aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sepolicy/adbd.te1
-rw-r--r--sepolicy/charger.te3
-rw-r--r--sepolicy/hal_fingerprint_default.te (renamed from sepolicy/fingerprint.te)8
-rw-r--r--sepolicy/priv_app.te3
-rw-r--r--sepolicy/rild.te6
-rw-r--r--sepolicy/vold.te2
6 files changed, 23 insertions, 0 deletions
diff --git a/sepolicy/adbd.te b/sepolicy/adbd.te
new file mode 100644
index 0000000..01a14f2
--- /dev/null
+++ b/sepolicy/adbd.te
@@ -0,0 +1 @@
+allow adbd ctl_mdnsd_prop:property_service set;
diff --git a/sepolicy/charger.te b/sepolicy/charger.te
new file mode 100644
index 0000000..3b261b1
--- /dev/null
+++ b/sepolicy/charger.te
@@ -0,0 +1,3 @@
+allow charger device:dir read;
+allow charger device:dir open;
+allow charger self:capability { dac_override dac_read_search };
diff --git a/sepolicy/fingerprint.te b/sepolicy/hal_fingerprint_default.te
index 314093c..8749fe8 100644
--- a/sepolicy/fingerprint.te
+++ b/sepolicy/hal_fingerprint_default.te
@@ -9,3 +9,11 @@ allow hal_fingerprint_default sysfs_fpc_irq:file rw_file_perms;
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
allow hal_fingerprint_default firmware_file:dir { search read };
allow hal_fingerprint_default firmware_file:file { read open };
+allow hal_fingerprint_default system_data_file:dir write;
+allow hal_fingerprint_default system_data_file:dir add_name;
+allow hal_fingerprint_default system_data_file:dir create;
+allow hal_fingerprint_default system_data_file:sock_file create;
+allow hal_fingerprint_default system_data_file:dir read;
+allow hal_fingerprint_default system_data_file:sock_file setattr;
+allow hal_fingerprint_default system_data_file:dir { open remove_name };
+allow hal_fingerprint_default system_data_file:sock_file unlink;
diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
index cc3ead2..e65e9c0 100644
--- a/sepolicy/priv_app.te
+++ b/sepolicy/priv_app.te
@@ -1,3 +1,6 @@
allow priv_app device:dir { open read };
allow priv_app { camera_prop proc_interrupts }:file { open read };
allow priv_app camera_prop:file getattr;
+allow priv_app proc_modules:file read;
+allow priv_app proc_modules:file open;
+allow priv_app proc_modules:file getattr;
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index 9ecd3d9..cb1b549 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -10,3 +10,9 @@ allow rild default_android_service:service_manager find;
allow rild radio_data_file:file { create getattr ioctl lock open read unlink write };
allow rild radio_data_file:dir { add_name getattr open read remove_name search write };
+
+allow rild toolbox_exec:file getattr;
+allow rild toolbox_exec:file execute;
+allow rild toolbox_exec:file { open read };
+allow rild toolbox_exec:file execute_no_trans;
+allow rild vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 9507e88..175410f 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -1 +1,3 @@
allow vold persist_file:dir read;
+allow vold persist_file:dir open;
+allow vold persist_file:dir ioctl;
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-20 14:07:57 +0000