aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sepolicy/file.te4
-rw-r--r--sepolicy/file_contexts12
-rw-r--r--sepolicy/fingerprintd.te18
-rw-r--r--sepolicy/genfs_contexts1
-rw-r--r--sepolicy/ipacm-diag.te6
-rw-r--r--sepolicy/location.te1
-rw-r--r--sepolicy/mac_permissions.xml7
-rw-r--r--sepolicy/mediaserver.te1
-rw-r--r--sepolicy/mm-qcamerad.te1
-rw-r--r--sepolicy/netd.te5
-rw-r--r--sepolicy/per_mgr.te2
-rw-r--r--sepolicy/peripheral_manager.te1
-rw-r--r--sepolicy/property_contexts1
-rw-r--r--sepolicy/qmuxd.te2
-rw-r--r--sepolicy/qti.te2
-rw-r--r--sepolicy/rild.te4
-rw-r--r--sepolicy/rmt_storage.te1
-rw-r--r--sepolicy/seapp_contexts1
-rw-r--r--sepolicy/sensors.te2
-rw-r--r--sepolicy/service_contexts1
-rw-r--r--sepolicy/system_app.te4
-rw-r--r--sepolicy/system_server.te5
-rw-r--r--sepolicy/thermal-engine.te2
-rw-r--r--sepolicy/untrusted_app.te1
-rw-r--r--sepolicy/vold.te2
-rw-r--r--sepolicy/wcnss_service.te1
-rw-r--r--sepolicy/zygote.te2
27 files changed, 54 insertions, 36 deletions
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 139812a..4569d6b 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -1,5 +1,9 @@
type fpc_data_file, file_type;
type fpc_images_file, file_type;
type sysfs_fpc_irq, sysfs_type, fs_type;
+type sysfs_fpc_proximity, sysfs_type, fs_type;
type proc_touchpanel, fs_type;
type nv_data_file, file_type;
+type proc_stat, fs_type;
+type debugfs_msm_core, debugfs_type, fs_type;
+type debugfs_rmts, debugfs_type, fs_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 686f99b..75737a2 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -15,5 +15,17 @@
/data/fpc(/.*)? u:object_r:fpc_data_file:s0
/data/fpc_images(/.*)? u:object_r:fpc_images_file:s0
/sys/devices/soc/soc:fpc_fpc1020/irq u:object_r:sysfs_fpc_irq:s0
+/sys/devices/soc/soc:fpc_fpc1020/proximity_state u:object_r:sysfs_fpc_proximity:s0
+
+/sys/devices/soc/.*ssusb/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0
+
+/sys/devices/soc/qpnp-smbcharger-[0-9a-f]+/power_supply/battery/capacity u:object_r:sysfs_batteryinfo:s0
+/sys/devices/soc/qpnp-smbcharger-[0-9a-f]+/power_supply/battery/current_now u:object_r:sysfs_batteryinfo:s0
+/sys/devices/soc/qpnp-smbcharger-[0-9a-f]+/power_supply/battery/voltage_now u:object_r:sysfs_batteryinfo:s0
+/sys/devices/soc/qpnp-smbcharger-[0-9a-f]+/power_supply/battery/temp u:object_r:sysfs_batteryinfo:s0
+
+/sys/kernel/debug/msm_core(/.*)? u:object_r:debugfs_msm_core:s0
+
+/sys/kernel/debug/rmt_storage/rmts u:object_r:debugfs_rmts:s0
/system/bin/ifaadaemon u:object_r:ifaadaemon_exec:s0
diff --git a/sepolicy/fingerprintd.te b/sepolicy/fingerprintd.te
index 29e56af..a9d13a6 100644
--- a/sepolicy/fingerprintd.te
+++ b/sepolicy/fingerprintd.te
@@ -1,12 +1,12 @@
-allow fingerprintd firmware_file:file { read getattr open };
-allow fingerprintd firmware_file:dir search;
-allow fingerprintd fpc_data_file:dir { write remove_name add_name search read open };
-allow fingerprintd fpc_data_file:sock_file { create unlink setattr };
-allow fingerprintd fpc_images_file:dir { read write open add_name search };
-allow fingerprintd fpc_images_file:file { write create open getattr };
-allow fingerprintd sysfs_fpc_irq:file { read write open };
