diff options
| -rw-r--r-- | sepolicy/device.te | 1 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 19 | ||||
| -rw-r--r-- | sepolicy/fingerprint.te (renamed from sepolicy/hal_fingerprint_default.te) | 0 | ||||
| -rw-r--r-- | sepolicy/firmware.te | 1 | ||||
| -rw-r--r-- | sepolicy/fsck.te | 1 | ||||
| -rw-r--r-- | sepolicy/init.te | 15 | ||||
| -rw-r--r-- | sepolicy/qti_init_shell.te | 4 | ||||
| -rw-r--r-- | sepolicy/ueventd.te | 2 |
8 files changed, 37 insertions, 6 deletions
diff --git a/sepolicy/device.te b/sepolicy/device.te index e271129..c7b4862 100644 --- a/sepolicy/device.te +++ b/sepolicy/device.te @@ -1 +1,2 @@ +type persist_block_device, dev_type; type fpc1020_device, dev_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 979f833..08ee6ab 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -2,11 +2,17 @@ /dev/block/bootdevice/by-name/oem_dycnvbk u:object_r:modem_efs_partition_device:s0 /dev/block/bootdevice/by-name/oem_stanvbk u:object_r:modem_efs_partition_device:s0 +/dev/block/mmcblk0p40 u:object_r:persist_block_device:s0 + # FRP partition /dev/block/bootdevice/by-name/config u:object_r:frp_block_device:s0 /persist/sensors/gyro_sensitity_cal u:object_r:sensors_persist_file:s0 +/sys/kernel/debug/rmt_storage/rmts u:object_r:qti_debugfs:s0 + +/persist/rfs(/.*)? u:object_r:rfs_file:s0 + /data/oemnvitems(/.*)? u:object_r:nv_data_file:s0 /dev/fpc1020 u:object_r:fpc1020_device:s0 @@ -19,17 +25,18 @@ /dev/dash u:object_r:input_device:s0 /sys/devices/soc/.*ssusb/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0 -/sys/devices/soc/qpnp-smbcharger-[0-9a-f]+/power_supply/battery/capacity u:object_r:sysfs_batteryinfo:s0 -/sys/devices/soc/qpnp-smbcharger-[0-9a-f]+/power_supply/battery/current_now u:object_r:sysfs_batteryinfo:s0 -/sys/devices/soc/qpnp-smbcharger-[0-9a-f]+/power_supply/battery/voltage_now u:object_r:sysfs_batteryinfo:s0 -/sys/devices/soc/qpnp-smbcharger-[0-9a-f]+/power_supply/battery/temp u:object_r:sysfs_batteryinfo:s0 +/sys/devices/soc/qpnp-smbcharger-[0-9a-f]+/power_supply/battery(/.*)? u:object_r:sysfs_batteryinfo:s0 /sys/kernel/debug/msm_core(/.*)? u:object_r:debugfs_msm_core:s0 -/sys/kernel/debug/rmt_storage/rmts u:object_r:debugfs_rmts:s0 - /system/bin/readmac u:object_r:readmac_exec:s0 # Data files /data/decrypt.txt u:object_r:thermal_data_file:s0 /data/misc/netmgr/log.txt u:object_r:netmgrd_data_file:s0 + +# legacy paths +/system/bin/qseecomd u:object_r:tee_exec:s0 +/system/bin/irsc_util u:object_r:irsc_util_exec:s0 +/system/bin/rmt_storage u:object_r:rmt_storage_exec:s0 +/system/bin/sensors.qcom u:object_r:sensors_exec:s0 diff --git a/sepolicy/hal_fingerprint_default.te b/sepolicy/fingerprint.te index 314093c..314093c 100644 --- a/sepolicy/hal_fingerprint_default.te +++ b/sepolicy/fingerprint.te diff --git a/sepolicy/firmware.te b/sepolicy/firmware.te new file mode 100644 index 0000000..9ac714e --- /dev/null +++ b/sepolicy/firmware.te @@ -0,0 +1 @@ +allow { bt_firmware_file firmware_file } rootfs:filesystem associate; diff --git a/sepolicy/fsck.te b/sepolicy/fsck.te index b9c5021..e1e0bb9 100644 --- a/sepolicy/fsck.te +++ b/sepolicy/fsck.te @@ -1 +1,2 @@ allow fsck rootfs:lnk_file getattr; +allow fsck persist_block_device:blk_file { read open write ioctl }; diff --git a/sepolicy/init.te b/sepolicy/init.te index 33a9b3e..075823c 100644 --- a/sepolicy/init.te +++ b/sepolicy/init.te @@ -1,2 +1,17 @@ allow init socket_device:sock_file { create unlink setattr }; allow init proc_dirty_ratio:file write; +allow init vfat:dir mounton; + +allow init block_device:lnk_file relabelfrom; + +allow init { cache_block_device misc_block_device frp_block_device userdata_block_device rpmb_device dip_device recovery_block_device mba_debug_dev modem_efs_partition_device gpt_block_device persist_block_device }:lnk_file relabelto; + +allow init init:socket { create bind read }; +allow init init:capability net_bind_service; + +allow init { ssd_device rpmb_device modem_efs_partition_device }:blk_file write; + +allow init qti_debugfs:file write; + +allow init { tee_device diag_device }:chr_file { write read open ioctl }; +allow init ion_device:chr_file { read open ioctl }; diff --git a/sepolicy/qti_init_shell.te b/sepolicy/qti_init_shell.te new file mode 100644 index 0000000..67789aa --- /dev/null +++ b/sepolicy/qti_init_shell.te @@ -0,0 +1,4 @@ +allow qti_init_shell shell_exec:file { r_file_perms entrypoint }; +allow qti_init_shell toolbox_exec:file { r_file_perms execute_no_trans execute }; + +allow qti_init_shell sysfs:file { rw_file_perms }; diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te new file mode 100644 index 0000000..18766b6 --- /dev/null +++ b/sepolicy/ueventd.te @@ -0,0 +1,2 @@ +allow ueventd vfat:dir search; +allow ueventd vfat:file { read open }; |