diff options
| author | Cosme Domínguez Díaz <cosme.ddiaz@gmail.com> | 2018-03-21 00:31:44 +0100 |
|---|---|---|
| committer | Cosme Domínguez Díaz <cosme.ddiaz@gmail.com> | 2018-03-22 00:31:23 +0100 |
| commit | 53125eae0d81397b182dcc783c6c6c9701069324 (patch) | |
| tree | c82950a4c5ad7625293384a88db2bcd9b8ba5b58 | |
| parent | 2cc617f3de053bf0b18b2f6c9475f67bf8823996 (diff) | |
msm8996-common: Initial work to enable full treble.
* Remove never-allow rules and enable SELinux permissive for now.
* Enable PRODUCT_FULL_TREBLE_OVERRIDE.
| -rw-r--r-- | BoardConfigCommon.mk | 2 | ||||
| -rw-r--r-- | sepolicy/audioserver.te | 2 | ||||
| -rw-r--r-- | sepolicy/bluetooth.te | 1 | ||||
| -rw-r--r-- | sepolicy/cameraserver.te | 3 | ||||
| -rw-r--r-- | sepolicy/dataservice_app.te | 2 | ||||
| -rw-r--r-- | sepolicy/dpmd.te | 2 | ||||
| -rw-r--r-- | sepolicy/file.te | 1 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 9 | ||||
| -rw-r--r-- | sepolicy/hal_audio_default.te | 3 | ||||
| -rw-r--r-- | sepolicy/hal_bluetooth_default.te | 1 | ||||
| -rw-r--r-- | sepolicy/hal_camera_default.te | 1 | ||||
| -rw-r--r-- | sepolicy/hal_fingerprint_default.te | 3 | ||||
| -rw-r--r-- | sepolicy/hal_perf_default.te | 2 | ||||
| -rw-r--r-- | sepolicy/location.te | 1 | ||||
| -rw-r--r-- | sepolicy/mm-qcamerad.te | 1 | ||||
| -rw-r--r-- | sepolicy/per_mgr.te | 1 | ||||
| -rw-r--r-- | sepolicy/qseeproxy.te | 2 | ||||
| -rw-r--r-- | sepolicy/qti_init_shell.te | 3 | ||||
| -rw-r--r-- | sepolicy/radio.te | 1 | ||||
| -rw-r--r-- | sepolicy/readmac.te | 1 | ||||
| -rw-r--r-- | sepolicy/rild.te | 2 | ||||
| -rw-r--r-- | sepolicy/system_app.te | 2 | ||||
| -rw-r--r-- | sepolicy/thermal-engine.te | 1 |
23 files changed, 2 insertions, 45 deletions
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index d9c9d15..82ae015 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -41,6 +41,7 @@ TARGET_NO_BOOTLOADER := true # Kernel BOARD_KERNEL_BASE := 0x80000000 BOARD_KERNEL_CMDLINE := androidboot.hardware=qcom ehci-hcd.park=3 lpm_levels.sleep_disabled=1 cma=32M@0-0xffffffff +BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive BOARD_KERNEL_IMAGE_NAME := Image.gz-dtb BOARD_KERNEL_PAGESIZE := 4096 BOARD_KERNEL_TAGS_OFFSET := 0x00000100 @@ -56,6 +57,7 @@ TARGET_BOARD_PLATFORM_GPU := qcom-adreno530 # Properties BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true +PRODUCT_FULL_TREBLE_OVERRIDE := true TARGET_VENDOR_PROP += $(VENDOR_PATH)/vendor.prop # Audio diff --git a/sepolicy/audioserver.te b/sepolicy/audioserver.te index 5c5f2fd..e69de29 100644 --- a/sepolicy/audioserver.te +++ b/sepolicy/audioserver.te @@ -1,2 +0,0 @@ -allow audioserver socket_device:sock_file write; -allow audioserver thermal-engine:unix_stream_socket connectto; diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te index 0f173e1..e69de29 100644 --- a/sepolicy/bluetooth.te +++ b/sepolicy/bluetooth.te @@ -1 +0,0 @@ -allow bluetooth wcnss_filter:unix_stream_socket { connectto }; diff --git a/sepolicy/cameraserver.te b/sepolicy/cameraserver.te index c31c9f1..e69de29 100644 --- a/sepolicy/cameraserver.te +++ b/sepolicy/cameraserver.te @@ -1,3 +0,0 @@ -allow cameraserver init:unix_dgram_socket sendto; -allow cameraserver hal_perf_hwservice:hwservice_manager find; -allow cameraserver hal_perf_default:binder call; diff --git a/sepolicy/dataservice_app.te b/sepolicy/dataservice_app.te index 4f36595..e69de29 100644 --- a/sepolicy/dataservice_app.te +++ b/sepolicy/dataservice_app.te @@ -1,2 +0,0 @@ -allow dataservice_app cnd_socket:sock_file write; -allow dataservice_app cnd:unix_stream_socket connectto; diff --git a/sepolicy/dpmd.te b/sepolicy/dpmd.te index b3a868b..f758949 100644 --- a/sepolicy/dpmd.te +++ b/sepolicy/dpmd.te @@ -1,3 +1 @@ allow dpmd dpmd:capability { dac_override