diff options
36 files changed, 39 insertions, 195 deletions
diff --git a/sepolicy/atfwd.te b/sepolicy/atfwd.te deleted file mode 100644 index a48a7db..0000000 --- a/sepolicy/atfwd.te +++ /dev/null @@ -1,2 +0,0 @@ -allow atfwd sysfs_msm_subsys:dir search; -allow atfwd sysfs_msm_subsys:file { getattr open read setattr }; diff --git a/sepolicy/cnd.te b/sepolicy/cnd.te index 6e24fc6..c5bb09e 100644 --- a/sepolicy/cnd.te +++ b/sepolicy/cnd.te @@ -1,5 +1,3 @@ -allow cnd { sysfs_msm_subsys sysfs_soc }:dir search; -allow cnd sysfs_msm_subsys:file { getattr open read setattr }; allow cnd system_data_file:file { getattr ioctl read }; add_hwservice(cnd, hal_cne_hwservice) diff --git a/sepolicy/domain.te b/sepolicy/domain.te index f176bca..69158d7 100644 --- a/sepolicy/domain.te +++ b/sepolicy/domain.te @@ -35,6 +35,3 @@ dontaudit domain kernel:system module_request; # Suppress these denials for most domains, since ueventd should be doing the # opening of the firmware. dontaudit domain firmware_file:dir search; - -allow domain debugfs_ion:dir search; -allow domain debugfs_kgsl:dir search; diff --git a/sepolicy/energyawareness.te b/sepolicy/energyawareness.te deleted file mode 100644 index 4b21963..0000000 --- a/sepolicy/energyawareness.te +++ /dev/null @@ -1 +0,0 @@ -allow energyawareness sysfs_soc:dir search; diff --git a/sepolicy/file.te b/sepolicy/file.te index 3fc793f..b33eadf 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -1,44 +1,16 @@ +# /data type fpc_data_file, core_data_file_type, data_file_type, file_type; type thermal_data_file, core_data_file_type, data_file_type, file_type; +# debugfs +type debugfs_rmt, debugfs_type, fs_type; + # /sys -type sysfs_camera, sysfs_type, fs_type; -type sysfs_enable_ps_sensor, sysfs_type, fs_type; type sysfs_fingerprint, sysfs_type, fs_type; -type sysfs_fpc_proximity, sysfs_type, fs_type; -type sysfs_mdss_mdp_caps, sysfs_type, fs_type; -type sysfs_msm_subsys, sysfs_type, fs_type; -type sysfs_msm_subsys_restart, sysfs_type, fs_type; -type sysfs_msm_core, sysfs_type, fs_type; -type sysfs_perf, sysfs_type, fs_type; type sysfs_pcie, sysfs_type, fs_type, mlstrustedobject; -type sysfs_power_management, sysfs_type, fs_type; -type sysfs_rmtfs, sysfs_type, fs_type; -type sysfs_soc, sysfs_type, fs_type, mlstrustedobject; -type sysfs_timestamp_switch, sysfs_type, fs_type; -type sysfs_video, sysfs_type, fs_type; type sysfs_wifi, sysfs_type, fs_type, mlstrustedobject; type sysfs_scsi_devices_0000, sysfs_type, fs_type; -# debugfs -type debugfs_msm_core, debugfs_type, fs_type; -type debugfs_rmt, debugfs_type, fs_type; -type debugfs_wlan, debugfs_type, fs_type; -type debugfs_kgsl, debugfs_type, fs_type; -type debugfs_ipc, debugfs_type, fs_type; -type debugfs_bufinfo, debugfs_type, fs_type; -type debugfs_mdp, debugfs_type, fs_type; -type debugfs_ion, debugfs_type, fs_type; -type debugfs_qsee_log, debugfs_type, fs_type; -type debugfs_usb, debugfs_type, fs_type; -type debugfs_runtime_pm, debugfs_type, fs_type; -type debugfs_cnss, debugfs_type, fs_type; -type debugfs_ufs, debugfs_type, fs_type; - -# /proc -type proc_kernel_sched, fs_type; -type proc_irq, fs_type; - # /vendor type idc_file, file_type, vendor_file_type; type keylayout_file, file_type, vendor_file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 