diff options
Diffstat (limited to 'sepolicy')
| -rw-r--r-- | sepolicy/property.te | 1 | ||||
| -rw-r--r-- | sepolicy/property_contexts | 3 | ||||
| -rw-r--r-- | sepolicy/qti_init_shell.te | 4 | ||||
| -rw-r--r-- | sepolicy/system_app.te | 1 |
4 files changed, 9 insertions, 0 deletions
diff --git a/sepolicy/property.te b/sepolicy/property.te index 550baf9..87aea86 100644 --- a/sepolicy/property.te +++ b/sepolicy/property.te @@ -1 +1,2 @@ type wcg_prop, property_type; +type oem_unlock_prop, property_type; diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts index 18b724a..697ecaf 100644 --- a/sepolicy/property_contexts +++ b/sepolicy/property_contexts @@ -4,6 +4,9 @@ persist.camera. u:object_r:camera_prop:s0 # BootParsed sys.post_boot.parsed u:object_r:vendor_mpctl_prop:s0 +# OEM unlocking +ro.oem_unlock_supported u:object_r:oem_unlock_prop:s0 + # Qseecomd sys.listeners.registered u:object_r:vendor_tee_listener_prop:s0 diff --git a/sepolicy/qti_init_shell.te b/sepolicy/qti_init_shell.te index cc3ba68..c5b8387 100644 --- a/sepolicy/qti_init_shell.te +++ b/sepolicy/qti_init_shell.te @@ -5,4 +5,8 @@ allow qti_init_shell file_contexts_file:file { getattr open read }; allow qti_init_shell mnt_vendor_file:dir rw_dir_perms; allow qti_init_shell mnt_vendor_file:file create_file_perms; +# Allow qti_init_shell to read cmdline +allow qti_init_shell proc_cmdline:file { getattr open read }; + get_prop(qti_init_shell, wcg_prop) +set_prop(qti_init_shell, oem_unlock_prop) diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te index 5fe4bd9..1158907 100644 --- a/sepolicy/system_app.te +++ b/sepolicy/system_app.te @@ -3,3 +3,4 @@ allow system_app sysfs_fingerprint:dir search; allow system_app shell_prop:property_service set; binder_call(system_app, wificond); +get_prop(system_app, oem_unlock_prop); |