendor/persist/haptics(/.*)? u:object_r:persist_haptics_file:s0 @@ -61,5 +63,57 @@ # dev socket node /dev/socket/diag_router u:object_r:diag_socket:s0 -#vendor_kernel_modules -/vendor/lib/modules/.*\.ko u:object_r:vendor_kernel_modules:s0 +# vendor_kernel_modules +/vendor/lib/modules/adsp_loader_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/apr_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/atomic64_test\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/bolero_cdc_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/br_netfilter\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/gspca_main\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/hdmi_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/lcd\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/lkdtm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/llcc_perfmon\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/machine_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/mbhc_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/mmc_test\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/mpq-adapter\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/mpq-dmx-hw-plugin\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/msm_11ad_proxy\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/msm-geni-ir\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/native_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/pinctrl_lpi_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/pinctrl_wcd_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/platform_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/q6_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/q6_notifier_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/q6_pdr_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/rdbg\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/rx_macro_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/snd_event_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/stub_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/swr_ctrl_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/swr_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/test_user_copy\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/torture\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/tx_macro_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/usf_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/va_macro_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/wcd934x_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/wcd937x_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/wcd937x_slave_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/wcd9xxx_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/wcd_core_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/wcd_spi_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/wglink_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/wil6210\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/wlan\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/wsa881x_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/wsa_macro_dlkm\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/heatmap\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/ftm5\.ko u:object_r:vendor_kernel_modules:s0 +/vendor/lib/modules/drv2624\.ko u:object_r:vendor_kernel_modules:s0 + +# Vendor libs that are exposed to apps (those listed in /vendor/etc/public.libraries.txt +# and their dependencies) +/vendor/lib(64)?