12e3edd..ce36adc 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -1,26 +1,27 @@ -# Partitions -/dev/block/platform/soc/(624000\.ufshc|7464900\.sdhci)/by-name/persist u:object_r:persist_block_device:s0 - # Binaries -/vendor/bin/wcg_mac_tool u:object_r:wcg_mac_exec:s0 -/vendor/bin/init.wlan.sh u:object_r:qti_init_shell_exec:s0 - -# Devices -/dev/fpc1020 u:object_r:fpc1020_device:s0 -/dev/tfa9890 u:object_r:audio_device:s0 -/sys/devices/soc/soc:fpc_fpc1020/proximity_state u:object_r:sysfs_fpc_proximity:s0 +/vendor/bin/init.wlan.sh u:object_r:qti_init_shell_exec:s0 +/vendor/bin/wcg_mac_tool u:object_r:wcg_mac_exec:s0 # Data files /data/fpc(/.*)? u:object_r:fpc_data_file:s0 /data/decrypt\.txt u:object_r:thermal_data_file:s0 /data/vendor/qcam(/.*)? u:object_r:vendor_camera_data_file:s0 +# Devices +/dev/fpc1020 u:object_r:fpc1020_device:s0 +/dev/tfa9890 u:object_r:audio_device:s0 + # HALs -/vendor/bin/hw/android\.hardware\.light@2\.0-service\.zuk_8996 u:object_r:hal_light_default_exec:s0 -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.0-service\.zuk u:object_r:hal_fingerprint_default_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.1-service\.widevine u:object_r:hal_drm_widevine_exec:s0 -/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.zuk_8996 u:object_r:hal_lineage_touch_default_exec:s0 +/vendor/bin/hw/android\.hardware\.light@2\.0-service\.zuk_8996 u:object_r:hal_light_default_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.0-service\.zuk u:object_r:hal_fingerprint_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.zuk_8996 u:object_r:hal_lineage_touch_default_exec:s0 # Misc files on /vendor -/vendor/usr/idc(/.*)? u:object_r:idc_file:s0 -/vendor/usr/keylayout(/.*)? u:object_r:keylayout_file:s0 +/vendor/usr/idc(/.*)? u:object_r:idc_file:s0 +/vendor/usr/keylayout(/.*)? u:object_r:keylayout_file:s0 + +# Sys files +/sys/devices/soc/soc:fpc1020(/.*)? u:object_r:sysfs_fingerprint:s0 +/sys/devices/soc/soc:fpc1020/proximity_state u:object_r:sysfs_fingerprint:s0 +/sys/devices/soc/soc:fpc1020/irq u:object_r:sysfs_fingerprint:s0 +/sys/devices/soc/soc:fpc1020/utouch_disable u:object_r:sysfs_fingerprint:s0 diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts index b9a5e6a..02f6224 100644 --- a/sepolicy/genfs_contexts +++ b/sepolicy/genfs_contexts @@ -1,71 +1,13 @@ -genfscon proc /sys/kernel/sched_boost u:object_r:proc_kernel_sched:s0 -genfscon proc /sys/kernel/sched_downmigrate u:object_r:proc_kernel_sched:s0 -genfscon proc /sys/kernel/sched_freq_dec_notify u:object_r:proc_kernel_sched:s0 -genfscon proc /sys/kernel/sched_freq_inc_notify u:object_r:proc_kernel_sched:s0 -genfscon proc /sys/kernel/sched_init_task_load u:object_r:proc_kernel_sched:s0 -genfscon proc /sys/kernel/sched_migration_cost_ns u:object_r:proc_kernel_sched:s0 -genfscon proc /sys/kernel/sched_migration_fixup u:object_r:proc_kernel_sched:s0 -genfscon proc /sys/kernel/sched_small_task u:object_r:proc_kernel_sched:s0 -genfscon proc /sys/kernel/sched_spill_nr_run u:object_r:proc_kernel_sched:s0 -genfscon proc /sys/kernel/sched_upmigrate u:object_r:proc_kernel_sched:s0 -genfscon proc /irq u:object_r:proc_irq:s0 +genfscon proc /irq u:object_r:proc_irq:s0 + +# debugfs +genfscon debugfs /rmt_storage u:object_r:debugfs_rmt:s0 # sysfs -genfscon