diff options
| -rw-r--r-- | citadel/service_contexts | 1 | ||||
| -rw-r--r-- | debugpolicy/device.te | 2 | ||||
| -rw-r--r-- | googlebattery/file_contexts | 2 | ||||
| -rw-r--r-- | input/dumpstate.te | 4 | ||||
| -rw-r--r-- | input/twoshay.te | 4 | ||||
| -rw-r--r-- | pixelstats/file_contexts | 3 | ||||
| -rw-r--r-- | pixelstats/pixelstats_vendor.te | 5 | ||||
| -rw-r--r-- | ramdump/common/file.te | 2 |
8 files changed, 18 insertions, 5 deletions
diff --git a/citadel/service_contexts b/citadel/service_contexts index 5639b58..ac6a186 100644 --- a/citadel/service_contexts +++ b/citadel/service_contexts @@ -1,2 +1,3 @@ android.hardware.security.keymint.IKeyMintDevice/strongbox u:object_r:hal_keymint_service:s0 android.hardware.security.sharedsecret.ISharedSecret/strongbox u:object_r:hal_sharedsecret_service:s0 +android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox u:object_r:hal_remotelyprovisionedcomponent_service:s0 diff --git a/debugpolicy/device.te b/debugpolicy/device.te index 1deb4ab..c774e3b 100644 --- a/debugpolicy/device.te +++ b/debugpolicy/device.te @@ -1 +1 @@ -type dpm_block_device, dev_type, bdev_type; +type dpm_block_device, dev_type; diff --git a/googlebattery/file_contexts b/googlebattery/file_contexts index 0d3004e..9e247bb 100644 --- a/googlebattery/file_contexts +++ b/googlebattery/file_contexts @@ -1 +1 @@ -/vendor/bin/hw/vendor\.google\.google_battery@1\.1-service-vendor u:object_r:hal_googlebattery_exec:s0 +/vendor/bin/hw/vendor\.google\.google_battery@1\.2-service-vendor u:object_r:hal_googlebattery_exec:s0 diff --git a/input/dumpstate.te b/input/dumpstate.te index b2c0c81..748ff35 100644 --- a/input/dumpstate.te +++ b/input/dumpstate.te @@ -1,2 +1,2 @@ -# b/187795940 -dontaudit dumpstate twoshay:binder call; +binder_call(dumpstate, twoshay) + diff --git a/input/twoshay.te b/input/twoshay.te index eba1cce..d27fda6 100644 --- a/input/twoshay.te +++ b/input/twoshay.te @@ -12,5 +12,9 @@ add_service(twoshay, touch_context_service) allow twoshay fwk_stats_service:service_manager find; binder_call(twoshay, stats_service_server) +# Allow dumpsys output in bugreports. +allow twoshay dumpstate:fd use; +allow twoshay dumpstate:fifo_file write; + # b/198755236 dontaudit twoshay twoshay:capability dac_override; diff --git a/pixelstats/file_contexts b/pixelstats/file_contexts new file mode 100644 index 0000000..a899889 --- /dev/null +++ b/pixelstats/file_contexts @@ -0,0 +1,3 @@ +# pixelstats binary +/vendor/bin/pixelstats-vendor u:object_r:pixelstats_vendor_exec:s0 + diff --git a/pixelstats/pixelstats_vendor.te b/pixelstats/pixelstats_vendor.te index 4b43168..57aba2f 100644 --- a/pixelstats/pixelstats_vendor.te +++ b/pixelstats/pixelstats_vendor.te @@ -1,3 +1,8 @@ +type pixelstats_vendor, domain; + +type pixelstats_vendor_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(pixelstats_vendor) + # UeventListener r_dir_file(pixelstats_vendor, sysfs_batteryinfo) allow pixelstats_vendor sysfs_batteryinfo:file w_file_perms; diff --git a/ramdump/common/file.te b/ramdump/common/file.te index 78ad1db..93b947f 100644 --- a/ramdump/common/file.te +++ b/ramdump/common/file.te @@ -1,3 +1,3 @@ type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject; type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject; -type ramdump_vendor_fs, file_type, data_file_type, mlstrustedobject; +type ramdump_vendor_fs, fusefs_type, data_file_type, mlstrustedobject; |