diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-08-16 16:46:10 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-08-16 16:46:10 +0000 |
commit | f8d6d5f0382fd7e1d1717f3f744cb17e17707964 (patch) | |
tree | 7edb776037c6d6995dd618781ee4b518085ef588 | |
parent | 1f527f4da55a9a2198c4102052b71e9b4da76cc0 (diff) | |
parent | ca6b4d4a1ae67e9d488781c482e8873d4c316f94 (diff) | |
download | pixel-sepolicy-aml_tz4_331314010.tar.gz |
Snap for 8953554 from ca6b4d4a1ae67e9d488781c482e8873d4c316f94 to mainline-tzdata4-releaseaml_tz4_332714070aml_tz4_332714050aml_tz4_332714010aml_tz4_331910000aml_tz4_331314030aml_tz4_331314020aml_tz4_331314010aml_tz4_331012050aml_tz4_331012040aml_tz4_331012000android13-mainline-tzdata4-releaseaml_tz4_332714010
Change-Id: I1885689c30280df402076fb4efbef522fd94cb54
-rw-r--r-- | connectivity_thermal_power_manager/connectivity_thermal_power_manager.te | 15 | ||||
-rw-r--r-- | connectivity_thermal_power_manager/seapp_contexts | 1 | ||||
-rw-r--r-- | logger_app/logger_app.te | 1 | ||||
-rw-r--r-- | wifi_perf_diag/property_contexts | 2 | ||||
-rw-r--r-- | wifi_perf_diag/wifi_perf_diag.te | 35 |
5 files changed, 42 insertions, 12 deletions
diff --git a/connectivity_thermal_power_manager/connectivity_thermal_power_manager.te b/connectivity_thermal_power_manager/connectivity_thermal_power_manager.te new file mode 100644 index 0000000..54b2e8c --- /dev/null +++ b/connectivity_thermal_power_manager/connectivity_thermal_power_manager.te @@ -0,0 +1,15 @@ +# platform_apps cannot access PowerHAL, so we need to define our own domain. +# Since we're defining and moving CTPM to its own domain, we need to assign +# all of the previous permissions that we had as a platform_app + +type connectivity_thermal_power_manager, domain, coredomain, system_suspend_internal_server; + +app_domain(connectivity_thermal_power_manager) + +# register previous permissions we had as a platform_app +allow connectivity_thermal_power_manager radio_service:service_manager find; +allow connectivity_thermal_power_manager app_api_service:service_manager find; +allow connectivity_thermal_power_manager system_api_service:service_manager find; + +# access power stats +hal_client_domain(connectivity_thermal_power_manager, hal_power_stats); diff --git a/connectivity_thermal_power_manager/seapp_contexts b/connectivity_thermal_power_manager/seapp_contexts new file mode 100644 index 0000000..28b2e0c --- /dev/null +++ b/connectivity_thermal_power_manager/seapp_contexts @@ -0,0 +1 @@ +user=_app seinfo=platform name=com.google.android.connectivitythermalpowermanager domain=connectivity_thermal_power_manager type=app_data_file levelFrom=all diff --git a/logger_app/logger_app.te b/logger_app/logger_app.te index 942daba..1ab7e68 100644 --- a/logger_app/logger_app.te +++ b/logger_app/logger_app.te @@ -11,4 +11,5 @@ userdebug_or_eng(` allow logger_app wifi_logging_data_file:dir create_dir_perms; allow logger_app wifi_logging_data_file:file create_file_perms; set_prop(logger_app, vendor_wlan_logging_prop) + set_prop(logger_app, vendor_wifi_perf_diag_prop) ') diff --git a/wifi_perf_diag/property_contexts b/wifi_perf_diag/property_contexts index 9ddc687..a737dba 100644 --- a/wifi_perf_diag/property_contexts +++ b/wifi_perf_diag/property_contexts @@ -1,4 +1,6 @@ persist.vendor.wifi.perf_diag.period u:object_r:vendor_wifi_perf_diag_prop:s0 persist.vendor.wifi.perf_diag.file u:object_r:vendor_wifi_perf_diag_prop:s0 persist.vendor.wifi.perf_diag.netperf u:object_r:vendor_wifi_perf_diag_prop:s0 +persist.vendor.wifi.perf_diag.pid u:object_r:vendor_wifi_perf_diag_prop:s0 +persist.vendor.wifi.perf_diag.mode u:object_r:vendor_wifi_perf_diag_prop:s0 vendor.wifi.perf_diag.start u:object_r:vendor_wifi_perf_diag_prop:s0 diff --git a/wifi_perf_diag/wifi_perf_diag.te b/wifi_perf_diag/wifi_perf_diag.te index 32254cd..b1f1e68 100644 --- a/wifi_perf_diag/wifi_perf_diag.te +++ b/wifi_perf_diag/wifi_perf_diag.te @@ -7,23 +7,34 @@ init_daemon_domain(wifi_perf_diag) net_domain(wifi_perf_diag) #vendor -allow wifi_perf_diag properties_device:dir r_dir_perms; -allow wifi_perf_diag device:dir write; -allow wifi_perf_diag vendor_file:file execute_no_trans; -allow wifi_perf_diag vendor_toolbox_exec:file execute_no_trans; +allow wifi_perf_diag wifi_logging_data_file:dir create_dir_perms; +allow wifi_perf_diag wifi_logging_data_file:file create_file_perms; allow wifi_perf_diag vendor_shell_exec:file execute_no_trans; -#system proc -allow wifi_perf_diag proc_net:file r_file_perms; -allow wifi_perf_diag proc_stat:file r_file_perms; -allow wifi_perf_diag proc_interrupts:file r_file_perms; -allow wifi_perf_diag proc_timer:file r_file_perms; +allow wifi_perf_diag wifi_perf_diag_exec:file execute_no_trans; +allow wifi_perf_diag self:capability net_admin; allow wifi_perf_diag self:udp_socket ioctl; -allow wifi_perf_diag self:capability { net_admin net_raw }; +allowxperm wifi_perf_diag self:udp_socket ioctl { SIOCETHTOOL SIOCDEVPRIVATE }; + +#factors +allow wifi_perf_diag device:dir rw_dir_perms; allow wifi_perf_diag device:file rw_file_perms; allow wifi_perf_diag init:dir search; allow wifi_perf_diag init:file r_file_perms; +allow wifi_perf_diag kernel:dir search; allow wifi_perf_diag kernel:file r_file_perms; -#perfetto -allow wifi_perf_diag traced_consumer_socket:sock_file write; +allow wifi_perf_diag logd:dir search; +allow wifi_perf_diag logd:file r_file_perms; +allow wifi_perf_diag netd:dir search; +allow wifi_perf_diag netd:file r_file_perms; +allow wifi_perf_diag proc_interrupts:file r_file_perms; +allow wifi_perf_diag proc_net:file r_file_perms; +allow wifi_perf_diag proc_stat:file r_file_perms; +allow wifi_perf_diag proc_timer:file r_file_perms; +allow wifi_perf_diag properties_device:dir r_file_perms; +allow wifi_perf_diag vendor_file:file execute_no_trans; +allow wifi_perf_diag vendor_file:dir r_dir_perms; +allow wifi_perf_diag vendor_toolbox_exec:file execute_no_trans; +#property get_prop(wifi_perf_diag, vendor_wifi_perf_diag_prop) +set_prop(wifi_perf_diag, vendor_wifi_perf_diag_prop) ') |