sysfs /devices/bt_qca6174/extldo u:object_r:sysfs_bluetooth_writable:s0 -genfscon sysfs /devices/bt_qca6174/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0 -genfscon sysfs /devices/soc/leds-qpnp-24/leds u:object_r:sysfs_leds:s0 -genfscon sysfs /devices/soc/900000.qcom,mdss_mdp/900000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds u:object_r:sysfs_leds:s0 -genfscon sysfs /devices/soc/900000.qcom,mdss_mdp/caps u:object_r:sysfs_mdss_mdp_caps:s0 -genfscon sysfs /module/msm_core u:object_r:sysfs_msm_core:s0 -genfscon sysfs /devices/soc/70000.qcom,msm-core u:object_r:sysfs_msm_core:s0 -genfscon sysfs /module/msm_thermal u:object_r:sysfs_thermal:s0 -genfscon sysfs /class/thermal u:object_r:sysfs_thermal:s0 -genfscon sysfs /module/msm_performance u:object_r:sysfs_perf:s0 -genfscon sysfs /module/subsystem_restart u:object_r:sysfs_msm_subsys_restart:s0 -genfscon sysfs /bus/msm_subsys u:object_r:sysfs_msm_subsys:s0 -genfscon sysfs /devices/soc/ce0000.qcom,venus u:object_r:sysfs_msm_subsys:s0 -genfscon sysfs /devices/soc/b00000.qcom,kgsl-3d0 u:object_r:sysfs_msm_subsys:s0 -genfscon sysfs /devices/soc/soc:qcom,cpubw u:object_r:sysfs_msm_subsys:s0 -genfscon sysfs /devices/soc/soc:qcom,kgsl-hyp u:object_r:sysfs_msm_subsys:s0 -genfscon sysfs /devices/soc/soc:qcom,cnss u:object_r:sysfs_msm_subsys:s0 -genfscon sysfs /devices/soc/9300000.qcom,lpass u:object_r:sysfs_msm_subsys:s0 -genfscon sysfs /devices/soc/1c00000.qcom,ssc u:object_r:sysfs_msm_subsys:s0 -genfscon sysfs /devices/soc/2080000.qcom,mss u:object_r:sysfs_msm_subsys:s0 -genfscon sysfs /devices/soc/91c0000.slim u:object_r:sysfs_msm_subsys:s0 -genfscon sysfs /kernel/boot_adsp/boot u:object_r:sysfs_msm_subsys:s0 -genfscon sysfs /kernel/boot_slpi/boot u:object_r:sysfs_msm_subsys:s0 -genfscon sysfs /devices/soc/600000.qcom,pcie u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/soc/8c0000.qcom,msm-cam u:object_r:sysfs_camera:s0 -genfscon sysfs /devices/soc/aa4000.qcom,fd u:object_r:sysfs_video:s0 -genfscon sysfs /devices/soc/soc:fpc1020 u:object_r:sysfs_fingerprint:s0 -genfscon sysfs /devices/soc/soc:fpc1020/proximity_state u:object_r:sysfs_fingerprint:s0 -genfscon sysfs /devices/soc/soc:fpc1020/irq u:object_r:sysfs_fingerprint:s0 -genfscon sysfs /devices/soc/soc:fpc1020/utouch_disable u:object_r:sysfs_fingerprint:s0 -genfscon sysfs /devices/soc0 u:object_r:sysfs_soc:s0 -genfscon sysfs /devices/soc/600000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/net/wlan0 u:object_r:sysfs_wifi:s0 -genfscon sysfs /devices/soc/0.qcom,rmtfs_sharedmem u:object_r:sysfs_rmtfs:s0 -genfscon sysfs /devices/soc/84000000.qcom,rmtfs_rtel_sharedmem u:object_r:sysfs_rmtfs:s0 -genfscon sysfs /module/lpm_levels/parameters u:object_r:sysfs_power_management:s0 -genfscon sysfs /devices/virtual/timed_output/vibrator/voltage_level u:object_r:sysfs_vibrator:s0 -genfscon sysfs /module/diagchar/parameters/timestamp_switch u:object_r:sysfs_timestamp_switch:s0 -genfscon sysfs /devices/soc/624000.ufshc/host0/target0:0:0/0:0:0:0 u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/soc/624000.ufshc/health u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /module/diagchar u:object_r:sysfs_diag:s0 +genfscon sysfs /devices/soc/600000.qcom,pcie u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/soc/624000.ufshc/host0/target0:0:0/0:0:0:0 