-allow fingerprintd tee_device:chr_file { read write ioctl open };
+r_dir_file(fingerprintd, firmware_file)
+r_dir_file(fingerprintd, proc_touchpanel)
+allow fingerprintd fpc_data_file:dir rw_dir_perms;
+allow fingerprintd fpc_data_file:sock_file { create unlink };
+allow fingerprintd fpc_images_file:dir rw_dir_perms;
+allow fingerprintd fpc_images_file:file create_file_perms;
+allow fingerprintd sysfs_fpc_irq:file rw_file_perms;
+allow fingerprintd tee_device:chr_file rw_file_perms;
allow fingerprintd sysfs:file write;
allow fingerprintd proc_touchpanel:dir search;
allow fingerprintd proc_touchpanel:file { read open };
-allow fingerprintd vfat:file { read getattr open };
+allow fingerprintd vfat:file r_file_perms;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index cfc50b6..a4d53e1 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -1,3 +1,4 @@
genfscon proc /touchpanel u:object_r:proc_touchpanel:s0
genfscon proc /s1302 u:object_r:proc_touchpanel:s0
genfscon proc /tri-state-key u:object_r:proc_touchpanel:s0
+genfscon proc /stat u:object_r:proc_stat:s0
diff --git a/sepolicy/ipacm-diag.te b/sepolicy/ipacm-diag.te
index 70bc113..db7fc42 100644
--- a/sepolicy/ipacm-diag.te
+++ b/sepolicy/ipacm-diag.te
@@ -1,4 +1,2 @@
-allow ipacm-diag init:unix_stream_socket connectto;
-allow ipacm-diag property_socket:sock_file write;
-allow ipacm-diag system_prop:property_service set;
-allow ipacm-diag diag_prop:property_service set;
+set_prop(ipacm-diag, diag_prop)
+set_prop(ipacm-diag, system_prop)
diff --git a/sepolicy/location.te b/sepolicy/location.te
index 756bb26..edbedb7 100644
--- a/sepolicy/location.te
+++ b/sepolicy/location.te
@@ -1 +1,2 @@
allow location permission_service:service_manager find;
+allow location self:capability net_raw;
diff --git a/sepolicy/mac_permissions.xml b/sepolicy/mac_permissions.xml
index a025144..f77d495 100644
--- a/sepolicy/mac_permissions.xml
+++ b/sepolicy/mac_permissions.xml
@@ -8,11 +8,4 @@
</package>
</signer>
- <!-- Taobao -->
- <signer signature="30820243308201aca00302010202044c59152e300d06092a864886f70d01010505003066310b300906035504061302434e3111300f060355040813087a68656a69616e673111300f0603550407130868616e677a686f75310f300d060355040a130674616f62616f310f300d060355040b130674616f62616f310f300d0603550403130674616f62616f301e170d3130303830343037323232325a170d3337313232303037323232325a3066310b300906035504061302434e3111300f060355040813087a68656a69616e673111300f0603550407130868616e677a686f75310f300d060355040a130674616f62616f310f300d060355040b130674616f62616f310f300d0603550403130674616f62616f30819f300d06092a864886f70d010101050003818d00308189028181008406125f369fde2720f7264923a63dc48e1243c1d9783ed44d8c276602d2d570073d92c155b81d5899e9a8a97e06353ac4b044d07ca3e2333677d199e0969c96489f6323ed5368e1760731704402d0112c002ccd09a06d27946269a438fe4b0216b718b658eed9d165023f24c6ddaec0af6f47ada8306ad0c4f0fcd80d9b69110203010001300d06092a864886f70d01010505000381810053dc5a9acd6fed237c2ff2b81d502edb88bee1ea22ad0e2ad1bb8e2e2e1c20a08f3797af894f35e092c78178090acddf7e8333c8d819736380f2cc91656b684bd4b30b5bb467351bf5f494f4453768a079b4d76311654e20dea7edf106ab958d92040ab8379fca39a4cdd496571eb4e29ce83bbbe770166ba5a03fd7bf90dbcd">