/vendor\.qti\.hardware\.dsp@1\.0\.so u:object_r:same_process_hal_file:s0 diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts index 399b01c..f2173b2 100644 --- a/vendor/google/genfs_contexts +++ b/vendor/google/genfs_contexts @@ -14,7 +14,6 @@ genfscon sysfs /devices/platform/soc/1d84000.ufshc/device_descriptor u:o genfscon proc /sys/vm/swappiness u:object_r:proc_swappiness:s0 genfscon proc /fs/f2fs u:object_r:proc_f2fs:s0 genfscon proc /irq u:object_r:proc_irq:s0 -genfscon sysfs /bus/iio/devices u:object_r:sysfs_iio_devices:s0 # Touch genfscon sysfs /devices/platform/soc/a84000.i2c/i2c-1/1-0049 u:object_r:sysfs_touch:s0 @@ -53,6 +52,8 @@ genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0010/iio:device2 u:object_r:sysfs_power_stats:s0 # Not used by PowerStatsHal +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:vadc@3100/iio:device0 +u:object_r:sysfs_power_stats_ignore:s0 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm6150l@4:vadc@3100/iio:device1 u:object_r:sysfs_power_stats_ignore:s0 diff --git a/vendor/google/google_camera_app.te b/vendor/google/google_camera_app.te index b04fc93..b275f42 100644 --- a/vendor/google/google_camera_app.te +++ b/vendor/google/google_camera_app.te @@ -29,7 +29,6 @@ allow google_camera_app app_api_service:service_manager find; allow google_camera_app audioserver_service:service_manager find; allow google_camera_app cameraserver_service:service_manager find; allow google_camera_app drmserver_service:service_manager find; -allow google_camera_app gpu_service:service_manager find; allow google_camera_app mediaserver_service:service_manager find; allow google_camera_app mediaextractor_service:service_manager find; allow google_camera_app mediametrics_service:service_manager find; @@ -37,9 +36,6 @@ allow google_camera_app mediadrmserver_service:service_manager find; allow google_camera_app nfc_service:service_manager find; allow google_camera_app radio_service:service_manager find; -# Allow untrusted apps to interact with gpuservice -binder_call(google_camera_app, gpuservice) - # gdbserver for ndk-gdb ptrace attaches to app process. allow google_camera_app self:process ptrace; diff --git a/vendor/google/hal_camera_default.te b/vendor/google/hal_camera_default.te index 01c21bf..104b9fe 100644 --- a/vendor/google/hal_camera_default.te +++ b/vendor/google/hal_camera_default.te @@ -9,7 +9,7 @@ binder_call(hal_camera_default, sensor_service_server) binder_call(sensor_service_server, hal_camera_default) # For camera hal to talk with gralloc -#hal_client_domain(hal_camera_default, hal_graphics_allocator) +hal_client_domain(hal_camera_default, hal_graphics_allocator) hal_client_domain(hal_camera_default, hal_graphics_composer) #For camera hal to talk with ECOService. diff --git a/vendor/google/hal_health_default.te b/vendor/google/hal_health_default.te index d320e81..4adbaa1 100644 --- a/vendor/google/hal_health_default.te +++ b/vendor/google/hal_health_default.te @@ -4,7 +4,6 @@ r_dir_file(hal_health_default, sysfs_scsi_devices_0000) set_prop(hal_health_default, vendor_shutdown_prop) set_prop(hal_health_default, vendor_battery_defender_prop) -allow hal_health_default fwk_stats_hwservice:hwservice_manager find; allow hal_health_default fwk_stats_service:service_manager find; binder_use(hal_health_default) diff --git a/vendor/google/hal_identity_citadel.te b/vendor/google/hal_identity_citadel.te deleted file mode 100644 index e29310c..0000000 --- a/vendor/google/hal_identity_citadel.te +++ /dev/null @@ -1,9 +0,0 @@ -type hal_identity_citadel, domain; -type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type; - -vndbinder_use(hal_identity_citadel) -binder_call(hal_identity_citadel, citadeld) -allow hal_identity_citadel citadeld_service:service_manager find; - -hal_server_domain(hal_identity_citadel, hal_identity) -init_daemon_domain(hal_identity_citadel) diff --git a/vendor/google/hal_sensors_default.te b/vendor/google/hal_sensors_default.te index 5adebba..2f746ce 100644 --- a/vendor/google/hal_sensors_default.te +++ b/vendor/google/hal_sensors_default.te @@ -13,7 +13,6 @@ allow hal_sensors_default sysfs_leds:dir search; allow hal_sensors_default sysfs_leds:file r_file_perms; # For Suez metrics collection -allow hal_sensors_default fwk_stats_hwservice:hwservice_manager find; binder_call(hal_sensors_default, system_server); allow hal_sensors_default fwk_stats_service:service_manager find; binder_use(hal_sensors_default) diff --git a/vendor/google/hwservice.te b/vendor/google/hwservice.te index a8eb5f5..b8e9a67 100644 --- a/vendor/google/hwservice.te +++ b/vendor/google/hwservice.te @@ -3,4 +3,5 @@ type