u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/soc/624000.ufshc/health u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/soc/600000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/net/wlan0 u:object_r:sysfs_wifi:s0 genfscon sysfs /devices/soc/400f000.qcom,spmi/spmi-0/spmi0-02/400f000.qcom,spmi:qcom,pmi8994@2:qcom,fg/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/soc/400f000.qcom,spmi/spmi-0/spmi0-02/400f000.qcom,spmi:qcom,pmi8994@2:qcom,qpnp-smbcharger/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/soc/400f000.qcom,spmi/spmi-0/spmi0-02/400f000.qcom,spmi:qcom,pmi8994@2:bcl@4200/power_supply u:object_r:sysfs_batteryinfo:s0 - -# debugfs -genfscon debugfs /wlan_wcnss u:object_r:debugfs_wlan:s0 -genfscon debugfs /msm_core u:object_r:debugfs_msm_core:s0 -genfscon debugfs /rmt_storage u:object_r:debugfs_rmt:s0 -genfscon debugfs /ipc_logging u:object_r:debugfs_ipc:s0 -genfscon debugfs /dma_buf/bufinfo u:object_r:debugfs_bufinfo:s0 -genfscon debugfs /mdp/xlog/dump u:object_r:debugfs_mdp:s0 -genfscon debugfs /tzdbg/qsee_log u:object_r:debugfs_qsee_log:s0 -genfscon debugfs /ion u:object_r:debugfs_ion:s0 -genfscon debugfs /tcpm/9-0022 u:object_r:debugfs_usb:s0 -genfscon debugfs /ipc_logging/fusb302/log u:object_r:debugfs_usb:s0 -genfscon debugfs /cnss_runtime_pm u:object_r:debugfs_runtime_pm:s0 -genfscon debugfs /cnss-prealloc/status u:object_r:debugfs_cnss:s0 -genfscon debugfs /ufshcd0 u:object_r:debugfs_ufs:s0 diff --git a/sepolicy/hal_audio_default.te b/sepolicy/hal_audio_default.te index 6aff479..8a9e7d8 100644 --- a/sepolicy/hal_audio_default.te +++ b/sepolicy/hal_audio_default.te @@ -1,4 +1,3 @@ -allow hal_audio_default sysfs_soc:dir search; allow hal_audio_default vendor_audio_data_file:file create_file_perms; allow hal_audio_default vendor_audio_data_file:dir rw_dir_perms; allow hal_audio_default vendor_data_file:file create_file_perms; diff --git a/sepolicy/hal_dpmQmiMgr.te b/sepolicy/hal_dpmQmiMgr.te deleted file mode 100644 index 2595e6e..0000000 --- a/sepolicy/hal_dpmQmiMgr.te +++ /dev/null @@ -1,2 +0,0 @@ -allow hal_dpmQmiMgr { sysfs_msm_subsys sysfs_soc }:dir search; -allow hal_dpmQmiMgr sysfs_msm_subsys:file { getattr open read setattr }; diff --git a/sepolicy/hal_fingerprint_default.te b/sepolicy/hal_fingerprint_default.te index bb00fca..cccf8a6 100644 --- a/sepolicy/hal_fingerprint_default.te +++ b/sepolicy/hal_fingerprint_default.te @@ -1,4 +1,3 @@ -typeattribute hal_fingerprint_default socket_between_core_and_vendor_violators; typeattribute hal_fingerprint_default data_between_core_and_vendor_violators; r_dir_file(hal_fingerprint_default, firmware_file) diff --git a/sepolicy/hal_gnss_qti.te b/sepolicy/hal_gnss_qti.te deleted file mode 100644 index 49ab1ff..0000000 --- a/sepolicy/hal_gnss_qti.te +++ /dev/null @@ -1,3 +0,0 @@ -allow hal_gnss_qti sysfs_msm_subsys:dir search; -allow hal_gnss_qti sysfs_soc:dir search; -allow hal_gnss_qti sysfs_msm_subsys:file { getattr open read setattr }; diff --git a/sepolicy/hal_graphics_composer_default.te b/sepolicy/hal_graphics_composer_default.te deleted file mode 100644 index 1237d2d..0000000 --- a/sepolicy/hal_graphics_composer_default.te +++ /dev/null @@ -1 +0,0 @@ -allow hal_graphics_composer_default { sysfs_camera sysfs_video }:dir search; diff --git a/sepolicy/hal_imsrtp.te b/sepolicy/hal_imsrtp.te deleted file mode 100644 index f583686..0000000 --- a/sepolicy/hal_imsrtp.te +++ /dev/null @@ -1,2 +0,0 @@ -allow hal_imsrtp sysfs_msm_subsys:dir search; -allow hal_imsrtp sysfs_msm_subsys:file { getattr open read setattr }; diff --git a/sepolicy/hal_iop_default.te b/sepolicy/hal_iop_default.te deleted file mode 100644 index b8aea8d..0000000 --- a/sepolicy/hal_iop_default.te +++ /dev/null @@ -1 +0,0 @@ -allow hal_iop_default sysfs_soc:dir search; diff --git a/sepolicy/hal_perf_default.te b/sepolicy/hal_perf_default.te index e185a2c..86004ca 100644 --- a/sepolicy/hal_perf_default.te +++ b/sepolicy/hal_perf_default.te @@ -1,6 +1,2 @@ set_prop(hal_perf_default, freq_prop) -typeattribute hal_perf_default data_between_core_and_vendor_violators; allow hal_perf_default hal_graphics_composer_default:process signull; -allow hal_perf_default proc_kernel_sched:file rw_file_perms; -allow hal_perf_default sysfs_msm_subsys:dir search; -allow hal_perf_default sysfs_soc:dir search; diff --git a/sepolicy/hal_power_default.te b/sepolicy/hal_power_default.te index 1ae17f4..c6a2a02 100644 --- a/sepolicy/hal_power_default.te +++ b/sepolicy/hal_power_default.te @@ -1,6 +1,4 @@ allow hal_power_default sysfs:file rw_file_perms; -allow hal_power_default debugfs_wlan:dir search; -allow hal_power_default debugfs_wlan:file r_file_perms; allow hal_power_default sysfs_kgsl:lnk_file { open read write }; allow hal_power_default sysfs_devfreq:dir search; allow hal_power_default sysfs_devfreq:file { open write }; diff --git a/sepolicy/hal_rcsservice.te b/sepolicy/hal_rcsservice.te deleted file mode 100644 index 333b19d..0000000 --- a/sepolicy/hal_rcsservice.te +++ /dev/null @@ -1,2 +0,0 @@ -allow hal_rcsservice sysfs_msm_subsys:dir search; -allow hal_rcsservice sysfs_msm_subsys:file { getattr open read setattr }; diff --git a/sepolicy/hal_sensors_default.te b/sepolicy/hal_sensors_default.te deleted file mode 100644 index 491a38c..0000000 --- a/sepolicy/hal_sensors_default.te +++ /dev/null @@ -1,2 +0,0 @@ -allow hal_sensors_default sysfs_msm_subsys:dir search; -allow hal_sensors_default sysfs_msm_subsys:file { getattr open read setattr }; diff --git a/sepolicy/hal_wifi_default.te b/sepolicy/hal_wifi_default.te deleted file mode 100644 index cb82c4a..0000000 --- a/sepolicy/hal_wifi_default.te +++ /dev/null @@ -1 +0,0 @@ -allow hal_wifi_default debugfs_wlan:dir search; diff --git a/sepolicy/ims.te b/sepolicy/ims.te index a46b104..d3fdc76 100644 --- a/sepolicy/ims.te +++ b/sepolicy/ims.te @@ -1,4 +1 @@ -allow ims sysfs_msm_subsys:dir search; -allow ims sysfs_msm_subsys:file { getattr open read setattr }; -allow ims sysfs_soc:dir search; allow ims ctl_default_prop:property_service set; diff --git a/sepolicy/init.te b/sepolicy/init.te index eee43ed..2a9b47e 100644 --- a/sepolicy/init.te +++ b/sepolicy/init.te @@ -1,9 +1,3 @@ -typeattribute init data_between_core_and_vendor_violators; - -allow init adsprpcd_file:filesystem { mount relabelfrom relabelto }; -allow init debugfs_ipc:dir relabelfrom; -allow init debugfs_ipc:file relabelfrom; -allow init proc_kernel_sched:file write; allow init { ion_device tee_device }:chr_file ioctl; allow init hidl_base_hwservice:hwservice_manager