- <package name="com.taobao.taobao" >
- <seinfo value="taobao" />
- </package>
- </signer>
-
</policy>
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
new file mode 100644
index 0000000..ae5aaa9
--- /dev/null
+++ b/sepolicy/mediaserver.te
@@ -0,0 +1 @@
+allow mediaserver audio_device:chr_file { ioctl open read write };
diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te
index e8cdb14..4c7c39d 100644
--- a/sepolicy/mm-qcamerad.te
+++ b/sepolicy/mm-qcamerad.te
@@ -1,2 +1,3 @@
allow mm-qcamerad camera_prop:property_service set;
allow mm-qcamerad permission_service:service_manager find;
+allow mm-qcamerad mpctl_socket:sock_file write;
diff --git a/sepolicy/netd.te b/sepolicy/netd.te
index 5d204e5..f513b69 100644
--- a/sepolicy/netd.te
+++ b/sepolicy/netd.te
@@ -1,3 +1,2 @@
-allow netd firmware_file:file { read open };
-allow netd firmware_file:dir search;
-allow netd vfat:file { read open };
+r_dir_file(netd, firmware_file)
+allow netd vfat:file r_file_perms;
diff --git a/sepolicy/per_mgr.te b/sepolicy/per_mgr.te
index d5f2aa5..c964ad3 100644
--- a/sepolicy/per_mgr.te
+++ b/sepolicy/per_mgr.te
@@ -1 +1 @@
-allow per_mgr vfat:file { read open };
+allow per_mgr vfat:file r_file_perms;
diff --git a/sepolicy/peripheral_manager.te b/sepolicy/peripheral_manager.te
new file mode 100644
index 0000000..6d75682
--- /dev/null
+++ b/sepolicy/peripheral_manager.te
@@ -0,0 +1 @@
+allow per_mgr self:capability net_raw;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
index 4dbb541..2b0957e 100644
--- a/sepolicy/property_contexts
+++ b/sepolicy/property_contexts
@@ -3,3 +3,4 @@ audio. u:object_r:audio_prop:s0
sys.fake_bs_flag0 u:object_r:system_radio_prop:s0
sys.fake_bs_flag1 u:object_r:system_radio_prop:s0
sys.oem.sno u:object_r:system_radio_prop:s0
+persist.sys.diag.max.size u:object_r:diag_prop:s0 \ No newline at end of file
diff --git a/sepolicy/qmuxd.te b/sepolicy/qmuxd.te
index e3fe26b..14aa9a1 100644
--- a/sepolicy/qmuxd.te
+++ b/sepolicy/qmuxd.te
@@ -1,3 +1,3 @@
-allow qmuxd diag_prop:property_service set;
+set_prop(qmuxd, diag_prop)
allow qmuxd init:unix_stream_socket connectto;
allow qmuxd property_socket:sock_file write;
diff --git a/sepolicy/qti.te b/sepolicy/qti.te
index 2121a58..861eb5d 100644
--- a/sepolicy/qti.te
+++ b/sepolicy/qti.te
@@ -1,3 +1,3 @@
-allow qti diag_prop:property_service set;
+set_prop(qti, diag_prop)
allow qti init:unix_stream_socket connectto;
allow qti property_socket:sock_file write;
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index c176c48..424aab7 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -1,3 +1,3 @@
-allow rild nv_data_file:dir { getattr search write add_name };
-allow rild nv_data_file:file { write open create };
+allow rild nv_data_file:dir rw_dir_perms;
+allow rild nv_data_file:file create_file_perms;
allow rild diag_prop:property_service set;
diff --git a/sepolicy/rmt_storage.te b/sepolicy/rmt_storage.te
new file mode 100644
index 0000000..f082cae
--- /dev/null
+++ b/sepolicy/rmt_storage.te
@@ -0,0 +1 @@
+allow rmt_storage debugfs_rmts:file rw_file_perms;
diff --git a/sepolicy/seapp_contexts b/sepolicy/seapp_contexts