hal_darwinn_hwservice, hwservice_manager_type, vendor_hwservice_type; type hal_radioext_hwservice, hwservice_manager_type, vendor_hwservice_type; type hal_wifi_ext_hwservice, hwservice_manager_type, vendor_hwservice_type; type hal_wlc_hwservice, hwservice_manager_type, vendor_hwservice_type; +type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type; type hal_audiometricext_hwservice, hwservice_manager_type; diff --git a/vendor/google/hwservice_contexts b/vendor/google/hwservice_contexts index f7a6593..15c0e7f 100644 --- a/vendor/google/hwservice_contexts +++ b/vendor/google/hwservice_contexts @@ -1,7 +1,9 @@ -hardware.google.pixelstats::IPixelStats u:object_r:hal_pixelstats_hwservice:s0 -hardware.google.light::ILight u:object_r:hal_light_hwservice:s0 -vendor.google.darwinn.service::IDarwinnService u:object_r:hal_darwinn_hwservice:s0 -vendor.google.radioext::IRadioExt u:object_r:hal_radioext_hwservice:s0 -vendor.google.wifi_ext::IWifiExt u:object_r:hal_wifi_ext_hwservice:s0 -vendor.google.wireless_charger::IWirelessCharger u:object_r:hal_wlc_hwservice:s0 -vendor.google.audiometricext::IAudioMetricExt u:object_r:hal_audiometricext_hwservice:s0 +hardware.google.pixelstats::IPixelStats u:object_r:hal_pixelstats_hwservice:s0 +hardware.google.light::ILight u:object_r:hal_light_hwservice:s0 +hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance u:object_r:hal_bluetooth_coexistence_hwservice:s0 +hardware.google.bluetooth.sar::IBluetoothSar u:object_r:hal_bluetooth_coexistence_hwservice:s0 +vendor.google.darwinn.service::IDarwinnService u:object_r:hal_darwinn_hwservice:s0 +vendor.google.radioext::IRadioExt u:object_r:hal_radioext_hwservice:s0 +vendor.google.wifi_ext::IWifiExt u:object_r:hal_wifi_ext_hwservice:s0 +vendor.google.wireless_charger::IWirelessCharger u:object_r:hal_wlc_hwservice:s0 +vendor.google.audiometricext::IAudioMetricExt u:object_r:hal_audiometricext_hwservice:s0 diff --git a/vendor/google/init-insmod-sh.te b/vendor/google/init-insmod-sh.te index 851ad3f..5f0f6dd 100644 --- a/vendor/google/init-insmod-sh.te +++ b/vendor/google/init-insmod-sh.te @@ -1,4 +1,12 @@ # Allow insmod +type init-insmod-sh, domain; +type init-insmod-sh_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(init-insmod-sh) + +allow init-insmod-sh self:capability sys_module; +allow init-insmod-sh vendor_kernel_modules:system module_load; +allow init-insmod-sh vendor_toolbox_exec:file execute_no_trans; allow init-insmod-sh sysfs_msm_boot:file w_file_perms; userdebug_or_eng(` @@ -6,7 +14,9 @@ userdebug_or_eng(` allow init-insmod-sh debugfs_wlan:dir search; ') +set_prop(init-insmod-sh, vendor_device_prop) + dontaudit init-insmod-sh debugfs_ipc:dir search; dontaudit init-insmod-sh debugfs_wlan:dir search; dontaudit init-insmod-sh self:capability sys_admin; -dontaudit init-insmod-sh proc_cmdline:file read; +dontaudit init-insmod-sh proc_cmdline:file r_file_perms; diff --git a/vendor/google/init.te b/vendor/google/init.te index 5ed0eb9..cd16f4e 100644 --- a/vendor/google/init.te +++ b/vendor/google/init.te @@ -1,3 +1,7 @@ +# Allow init to mount firmware +allow init firmware_file:dir mounton; +allow init firmware_file:filesystem { getattr mount relabelfrom }; + allow init boot_block_device:lnk_file relabelto; allow init custom_ab_block_device:lnk_file relabelto; @@ -8,3 +12,6 @@ recovery_only(` allow init sysfs_thermal:file rw_file_perms; allow init sysfs_poweroff:file w_file_perms; ') + +allow init per_boot_file:file ioctl; +allowxperm init per_boot_file:file ioctl { F2FS_IOC_SET_PIN_FILE }; diff --git a/vendor/google/init_qti_chg_policy.te b/vendor/google/init_qti_chg_policy.te index 44815ce..924d3d1 100644 --- a/vendor/google/init_qti_chg_policy.te +++ b/vendor/google/init_qti_chg_policy.te @@ -7,5 +7,12 @@ allow init_qti_chg_policy vendor_toolbox_exec:file rx_file_perms; allow init_qti_chg_policy sysfs_batteryinfo:file create_file_perms; allow init_qti_chg_policy sysfs_batteryinfo:dir r_dir_perms; allow init_qti_chg_policy sysfs_contaminant:file create_file_perms; +allow init_qti_chg_policy sysfs_wakeup:dir r_dir_perms; +allow