add; allow init sysfs_fingerprint:file { open read setattr write }; diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te index dccb85b..ba628d5 100644 --- a/sepolicy/kernel.te +++ b/sepolicy/kernel.te @@ -1,2 +1,2 @@ -allow kernel { debugfs_ipc vfat }:dir search; +allow kernel vfat:dir search; allow kernel vfat:file open; diff --git a/sepolicy/location.te b/sepolicy/location.te index c1d076d..642c588 100644 --- a/sepolicy/location.te +++ b/sepolicy/location.te @@ -1,4 +1 @@ -allow location sysfs_msm_subsys:dir search; -allow location sysfs_soc:dir search; -allow location sysfs_msm_subsys:file { getattr open read setattr }; allow location location_data_file:sock_file unlink; diff --git a/sepolicy/mediacodec.te b/sepolicy/mediacodec.te deleted file mode 100644 index 91ce667..0000000 --- a/sepolicy/mediacodec.te +++ /dev/null @@ -1 +0,0 @@ -allow mediacodec sysfs_soc:dir search; diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te index 02b08c8..f79c7e4 100644 --- a/sepolicy/mm-qcamerad.te +++ b/sepolicy/mm-qcamerad.te @@ -2,6 +2,4 @@ typeattribute mm-qcamerad data_between_core_and_vendor_violators; allow mm-qcamerad camera_data_file:dir create_dir_perms; allow mm-qcamerad camera_data_file:file create_file_perms; -allow mm-qcamerad { sysfs_camera sysfs_video }:dir search; -allow mm-qcamerad { sysfs_camera sysfs_video }:file r_file_perms; allow mm-qcamerad vfat:dir search; diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te index 06bbe17..e3a0212 100644 --- a/sepolicy/netmgrd.te +++ b/sepolicy/netmgrd.te @@ -1,7 +1,4 @@ -allow netmgrd sysfs_msm_subsys:dir search; -allow netmgrd sysfs_msm_subsys:file { getattr open read setattr }; allow netmgrd sysfs_net:dir search; allow netmgrd sysfs_net:file rw_file_perms; -allow netmgrd sysfs_soc:dir search; allow netmgrd property_socket:sock_file write; allow netmgrd init:unix_stream_socket connectto; diff --git a/sepolicy/peripheral_manager.te b/sepolicy/peripheral_manager.te index ef6c645..af7f4bf 100644 --- a/sepolicy/peripheral_manager.te +++ b/sepolicy/peripheral_manager.te @@ -1,3 +1,2 @@ -allow vendor_per_mgr { sysfs_msm_subsys vfat }:dir search; -allow vendor_per_mgr sysfs_msm_subsys:file { getattr open read setattr }; +allow vendor_per_mgr vfat:dir search; allow vendor_per_mgr vfat:file { open read }; diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts index bc0c909..18b724a 100644 --- a/sepolicy/property_contexts +++ b/sepolicy/property_contexts @@ -1,18 +1,11 @@ # Camera -persist.camera. u:object_r:camera_prop:s0 +persist.camera. u:object_r:camera_prop:s0 # BootParsed -sys.post_boot.parsed u:object_r:vendor_mpctl_prop:s0 - -# Netmgrd -persist.net.doxlat u:object_r:vendor_xlat_prop:s0 - -# Perf -ro.min_freq_0 u:object_r:freq_prop:s0 -ro.min_freq_4 u:object_r:freq_prop:s0 +sys.post_boot.parsed u:object_r:vendor_mpctl_prop:s0 # Qseecomd -sys.listeners.registered u:object_r:vendor_tee_listener_prop:s0 +sys.listeners.registered u:object_r:vendor_tee_listener_prop:s0 # WCG sys.wifimac u:object_r:wcg_prop:s0 diff --git a/sepolicy/qti.te b/sepolicy/qti.te deleted file mode 100644 index df3942a..0000000 --- a/sepolicy/qti.te +++ /dev/null @@ -1,3 +0,0 @@ -allow qti sysfs_msm_subsys:dir search; -allow qti sysfs_msm_subsys:file { getattr open read setattr }; -allow qti sysfs_soc:dir search; diff --git a/sepolicy/rmt_storage.te b/sepolicy/rmt_storage.te index 9ca73dd..69b2634 100644 --- a/sepolicy/rmt_storage.te +++ b/sepolicy/rmt_storage.te @@ -1,4 +1,2 @@ allow rmt_storage debugfs_rmt:dir search; allow rmt_storage debugfs_rmt:file rw_file_perms; -allow rmt_storage { sysfs_msm_subsys sysfs_rmtfs }:dir search; -allow rmt_storage sysfs_msm_subsys:file r_file_perms; diff --git a/sepolicy/sensors.te b/sepolicy/sensors.te deleted file mode 100644 index 740e938..0000000 --- a/sepolicy/sensors.te +++ /dev/null @@ -1,2 +0,0 @@ -allow sensors sysfs_msm_subsys:dir search; -allow sensors sysfs_msm_subsys:file { getattr open read setattr }; diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te index 7dbac41..c0c4408 100644 --- a/sepolicy/system_app.te +++ b/sepolicy/system_app.te @@ -1,4 +1,4 @@ -allow system_app { sysfs_fpc_proximity sysfs_fingerprint }:file rw_file_perms; +allow system_app sysfs_fingerprint:file rw_file_perms; allow system_app sysfs_fingerprint:dir search; allow system_app shell_prop:property_service set; diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te index eda47fb..1798c16 100644 --- a/sepolicy/thermal-engine.te +++ b/sepolicy/thermal-engine.te @@ -1,5 +1,3 @@ -typeattribute thermal-engine data_between_core_and_vendor_violators; - -allow thermal-engine { sysfs_batteryinfo sysfs_msm_core sysfs_msm_subsys sysfs_usb_supply }:file r_file_perms; +allow thermal-engine { sysfs_batteryinfo sysfs_usb_supply }:file r_file_perms; allow thermal-engine sysfs_batteryinfo:file write; -allow thermal-engine { sysfs_batteryinfo sysfs_soc sysfs_msm_core sysfs_rmtfs sysfs_msm_subsys sysfs_usb_supply }:dir search; +allow thermal-engine { sysfs_batteryinfo sysfs_usb_supply }:dir search; diff --git a/sepolicy/time_daemon.te b/sepolicy/time_daemon.te deleted file mode 100644 index ea3cdec..0000000 --- a/sepolicy/time_daemon.te +++ /dev/null @@ -1,3 +0,0 @@ -allow time_daemon sysfs_msm_subsys:dir search; -allow time_daemon sysfs_msm_subsys:file { getattr open read setattr }; -allow time_daemon sysfs_soc:dir search; diff --git a/sepolicy/vendor_init.te b/sepolicy/vendor_init.te index d0375e2..41916cf 100644 --- a/sepolicy/vendor_init.te +++ b/sepolicy/vendor_init.te @@ -1,10 +1,8 @@ typeattribute vendor_init data_between_core_and_vendor_violators; -allow vendor_init proc_kernel_sched:file write; allow vendor_init { camera_data_file cnd_data_file -# dpmd_data_file fpc_data_file media_rw_data_file nfc_data_file @@ -14,6 +12,7 @@ allow vendor_init { thermal_data_file tombstone_data_file }:dir create_dir_perms; + allow vendor_init media_rw_data_file:{ dir file } getattr; -allow vendor_init media_rw_data_file: file relabelfrom; +allow vendor_init media_rw_data_file:file relabelfrom; allow vendor_init device:file create_file_perms; diff --git a/sepolicy/wcnss_service.te b/sepolicy/wcnss_service.te index fd9c6e8..340658d 100644 --- a/sepolicy/wcnss_service.te +++ b/sepolicy/wcnss_service.te @@ -1,6 +1,4 @@ -allow wcnss_service sysfs_msm_subsys:dir search; allow wcnss_service sysfs_pcie:dir search; allow wcnss_service sysfs_pcie:file rw_file_perms; allow wcnss_service sysfs_wifi:dir search; allow wcnss_service sysfs_wifi:file rw_file_perms; -allow wcnss_service sysfs_soc:dir search; |