diff options
Diffstat (limited to 'sepolicy')
| -rw-r--r-- | sepolicy/init.te | 4 | ||||
| -rw-r--r-- | sepolicy/priv_app.te | 4 | ||||
| -rw-r--r-- | sepolicy/system_app.te | 1 |
3 files changed, 6 insertions, 3 deletions
diff --git a/sepolicy/init.te b/sepolicy/init.te index 5d8c97e..9730a6d 100644 --- a/sepolicy/init.te +++ b/sepolicy/init.te @@ -1,4 +1,7 @@ typeattribute init data_between_core_and_vendor_violators; + +binder_call(init, system_server); + allow init adsprpcd_file:filesystem { mount relabelfrom relabelto }; allow init debugfs_ipc:dir relabelfrom; allow init debugfs_ipc:file relabelfrom; @@ -10,4 +13,3 @@ allow init sysfs_fingerprint:file { open read setattr write }; allow init sysfs:file setattr; allow init tee_device:chr_file write; allow init hidl_base_hwservice:hwservice_manager add; -allow init system_server:binder call; diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te index be6f717..0b0b72b 100644 --- a/sepolicy/priv_app.te +++ b/sepolicy/priv_app.te @@ -7,7 +7,6 @@ allow priv_app configfs:dir r_dir_perms; allow priv_app configfs:file r_file_perms; allow priv_app file_contexts_file:file r_file_perms; allow priv_app firmware_file:dir r_file_perms; -allow priv_app hal_memtrack_default:binder call; allow priv_app hal_memtrack_hwservice:hwservice_manager find; allow priv_app hwservice_contexts_file:file r_file_perms; allow priv_app keylayout_file:dir r_file_perms; @@ -22,7 +21,8 @@ allow priv_app service_contexts_file:file r_file_perms; allow priv_app vendor_file:file rx_file_perms; allow priv_app vndservice_contexts_file:file r_file_perms; -r_dir_file(priv_app, sysfs_type) +r_dir_file(priv_app, sysfs_type); +binder_call(priv_app, hal_memtrack_default); # Clean up logspam dontaudit priv_app device:dir read; diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te index fded46c..0137c7a 100644 --- a/sepolicy/system_app.te +++ b/sepolicy/system_app.te @@ -2,6 +2,7 @@ allow system_app sysfs_fingerprint:file rw_file_perms; allow system_app shell_prop:property_service set; binder_call(system_app, wificond); +binder_call(system_app, perfprofd); dontaudit system_app netd_service:service_manager find; dontaudit system_app installd_service:service_manager find; |