new file mode 100644
index 0000000..63f4cb1
--- /dev/null
+++ b/sepolicy/seapp_contexts
@@ -0,0 +1 @@
+user=_app seinfo=alipay name=com.eg.android.AlipayGphone* domain=alipay_app type=app_data_file
diff --git a/sepolicy/sensors.te b/sepolicy/sensors.te
index fc45cdd..14a5ad1 100644
--- a/sepolicy/sensors.te
+++ b/sepolicy/sensors.te
@@ -1,3 +1,3 @@
allow sensors property_socket:sock_file write;
allow sensors init:unix_stream_socket connectto;
-allow sensors diag_prop:property_service set;
+set_prop(sensors, diag_prop)
diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts
new file mode 100644
index 0000000..5b71d70
--- /dev/null
+++ b/sepolicy/service_contexts
@@ -0,0 +1 @@
+ifaadaemon u:object_r:ifaadaemon_service:s0
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index d4f37b1..f9df2ec 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -1,2 +1,4 @@
allow system_app proc_touchpanel:dir search;
-allow system_app proc_touchpanel:file { write read getattr open read };
+allow system_app proc_touchpanel:file rw_file_perms;
+
+allow system_app sysfs_fpc_proximity:file rw_file_perms;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 503b1df..7bd7016 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,5 +1,6 @@
allow system_server persist_file:dir { read write };
allow system_server proc_touchpanel:dir search;
-allow system_server proc_touchpanel:file { write open getattr read };
-allow system_server sensors_persist_file:file { read getattr open };
+allow system_server proc_touchpanel:file rw_file_perms;
+allow system_server sensors_persist_file:file r_file_perms;
allow system_server sensors_persist_file:dir search;
+allow system_server proc_stat:file r_file_perms;
diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te
index d57ef05..525394e 100644
--- a/sepolicy/thermal-engine.te
+++ b/sepolicy/thermal-engine.te
@@ -1,3 +1,3 @@
-allow thermal-engine diag_prop:property_service set;
+set_prop(thermal-engine, diag_prop)
allow thermal-engine init:unix_stream_socket connectto;
allow thermal-engine property_socket:sock_file write;
diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te
deleted file mode 100644
index 70de2b0..0000000
--- a/sepolicy/untrusted_app.te
+++ /dev/null
@@ -1 +0,0 @@
-allow untrusted_app ifaadaemon_service:service_manager { find };
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 9dfc1e9..be2bf87 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -1,2 +1,2 @@
-allow vold proc_touchpanel:dir { read open };
+allow vold proc_touchpanel:dir r_dir_perms;
allow vold system_block_device:blk_file getattr;
diff --git a/sepolicy/wcnss_service.te b/sepolicy/wcnss_service.te
new file mode 100644
index 0000000..46c74a3
--- /dev/null
+++ b/sepolicy/wcnss_service.te
@@ -0,0 +1 @@
+allow wcnss_service self:capability { setgid setuid };
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
index d9874bc..32f3157 100644
--- a/sepolicy/zygote.te
+++ b/sepolicy/zygote.te
@@ -1,2 +1,2 @@
-allow zygote input_device:dir { r_file_perms search };
+allow zygote input_device:dir r_dir_perms;
allow zygote input_device:chr_file rw_file_perms;
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-19 23:30:23 +0000