dac_read_search chown fsetid }; -allow dpmd socket_device:dir { add_name write }; -allow dpmd socket_device:sock_file { create setattr }; diff --git a/sepolicy/file.te b/sepolicy/file.te index 5b39842..54cc974 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -1,5 +1,4 @@ type fpc_data_file, data_file_type, file_type; -type fpc_images_file, file_type; type nv_data_file, file_type, data_file_type; type sysfs_fpc_irq, sysfs_type, fs_type; type sysfs_fpc_proximity, sysfs_type, fs_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 54c3534..b084443 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -9,7 +9,6 @@ # fingerprint /dev/fpc1020 u:object_r:fpc1020_device:s0 /data/fpc(/.*)? u:object_r:fpc_data_file:s0 -/data/fpc_images(/.*)? u:object_r:fpc_images_file:s0 /sys/devices/soc/soc:fpc_fpc1020/irq u:object_r:sysfs_fpc_irq:s0 /sys/devices/soc/soc:fpc_fpc1020/proximity_state u:object_r:sysfs_fpc_proximity:s0 /sys/devices/soc/soc:fpc1020/utouch_disable u:object_r:sysfs_fpc_utouch_disable:s0 @@ -17,14 +16,6 @@ # FRP partition /dev/block/bootdevice/by-name/config u:object_r:frp_block_device:s0 -# legacy paths -/system/bin/sensors.qcom u:object_r:sensors_exec:s0 -/system/bin/port-bridge u:object_r:port-bridge_exec:s0 -/system/bin/time_daemon u:object_r:time_daemon_exec:s0 -/system/bin/cnss-daemon u:object_r:wcnss_service_exec:s0 -/system/bin/wcnss_filter u:object_r:wcnss_filter_exec:s0 -/data/time(/.*)? u:object_r:time_data_file:s0 - # lights /sys/devices/soc/75b7000\.i2c/i2c-9/9-[0-9a-f]+/leds(/.*)? u:object_r:sysfs_leds:s0 /sys/devices/soc/leds-qpnp-[0-9]+/leds(/.*)? u:object_r:sysfs_leds:s0 diff --git a/sepolicy/hal_audio_default.te b/sepolicy/hal_audio_default.te index 9d9001b..e69de29 100644 --- a/sepolicy/hal_audio_default.te +++ b/sepolicy/hal_audio_default.te @@ -1,3 +0,0 @@ -allow hal_audio_default { socket_device thermal_socket }:sock_file write; -allow hal_audio_default audio_data_file:sock_file { unlink create setattr }; -allow hal_audio_default thermal-engine:unix_stream_socket connectto; diff --git a/sepolicy/hal_bluetooth_default.te b/sepolicy/hal_bluetooth_default.te index fbe2fb9..e3fa85e 100644 --- a/sepolicy/hal_bluetooth_default.te +++ b/sepolicy/hal_bluetooth_default.te @@ -1,3 +1,2 @@ allow hal_bluetooth_default bluetooth_data_file:dir { search write }; allow hal_bluetooth_default bluetooth_data_file:file { append getattr open read write }; -allow hal_bluetooth_default wcnss_filter:unix_stream_socket { connectto }; diff --git a/sepolicy/hal_camera_default.te b/sepolicy/hal_camera_default.te index 30dbf6a..e69de29 100644 --- a/sepolicy/hal_camera_default.te +++ b/sepolicy/hal_camera_default.te @@ -1 +0,0 @@ -allow hal_camera_default camera_data_file:sock_file write; diff --git a/sepolicy/hal_fingerprint_default.te b/sepolicy/hal_fingerprint_default.te index 8dbcb1c..34df9e2 100644 --- a/sepolicy/hal_fingerprint_default.te +++ b/sepolicy/hal_fingerprint_default.te @@ -2,9 +2,6 @@ r_dir_file(hal_fingerprint_default, firmware_file) allow hal_fingerprint_default tee_device:chr_file ioctl; allow hal_fingerprint_default sysfs:file write; allow hal_fingerprint_default fpc_data_file:dir rw_dir_perms; -allow hal_fingerprint_default { system_data_file fpc_data_file }:sock_file { create setattr unlink }; -allow hal_fingerprint_default fpc_images_file:dir rw_dir_perms; -allow hal_fingerprint_default fpc_images_file:file create_file_perms; allow hal_fingerprint_default sysfs_fpc_irq:file rw_file_perms; allow hal_fingerprint_default tee_device:chr_file rw_file_perms; allow hal_fingerprint_default firmware_file:dir { search read }; diff --git a/sepolicy/hal_perf_default.te b/sepolicy/hal_perf_default.te index 434ac35..8505d25 100644 --- a/sepolicy/hal_perf_default.te +++ b/sepolicy/hal_perf_default.te @@ -1,3 +1 @@ -allow hal_perf_default property_socket:sock_file write; -allow hal_perf_default init:unix_stream_socket connectto; allow hal_perf_default freq_prop:property_service set; diff --git a/sepolicy/location.te b/sepolicy/location.te index b9f963f..552344d 100644 --- a/sepolicy/location.te +++ b/sepolicy/location.te @@ -1,4 +1,3 @@ allow location system_data_file:dir { write remove_name }; -allow location system_data_file:sock_file { unlink create setattr }; allow location system_data_file:dir add_name; allow location wcnss_prop:file read; diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te index 6b6626b..e69de29 100644 --- a/sepolicy/mm-qcamerad.te +++ b/sepolicy/mm-qcamerad.te @@ -1 +0,0 @@ -allow mm-qcamerad camera_data_file:{ file sock_file } { create unlink }; diff --git a/sepolicy/per_mgr.te b/sepolicy/per_mgr.te index e7eaf7f..e69de29 100644 --- a/sepolicy/per_mgr.te +++ b/sepolicy/per_mgr.te @@ -1 +0,0 @@ -allow per_mgr servicemanager:binder { call transfer }; diff --git a/sepolicy/qseeproxy.te b/sepolicy/qseeproxy.te index 9eeb608..e69de29 100644 --- a/sepolicy/qseeproxy.te +++ b/sepolicy/qseeproxy.te @@ -1,2 +0,0 @@ -allow qseeproxy servicemanager:binder { call transfer }; -allow qseeproxy default_android_service:service_manager find; diff --git a/sepolicy/qti_init_shell.te b/sepolicy/qti_init_shell.te index 54b1642..ccc278f 100644 --- a/sepolicy/qti_init_shell.te +++ b/sepolicy/qti_init_shell.te @@ -1,6 +1,3 @@ -allow qti_init_shell shell_exec:file { r_file_perms entrypoint }; -allow qti_init_shell toolbox_exec:file { r_file_perms execute_no_trans execute }; - allow qti_init_shell sysfs:file rw_file_perms; allow qti_init_shell kmsg_device:chr_file { open write }; diff --git a/sepolicy/radio.te b/sepolicy/radio.te index c23fafe..e69de29 100644 --- a/sepolicy/radio.te +++ b/sepolicy/radio.te @@ -1 +0,0 @@ -allow radio qmuxd_socket:dir search; diff --git a/sepolicy/readmac.te b/sepolicy/readmac.te index ea2391e..26a3551 100644 --- a/sepolicy/readmac.te +++ b/sepolicy/readmac.te @@ -9,7 +9,6 @@ allow readmac persist_file:dir rw_dir_perms; allow readmac persist_file:file create_file_perms; allow readmac self:capability dac_override; -allow readmac self:socket create_socket_perms_no_ioctl; allow readmac diag_device:chr_file rw_file_perms; allow readmac sysfs:file r_file_perms; diff --git a/sepolicy/rild.te b/sepolicy/rild.te index dc15cea..f578ebd 100644 --- a/sepolicy/rild.te +++ b/sepolicy/rild.te @@ -1,4 +1,3 @@ -allow rild servicemanager:binder call; allow rild nv_data_file:dir rw_dir_perms; allow rild nv_data_file:file create_file_perms; @@ -6,7 +5,6 @@ allow rild { vendor_configs_file vendor_file }:file ioctl; allow rild qcom_ims_prop:property_service set; -allow rild default_android_service:service_manager find; allow rild radio_data_file:file { create getattr ioctl lock open read unlink write }; allow rild radio_data_file:dir { add_name getattr open read remove_name search write }; diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te index 7de707d..25177b5 100644 --- a/sepolicy/system_app.te +++ b/sepolicy/system_app.te @@ -1,3 +1 @@ allow system_app sysfs_fpc_proximity:file rw_file_perms; -allow system_app time_daemon:unix_stream_socket connectto; -allow system_app wificond:binder call; diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te index 7f8e14a..02f8521 100644 --- a/sepolicy/thermal-engine.te +++ b/sepolicy/thermal-engine.te @@ -7,5 +7,4 @@ allow thermal-engine sysfs_usb_supply:file r_file_perms; allow thermal-engine diag_device:chr_file { read write }; allow thermal-engine diag_device:chr_file open; allow thermal-engine diag_device:chr_file ioctl; -allow thermal-engine socket_device:sock_file { create setattr }; allow thermal-engine sysfs_uio:dir read; |