init_qti_chg_policy sysfs_wakeup:file getattr; +allow init_qti_chg_policy sysfs_iio_devices:dir search; +allow init_qti_chg_policy sysfs_power_stats_ignore:dir search; +allow init_qti_chg_policy sysfs_power_stats_ignore:file r_file_perms; +allow init_qti_chg_policy sysfs_power_stats:dir search; +allow init_qti_chg_policy sysfs_power_stats:file r_file_perms; set_prop(init_qti_chg_policy, vendor_hvdcp_opti_prop) diff --git a/vendor/google/logger_app.te b/vendor/google/logger_app.te index 18be9d3..41e705b 100644 --- a/vendor/google/logger_app.te +++ b/vendor/google/logger_app.te @@ -19,4 +19,5 @@ userdebug_or_eng(` set_prop(logger_app, vendor_tcpdump_log_prop) set_prop(logger_app, vendor_wifi_sniffer_prop) set_prop(logger_app, vendor_usb_prop) + set_prop(logger_app, vendor_logging_prop) ') diff --git a/vendor/google/modem_diagnostics.te b/vendor/google/modem_diagnostics.te index 94eae79..6783d1e 100644 --- a/vendor/google/modem_diagnostics.te +++ b/vendor/google/modem_diagnostics.te @@ -9,6 +9,7 @@ userdebug_or_eng(` allow modem_diagnostic_app surfaceflinger_service:service_manager find; allow modem_diagnostic_app radio_service:service_manager find; allow modem_diagnostic_app diag_device:chr_file rw_file_perms; + allow modem_diagnostic_app sysfs_esim:file r_file_perms; allow modem_diagnostic_app ssr_log_file:dir r_dir_perms; allow modem_diagnostic_app ssr_log_file:file r_file_perms; diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te index 7498cfc..e6c178d 100644 --- a/vendor/google/pixelstats_vendor.te +++ b/vendor/google/pixelstats_vendor.te @@ -11,9 +11,6 @@ hwbinder_use(pixelstats_vendor) allow pixelstats_vendor hal_pixelstats_hwservice:hwservice_manager find; binder_call(pixelstats_vendor, pixelstats_system) -allow pixelstats_vendor fwk_stats_hwservice:hwservice_manager find; -binder_call(pixelstats_vendor, stats_service_server) - binder_use(pixelstats_vendor) allow pixelstats_vendor fwk_stats_service:service_manager find; diff --git a/vendor/google/powerstatsservice.te b/vendor/google/powerstatsservice.te deleted file mode 100644 index af8e78b..0000000 --- a/vendor/google/powerstatsservice.te +++ /dev/null @@ -1,10 +0,0 @@ -# PowerStatsService app -type powerstatsservice_app, domain, coredomain; - -userdebug_or_eng(` - app_domain(powerstatsservice_app) - binder_call(powerstatsservice_app, incidentd) - allow powerstatsservice_app activity_service:service_manager find; - allow powerstatsservice_app incident_service:service_manager find; - hal_client_domain(powerstatsservice_app, hal_power_stats); -') diff --git a/vendor/google/property.te b/vendor/google/property.te index 0940b1e..4687980 100644 --- a/vendor/google/property.te +++ b/vendor/google/property.te @@ -8,6 +8,7 @@ vendor_internal_prop(vendor_ramoops_prop) vendor_internal_prop(vendor_shutdown_prop) vendor_internal_prop(vendor_tcpdump_log_prop) vendor_internal_prop(vendor_vibrator_prop) +vendor_internal_prop(vendor_device_prop) # vendor verbose logging property vendor_internal_prop(vendor_logging_prop) diff --git a/vendor/google/property_contexts b/vendor/google/property_contexts index af2ee75..6fb2cd3 100644 --- a/vendor/google/property_contexts +++ b/vendor/google/property_contexts @@ -20,6 +20,9 @@ vendor.display.primary_blue u:object_r:vendor_display_prop:s vendor.display.primary_white u:object_r:vendor_display_prop:s0 vendor.display.native_display_primaries_ready u:object_r:vendor_display_prop:s0 +vendor.all.modules.ready u:object_r:vendor_device_prop:s0 +vendor.all.devices.ready u:object_r:vendor_device_prop:s0 + # battery vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0 diff --git a/vendor/google/ramdump.te b/vendor/google/ramdump.te deleted file mode 100644 index 0db625c..0000000 --- a/vendor/google/ramdump.te +++ /dev/null @@ -1,37 +0,0 @@ -type ramdump_exec, exec_type, vendor_file_type, file_type; -type ramdump, domain; - -userdebug_or_eng(` - init_daemon_domain(ramdump) - - set_prop(ramdump, vendor_ramdump_prop) - get_prop(ramdump, public_vendor_default_prop) - - # f2fs set pin file requires sys_admin - allow ramdump