diff options
| -rw-r--r-- | sepolicy/hal_audio_default.te | 2 | ||||
| -rw-r--r-- | sepolicy/hal_fingerprint_default.te | 2 | ||||
| -rw-r--r-- | sepolicy/init.te | 1 | ||||
| -rw-r--r-- | sepolicy/kernel.te | 3 | ||||
| -rw-r--r-- | sepolicy/peripheral_manager.te | 3 | ||||
| -rw-r--r-- | sepolicy/thermal-engine.te | 4 | ||||
| -rw-r--r-- | sepolicy/vendor_init.te | 1 |
7 files changed, 10 insertions, 6 deletions
diff --git a/sepolicy/hal_audio_default.te b/sepolicy/hal_audio_default.te index c1e5a78..386b906 100644 --- a/sepolicy/hal_audio_default.te +++ b/sepolicy/hal_audio_default.te @@ -1,7 +1,7 @@ allow hal_audio_default sysfs_soc:dir search; allow hal_audio_default vendor_audio_data_file:file create_file_perms; allow hal_audio_default vendor_audio_data_file:dir rw_dir_perms; -allow hal_audio_default vendor_data_file:file rw_file_perms; +allow hal_audio_default vendor_data_file:file create_file_perms; allow hal_audio_default vendor_data_file:dir rw_dir_perms; allow hal_audio_default thermal_socket:sock_file write; allow hal_audio_default thermal-engine:unix_stream_socket connectto; diff --git a/sepolicy/hal_fingerprint_default.te b/sepolicy/hal_fingerprint_default.te index 3c7d5e6..bb00fca 100644 --- a/sepolicy/hal_fingerprint_default.te +++ b/sepolicy/hal_fingerprint_default.te @@ -9,7 +9,7 @@ allow hal_fingerprint_default sysfs_fingerprint:file rw_file_perms; allow hal_fingerprint_default tee_device:chr_file rw_file_perms; allow hal_fingerprint_default firmware_file:file r_file_perms; -allow hal_fingerprint_default fpc_data_file:dir create_dir_perms; +allow hal_fingerprint_default { fpc_data_file system_data_file }:dir create_dir_perms; allow hal_fingerprint_default fpc_data_file:sock_file { create setattr unlink }; allow hal_fingerprint_default fingerprintd_data_file:dir rw_dir_perms; allow hal_fingerprint_default fingerprintd_data_file:file create_file_perms; diff --git a/sepolicy/init.te b/sepolicy/init.te index 1d5a98d..06725f7 100644 --- a/sepolicy/init.te +++ b/sepolicy/init.te @@ -12,3 +12,4 @@ allow init sysfs:file setattr; allow init tee_device:chr_file write; allow init hidl_base_hwservice:hwservice_manager add; allow init sysfs_graphics:lnk_file read; +allow init system_file:file mounton; diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te index 059156d..dccb85b 100644 --- a/sepolicy/kernel.te +++ b/sepolicy/kernel.te @@ -1 +1,2 @@ -allow kernel debugfs_ipc:dir search; +allow kernel { debugfs_ipc vfat }:dir search; +allow kernel vfat:file open; diff --git a/sepolicy/peripheral_manager.te b/sepolicy/peripheral_manager.te index 709affa..ef6c645 100644 --- a/sepolicy/peripheral_manager.te +++ b/sepolicy/peripheral_manager.te @@ -1,2 +1,3 @@ -allow vendor_per_mgr sysfs_msm_subsys:dir search; +allow vendor_per_mgr { sysfs_msm_subsys vfat }:dir search; allow vendor_per_mgr sysfs_msm_subsys:file { getattr open read setattr }; +allow vendor_per_mgr vfat:file { open read }; diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te index 5c1b2cd..9755b16 100644 --- a/sepolicy/thermal-engine.te +++ b/sepolicy/thermal-engine.te @@ -1,4 +1,4 @@ typeattribute thermal-engine data_between_core_and_vendor_violators; -allow thermal-engine { sysfs_msm_core sysfs_msm_subsys sysfs_usb_supply }:file r_file_perms; -allow thermal-engine { sysfs_soc sysfs_msm_core sysfs_rmtfs sysfs_msm_subsys sysfs_usb_supply }:dir search; +allow thermal-engine { sysfs_batteryinfo sysfs_msm_core sysfs_msm_subsys sysfs_usb_supply }:file r_file_perms; +allow thermal-engine { sysfs_batteryinfo sysfs_soc sysfs_msm_core sysfs_rmtfs sysfs_msm_subsys sysfs_usb_supply }:dir search; diff --git a/sepolicy/vendor_init.te b/sepolicy/vendor_init.te index 1e54496..d0375e2 100644 --- a/sepolicy/vendor_init.te +++ b/sepolicy/vendor_init.te @@ -9,6 +9,7 @@ allow vendor_init { media_rw_data_file nfc_data_file rootfs + system_data_file time_data_file thermal_data_file tombstone_data_file |