self:capability { sys_admin sys_rawio }; - - allow ramdump ramdump_vendor_data_file:dir create_dir_perms; - allow ramdump ramdump_vendor_data_file:file create_file_perms; - allow ramdump proc_cmdline:file r_file_perms; - - allow ramdump block_device:dir search; - allow ramdump misc_block_device:blk_file rw_file_perms; - allow ramdump userdata_block_device:blk_file rw_file_perms; - - dontaudit ramdump metadata_file:dir search; - - r_dir_file(ramdump, sysfs_type) - - # To access statsd. - hwbinder_use(ramdump) - get_prop(ramdump, hwservicemanager_prop) - allow ramdump fwk_stats_hwservice:hwservice_manager find; - binder_call(ramdump, stats_service_server) - - # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump. - allow ramdump fuse:filesystem relabelfrom; - allow ramdump fuse_device:chr_file rw_file_perms; - allow ramdump mnt_vendor_file:dir r_dir_perms; - allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton }; - allow ramdump ramdump_vendor_mnt_file:filesystem { mount unmount relabelfrom relabelto }; -') diff --git a/vendor/google/seapp_contexts b/vendor/google/seapp_contexts index 8326c40..2279b62 100644 --- a/vendor/google/seapp_contexts +++ b/vendor/google/seapp_contexts @@ -14,14 +14,11 @@ user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type= # Domain for Touch app user=_app seinfo=platform name=com.google.touch.touchinspector domain=google_touch_app type=app_data_file levelFrom=user -# Domain for power stats service -user=_app isPrivApp=true seinfo=platform name=com.android.powerstatsservice domain=powerstatsservice_app type=app_data_file levelFrom=all - # Domain for Display user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all # Domain for UvExposureReporter service -user=_app seinfo=platform name=com.google.android.uvexposurereporter domain=uv_exposure_reporter type=app_data_file levelFrom=all +user=_app isPrivApp=true name=com.google.android.uvexposurereporter domain=uv_exposure_reporter type=app_data_file levelFrom=all # Domain for DeviceDropMonitor service user=_app seinfo=platform name=com.google.android.devicedropmonitor domain=device_drop_monitor type=app_data_file levelFrom=all diff --git a/vendor/google/uv_exposure_reporter.te b/vendor/google/uv_exposure_reporter.te index 8aa682a..0d7ec6b 100644 --- a/vendor/google/uv_exposure_reporter.te +++ b/vendor/google/uv_exposure_reporter.te @@ -3,9 +3,7 @@ type uv_exposure_reporter, domain, coredomain; app_domain(uv_exposure_reporter) allow uv_exposure_reporter app_api_service:service_manager find; -allow uv_exposure_reporter fwk_stats_hwservice:hwservice_manager find; allow uv_exposure_reporter sysfs_msm_subsys:dir search; allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms; -binder_call(uv_exposure_reporter, stats_service_server); allow uv_exposure_reporter fwk_stats_service:service_manager find; binder_use(uv_exposure_reporter) diff --git a/vendor/qcom/common/cnd.te b/vendor/qcom/common/cnd.te index 473de1b..30acc21 100644 --- a/vendor/qcom/common/cnd.te +++ b/vendor/qcom/common/cnd.te @@ -20,6 +20,7 @@ allow cnd cnd_data_file:dir rw_dir_perms; wakelock_use(cnd) # To register cnd to hwbinder add_hwservice(cnd, hal_datafactory_hwservice) +add_hwservice(cnd, hal_mwqemadapter_hwservice) userdebug_or_eng(` allow cnd diag_device:chr_file rw_file_perms; ') diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te index 33bb82e..23073eb 100644 --- a/vendor/qcom/common/file.te +++ b/vendor/qcom/common/file.te @@ -131,8 +131,6 @@ type sysfs_sectouch, sysfs_type, fs_type; type vendor_tui_data_file, file_type, data_file_type; type vendor_bt_data_file, file_type, data_file_type; type sysfs_jpeg, fs_type, sysfs_type; -type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject; -type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject; type sysfs_npu, fs_type, sysfs_type; type vendor_ramdump_data_file, file_type, data_file_type; type vendor_mdmhelperdata_data_file, file_type, data_file_type; diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts index 38d8a33..3ed0ebf 100644 --- a/vendor/qcom/common/file_contexts +++ b/vendor/qcom/common/file_contexts @@ -67,6 +67,8 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-strongbox-service-qti u:object_r:hal_keymaster_qti_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.1-service-qti u:object_r:hal_keymaster_qti_exec:s0 +/(vendor|system/vendor)/bin/init\.qti\.keymaster\.sh u:object_r:init-qti-keymaster-sh_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti u:object_r:hal_gatekeeper_qti_exec:s0 /(vendor|system/vendor)/bin/imsrcsd u:object_r:hal_rcsservice_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qteeconnector@1\.0-service u:object_r:hal_qteeconnector_qti_exec:s0 @@ -113,12 +115,6 @@ /mnt/vendor/persist/audio(/.*)? u:object_r:persist_audio_file:s0 ################################### -# ramdumpfs files -# -/mnt/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0 -/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0 - -################################### # adsp files # /(vendor|system/vendor)/dsp(/.*)? u:object_r:adsprpcd_file:s0 @@ -144,6 +140,8 @@ /vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapperextensions@1\.1\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@3\.0-impl-qti-display\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@3\.0\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@4\.0-impl-qti-display\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@4\.0\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libqdMetaData\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libgralloc\.qti\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0 @@ -268,7 +266,6 @@ /data/vendor/modem_fdr(/.*)? u:object_r:modem_fdr_file:s0 /data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0 /data/vendor/nnhal(/.*)? u:object_r:hal_neuralnetworks_data_file:s0 -/data/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_data_file:s0 /data/vendor/ssrdump(/.*)? u:object_r:ramdump_vendor_data_file:s0 /data/vendor/ssrlog(/.*)? u:object_r:ssr_log_file:s0 /data/vendor/camera(/.*)? u:object_r:camera_vendor_data_file:s0 diff --git a/vendor/qcom/common/hal_gnss_qti.te b/vendor/qcom/common/hal_gnss_qti.te index c4481a7..80abd2e 100644 --- a/vendor/qcom/common/hal_gnss_qti.te +++ b/vendor/qcom/common/hal_gnss_qti.te @@ -24,5 +24,7 @@ allow hal_gnss_qti location:unix_dgram_socket sendto; allow hal_gnss_qti self:qipcrtr_socket create_socket_perms_no_ioctl; +allow hal_gnss_qti location_data_file:dir r_dir_perms; + # Allow Gnss HAL to get updates from health hal hal_client_domain(hal_gnss_qti, hal_health) diff --git a/vendor/qcom/common/hal_neuralnetworks.te b/vendor/qcom/common/hal_neuralnetworks.te index 1d20204..6ccdd39 100644 --- a/vendor/qcom/common/hal_neuralnetworks.te +++ b/vendor/qcom/common/hal_neuralnetworks.te @@ -17,3 +17,6 @@ r_dir_file(hal_neuralnetworks_default, sysfs_soc) r_dir_file(hal_neuralnetworks_default, adsprpcd_file) dontaudit hal_neuralnetworks_default vendor_display_prop:file read; + +# b/159570217 suppress warning related to zeroth.debuglog.logmask +dontaudit hal_neuralnetworks_default default_prop:file { open read }; diff --git a/vendor/qcom/common/hvdcp.te b/vendor/qcom/common/hvdcp.te index 7cdae50..9c1b7eb 100644 --- a/vendor/qcom/common/hvdcp.te +++ b/vendor/qcom/common/hvdcp.te @@ -7,7 +7,7 @@ allow hvdcp sysfs_batteryinfo:dir r_dir_perms; allow hvdcp qg_device:chr_file rw_file_perms; allow hvdcp self:capability2 wake_alarm; allow hvdcp self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; -allow hvdcp kmsg_device:chr_file r_file_perms; +allow hvdcp kmsg_device:chr_file rw_file_perms; allow hvdcp mnt_vendor_file:dir r_dir_perms; allow hvdcp persist_file:dir search; allow hvdcp persist_hvdcp_file:dir search; diff --git a/vendor/qcom/common/hwservice.te b/vendor/qcom/common/hwservice.te index 39e009b..5f091a5 100644 --- a/vendor/qcom/common/hwservice.te +++ b/vendor/qcom/common/hwservice.te @@ -18,7 +18,7 @@ type hal_qdutils_disp_hwservice, hwservice_manager_type, vendor_hwservice_type; type hal_sensorscalibrate_qti_hwservice, hwservice_manager_type, vendor_hwservice_type; type vnd_atcmdfwd_hwservice, hwservice_manager_type, vendor_hwservice_type; type hal_dataconnection_hwservice, hwservice_manager_type, vendor_hwservice_type; -type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type; type hal_cacert_hwservice, hwservice_manager_type, vendor_hwservice_type; type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type, vendor_hwservice_type; type hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice, vendor_hwservice_type; +type hal_mwqemadapter_hwservice, hwservice_manager_type, protected_hwservice; diff --git a/vendor/qcom/common/hwservice_contexts b/vendor/qcom/common/hwservice_contexts index 2aecfbc..f275324 100644 --- a/vendor/qcom/common/hwservice_contexts +++ b/vendor/qcom/common/hwservice_contexts @@ -11,12 +11,11 @@ vendor.display.color::IDisplayColor u:object vendor.display.config::IDisplayConfig u:object_r:hal_display_config_hwservice:s0 vendor.display.postproc::IDisplayPostproc u:object_r:hal_display_postproc_hwservice:s0 vendor.qti.hardware.display.mapper::IQtiMapper u:object_r:hal_graphics_mapper_hwservice:s0 -vendor.qti.hardware.bluetooth_sar::IBluetoothSar u:object_r:hal_bluetooth_coexistence_hwservice:s0 -vendor.qti.hardware.bt_channel_avoidance::IBTChannelAvoidance u:object_r:hal_bluetooth_coexistence_hwservice:s0 vendor.qti.hardware.qdutils_disp::IQdutilsDisp u:object_r:hal_qdutils_disp_hwservice:s0 vendor.qti.hardware.qteeconnector::IAppConnector u:object_r:hal_qteeconnector_hwservice:s0 vendor.qti.hardware.qteeconnector::IGPAppConnector u:object_r:hal_qteeconnector_hwservice:s0 vendor.qti.hardware.radio.am::IQcRilAudio u:object_r:hal_telephony_hwservice:s0 +vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.lpa::IUimLpa u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.qcrilhook::IQtiOemHook u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.qtiradio::IQtiRadio u:object_r:hal_telephony_hwservice:s0 @@ -37,3 +36,4 @@ vendor.qti.hardware.capabilityconfigstore::ICapabilityConfigStore u:object vendor.qti.hardware.display.allocator::IQtiAllocator u:object_r:hal_graphics_allocator_hwservice:s0 vendor.qti.ims.callinfo::IService u:object_r:hal_imscallinfo_hwservice:s0 vendor.qti.hardware.qseecom::IQSEECom u:object_r:hal_qseecom_hwservice:s0 +vendor.qti.hardware.mwqemadapter::IMwqemAdapter u:object_r:hal_mwqemadapter_hwservice:s0 diff --git a/vendor/qcom/common/init-qti-keymaster-sh.te b/vendor/qcom/common/init-qti-keymaster-sh.te new file mode 100644 index 0000000..f5a6c31 --- /dev/null +++ b/vendor/qcom/common/init-qti-keymaster-sh.te @@ -0,0 +1,37 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type init-qti-keymaster-sh, domain; +type init-qti-keymaster-sh_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(init-qti-keymaster-sh) + +# Set vendor.keymaster.strongbox.version to 40 or 41 +set_prop(init-qti-keymaster-sh, vendor_km_strongbox_version_prop); + +allow init-qti-keymaster-sh vendor_shell_exec:file rx_file_perms; +allow init-qti-keymaster-sh vendor_toolbox_exec:file rx_file_perms; diff --git a/vendor/qcom/common/mediatranscoding.te b/vendor/qcom/common/mediatranscoding.te new file mode 100644 index 0000000..ab3f09d --- /dev/null +++ b/vendor/qcom/common/mediatranscoding.te @@ -0,0 +1,2 @@ +get_prop(domain, vendor_display_prop) + diff --git a/vendor/qcom/common/netmgrd.te b/vendor/qcom/common/netmgrd.te index 238a61b..4d53e7c 100644 --- a/vendor/qcom/common/netmgrd.te +++ b/vendor/qcom/common/netmgrd.te @@ -69,5 +69,6 @@ allow netmgrd self:netlink_xfrm_socket create_socket_perms_no_ioctl; #Allow set persist.vendor.data.shsusr_load #Allow set persist.vendor.data.perf_ko_load #Allow set persist.vendor.data.qmipriod_load +#Allow set persist.vendor.data.offload_ko_load set_prop(netmgrd, vendor_radio_prop) diff --git a/vendor/qcom/common/property.te b/vendor/qcom/common/property.te index d232ac6..81b3b55 100644 --- a/vendor/qcom/common/property.te +++ b/vendor/qcom/common/property.te @@ -60,5 +60,5 @@ vendor_internal_prop(ctl_vendor_rmt_storage_prop) vendor_internal_prop(vendor_wifi_version) vendor_internal_prop(vendor_cnss_diag_prop) vendor_internal_prop(vendor_modem_diag_prop) -vendor_internal_prop(vendor_ramdump_prop) vendor_restricted_prop(vendor_hvdcp_opti_prop) +vendor_restricted_prop(vendor_km_strongbox_version_prop) diff --git a/vendor/qcom/common/property_contexts b/vendor/qcom/common/property_contexts index 89f0779..eebfb81 100644 --- a/vendor/qcom/common/property_contexts +++ b/vendor/qcom/common/property_contexts @@ -39,7 +39,6 @@ persist.vendor.bt.soc.scram_freqs u:object_r:vendor_bluetooth_prop ro.vendor.audio.sdk.fluencetype u:object_r:vendor_audio_prop:s0 ro.vendor.ril. u:object_r:vendor_radio_prop:s0 -ro.boot.ramdump u:object_r:vendor_ramdump_prop:s0 # vendor display prop vendor.gralloc.disable_ahardware_buffer u:object_r:vendor_display_prop:s0 @@ -51,7 +50,6 @@ vendor.debug.prerotation.disable u:object_r:vendor_display_prop:s vendor.debug.egl.swapinterval u:object_r:vendor_display_prop:s0 ro.vendor.graphics.memory u:object_r:vendor_display_prop:s0 -vendor.debug.ramdump. u:object_r:vendor_ramdump_prop:s0 vendor.ims. u:object_r:qcom_ims_prop:s0 vendor.peripheral. u:object_r:vendor_per_mgr_state_prop:s0 vendor.sys.listeners.registered u:object_r:vendor_tee_listener_prop:s0 @@ -87,3 +85,7 @@ persist.vendor.data.shs_ko_load u:object_r:vendor_radio_prop:s0 persist.vendor.data.shsusr_load u:object_r:vendor_radio_prop:s0 persist.vendor.data.perf_ko_load u:object_r:vendor_radio_prop:s0 persist.vendor.data.qmipriod_load u:object_r:vendor_radio_prop:s0 +persist.vendor.data.offload_ko_load u:object_r:vendor_radio_prop:s0 + +#keymaster strongbox service +vendor.keymaster.strongbox.version u:object_r:vendor_km_strongbox_version_prop:s0 diff --git a/vendor/qcom/common/qtelephony.te b/vendor/qcom/common/qtelephony.te index 315b1a2..29ce45f 100644 --- a/vendor/qcom/common/qtelephony.te +++ b/vendor/qcom/common/qtelephony.te @@ -7,6 +7,7 @@ add_hwservice(qtelephony, vnd_atcmdfwd_hwservice) allow qtelephony app_api_service:service_manager find; allow qtelephony hal_imsrtp_hwservice:hwservice_manager find; +allow qtelephony hal_telephony_service:service_manager find; allow qtelephony radio_service:service_manager find; allow qtelephony sysfs_diag:dir search; allow qtelephony sysfs_timestamp_switch:file r_file_perms; diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts index c34496a..6b2ff84 100644 --- a/vendor/qcom/common/seapp_contexts +++ b/vendor/qcom/common/seapp_contexts @@ -29,3 +29,7 @@ user=_app seinfo=platform name=org.codeaurora.ims isPrivApp=true domain=qtelepho #Add DeviceInfoHidlClient to vendor_qtelephony user=_app seinfo=platform name=com.qualcomm.qti.devicestatisticsservice domain=qtelephony type=app_data_file levelFrom=all + +# QtiTelephonyService app +user=_app seinfo=platform name=com.qualcomm.qti.telephonyservice domain=qtelephony type=app_data_file levelFrom=all + diff --git a/vendor/qcom/common/sensors.te b/vendor/qcom/common/sensors.te index 95737d0..a423192 100644 --- a/vendor/qcom/common/sensors.te +++ b/vendor/qcom/common/sensors.te @@ -12,5 +12,7 @@ allow sensors self:qipcrtr_socket create; allow sensors sensors_persist_file:dir rw_dir_perms; r_dir_file(sensors, sysfs_msm_subsys) allow sensors sysfs_ssr:file r_file_perms; +allow sensors sensors_vendor_data_file:dir rw_dir_perms; +allow sensors sensors_vendor_data_file:file create_file_perms; dontaudit sensors sysfs_esoc:dir r_dir_perms; diff --git a/vendor/qcom/common/service.te b/vendor/qcom/common/service.te index c2ea2f6..c3aa9f1 100644 --- a/vendor/qcom/common/service.te +++ b/vendor/qcom/common/service.te @@ -4,3 +4,4 @@ type imsrcs_service, service_manager_type; type improve_touch_service, service_manager_type; type gba_auth_service, service_manager_type; type qtitetherservice_service, service_manager_type; +type hal_telephony_service, service_manager_type, vendor_service; diff --git a/vendor/qcom/common/service_contexts b/vendor/qcom/common/service_contexts new file mode 100644 index 0000000..405f768 --- /dev/null +++ b/vendor/qcom/common/service_contexts @@ -0,0 +1 @@ +vendor.qti.hardware.radio.ims.IImsRadio/default u:object_r:hal_telephony_service:s0 |