diff --git a/BoardConfigQcom.mk b/BoardConfigQcom.mk index 280b9b0a0..fb431f013 100644 --- a/BoardConfigQcom.mk +++ b/BoardConfigQcom.mk @@ -1,4 +1,4 @@ -# Copyright (C) 2022 Paranoid Android +# Copyright (C) 2023 Paranoid Android # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,15 +28,11 @@ endif TARGET_MOUNT_POINTS_SYMLINKS ?= false # SEPolicy -ifneq ($(call is-board-platform-in-list, msm8937 msm8953 msm8996 msm8998 sdm660),true) ifneq ($(TARGET_EXCLUDE_QCOM_SEPOLICY),true) -ifneq ($(BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE),) +ifneq ($(call is-board-platform-in-list, msm8937 msm8953 msm8998 sdm660),true) include device/qcom/sepolicy_vndr/SEPolicy.mk -include device/qcom/common/sepolicy/SEPolicy.mk -else +else # if (8937 || 8953 || 8998 || 660) include device/qcom/sepolicy/SEPolicy.mk -endif -endif # Exclude QCOM SEPolicy -else -include device/qcom/sepolicy-legacy/SEPolicy.mk -endif +endif # !(8937 || 8953 || 8998 || 660) +include device/qcom/common/sepolicy/SEPolicy.mk +endif # Exclude QCOM SEPolicy \ No newline at end of file diff --git a/sepolicy/SEPolicy.mk b/sepolicy/SEPolicy.mk index 355320704..703463b66 100644 --- a/sepolicy/SEPolicy.mk +++ b/sepolicy/SEPolicy.mk @@ -4,13 +4,13 @@ ifeq ($(TARGET_SEPOLICY_DIR),) TARGET_SEPOLICY_DIR := $(TARGET_BOARD_PLATFORM) endif -ifeq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM))) +ifeq (,$(filter sdm845 sdm710 sdm660 msm8937 msm8953 msm8998, $(TARGET_BOARD_PLATFORM))) BOARD_VENDOR_SEPOLICY_DIRS += \ $(COMMON_SEPOLICY_PATH)/generic/vendor/common \ $(COMMON_SEPOLICY_PATH)/qva/vendor/common \ $(COMMON_SEPOLICY_PATH)/generic/vendor/$(TARGET_SEPOLICY_DIR) \ $(COMMON_SEPOLICY_PATH)/qva/vendor/$(TARGET_SEPOLICY_DIR) -else # 845 and 710 +else # Legacy BOARD_VENDOR_SEPOLICY_DIRS += \ $(COMMON_SEPOLICY_PATH)/legacy/vendor/ssg \ $(COMMON_SEPOLICY_PATH)/legacy/vendor/common \ @@ -21,8 +21,7 @@ else # 845 and 710 $(COMMON_SEPOLICY_PATH)/legacy/vendor/test \ $(COMMON_SEPOLICY_PATH)/legacy/vendor/test/sysmonapp endif - -endif # 845 and 710 +endif # Common system policies SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += \ diff --git a/sepolicy/legacy/vendor/common/adsprpcd.te b/sepolicy/legacy/vendor/common/adsprpcd.te index 7a08acecb..0b063a1e6 100644 --- a/sepolicy/legacy/vendor/common/adsprpcd.te +++ b/sepolicy/legacy/vendor/common/adsprpcd.te @@ -38,8 +38,8 @@ allow adsprpcd xdsp_device:chr_file r_file_perms; # For reading dir/files on /dsp r_dir_file(adsprpcd, adsprpcd_file) -# For reading adsprpc_prop -get_prop(adsprpcd, adsprpc_prop) +# For reading vendor_adsprpc_prop +get_prop(adsprpcd, vendor_adsprpc_prop) allow adsprpcd ion_device:chr_file r_file_perms; allow adsprpcd mnt_vendor_file:dir r_dir_perms; diff --git a/sepolicy/legacy/vendor/common/app.te b/sepolicy/legacy/vendor/common/app.te index bb4d25781..684da80ee 100644 --- a/sepolicy/legacy/vendor/common/app.te +++ b/sepolicy/legacy/vendor/common/app.te @@ -25,9 +25,12 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -get_prop(appdomain, hwui_prop) -get_prop(appdomain, bservice_prop) -get_prop(appdomain, reschedule_service_prop) +#Allow all apps to open and send ioctl to qdsp device +allow appdomain qdsp_device:chr_file r_file_perms; + +get_prop(appdomain, vendor_hwui_prop) +get_prop(appdomain, vendor_bservice_prop) +get_prop(appdomain, vendor_reschedule_service_prop) get_prop(appdomain, vendor_iop_prop) get_prop(appdomain, vendor_scroll_prop) diff --git a/sepolicy/legacy/vendor/common/bluetooth.te b/sepolicy/legacy/vendor/common/bluetooth.te index 971acc5d7..60a7da3e0 100644 --- a/sepolicy/legacy/vendor/common/bluetooth.te +++ b/sepolicy/legacy/vendor/common/bluetooth.te @@ -86,3 +86,6 @@ hal_client_domain(bluetooth, hal_perf); #allow bluetooth to make binder call to gpuservice binder_call(bluetooth, gpuservice); + +#Allow bluetooth to read the property +get_prop(bluetooth, vendor_bluetooth_prop) diff --git a/sepolicy/legacy/vendor/common/cameraserver.te b/sepolicy/legacy/vendor/common/cameraserver.te index 635119b9c..79c9f1260 100644 --- a/sepolicy/legacy/vendor/common/cameraserver.te +++ b/sepolicy/legacy/vendor/common/cameraserver.te @@ -48,8 +48,8 @@ allow cameraserver qdsp_device:chr_file r_file_perms; allow cameraserver xdsp_device:chr_file r_file_perms; get_prop(cameraserver, camera_prop) -#allow cameraserver to read adsprpc_prop -get_prop(cameraserver, adsprpc_prop) +#allow cameraserver to read vendor_adsprpc_prop +get_prop(cameraserver, vendor_adsprpc_prop) #need this in full_treble for camera perview allow cameraserver hal_allocator:fd use; diff --git a/sepolicy/legacy/vendor/common/cdsprpcd.te b/sepolicy/legacy/vendor/common/cdsprpcd.te index 5504381cc..a14fff014 100644 --- a/sepolicy/legacy/vendor/common/cdsprpcd.te +++ b/sepolicy/legacy/vendor/common/cdsprpcd.te @@ -35,8 +35,8 @@ init_daemon_domain(cdsprpcd) # For reading dir/files on /dsp r_dir_file(cdsprpcd, adsprpcd_file) -# For reading adsprpc_prop -get_prop(cdsprpcd, adsprpc_prop) +# For reading vendor_adsprpc_prop +get_prop(cdsprpcd, vendor_adsprpc_prop) allow cdsprpcd qdsp_device:chr_file r_file_perms; allow cdsprpcd ion_device:chr_file r_file_perms; @@ -44,3 +44,4 @@ allow cdsprpcd ion_device:chr_file r_file_perms; r_dir_file(cdsprpcd, sysfs_devfreq) allow cdsprpcd sysfs_devfreq_l3cdsp:dir r_dir_perms; allow cdsprpcd sysfs_devfreq_l3cdsp:file rw_file_perms; +allow cdsprpcd xdsp_device:chr_file r_file_perms; diff --git a/sepolicy/legacy/vendor/common/chre.te b/sepolicy/legacy/vendor/common/chre.te index c4bb5c459..7492e601a 100644 --- a/sepolicy/legacy/vendor/common/chre.te +++ b/sepolicy/legacy/vendor/common/chre.te @@ -33,7 +33,7 @@ type chre_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(chre) r_dir_file(chre, adsprpcd_file) -get_prop(chre, adsprpc_prop) +get_prop(chre, vendor_adsprpc_prop) allow chre ion_device:chr_file r_file_perms; allow chre qdsp_device:chr_file r_file_perms; diff --git a/sepolicy/legacy/vendor/common/cnd.te b/sepolicy/legacy/vendor/common/cnd.te index 08b3fc170..838d1539a 100755 --- a/sepolicy/legacy/vendor/common/cnd.te +++ b/sepolicy/legacy/vendor/common/cnd.te @@ -61,7 +61,7 @@ allow cnd self:{ allow cnd self:netlink_tcpdiag_socket nlmsg_read; # allow cnd to set cnd property -set_prop(cnd, cnd_vendor_prop) +set_prop(cnd, vendor_cnd_vendor_prop) # allow cnd to access cnd_data_file allow cnd cnd_data_file:file create_file_perms; @@ -113,6 +113,7 @@ allow cnd sysfs_data:file r_file_perms; add_hwservice(cnd, hal_latency_hwservice) add_hwservice(cnd, hal_datafactory_hwservice) +add_hwservice(cnd, vendor_hal_mwqemadapter_hwservice) hwbinder_use(cnd) get_prop(cnd, hwservicemanager_prop) binder_call(cnd, vendor_dataservice_app) diff --git a/sepolicy/legacy/vendor/common/dataservice_app.te b/sepolicy/legacy/vendor/common/dataservice_app.te index b58a0d005..0bdf385b2 100644 --- a/sepolicy/legacy/vendor/common/dataservice_app.te +++ b/sepolicy/legacy/vendor/common/dataservice_app.te @@ -25,7 +25,7 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -get_prop(vendor_dataservice_app, cnd_vendor_prop) +get_prop(vendor_dataservice_app, vendor_cnd_vendor_prop) allow vendor_dataservice_app sysfs_data:file r_file_perms; @@ -42,3 +42,5 @@ binder_call(vendor_dataservice_app, hal_rcsservice) r_dir_file(vendor_dataservice_app, cnd_data_file) allow vendor_dataservice_app app_api_service:service_manager find; +allow vendor_dataservice_app hal_perf_hwservice:hwservice_manager find; +binder_call(vendor_dataservice_app, hal_perf_default) diff --git a/sepolicy/legacy/vendor/common/domain.te b/sepolicy/legacy/vendor/common/domain.te index e215ba13b..c0c3bf69d 100644 --- a/sepolicy/legacy/vendor/common/domain.te +++ b/sepolicy/legacy/vendor/common/domain.te @@ -25,16 +25,18 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -r_dir_file({domain - isolated_app -untrusted_app_all }, sysfs_socinfo); -r_dir_file({domain - isolated_app -untrusted_app_all }, sysfs_esoc); -r_dir_file({domain - isolated_app -untrusted_app_all }, sysfs_ssr); +r_dir_file({domain - isolated_app - untrusted_app_all }, sysfs_socinfo); +r_dir_file({domain - isolated_app - untrusted_app_all }, sysfs_soc); +r_dir_file({domain - isolated_app - untrusted_app_all }, sysfs_esoc); +r_dir_file({domain - isolated_app - untrusted_app_all }, sysfs_ssr); #Reding of standard chip details need this allow untrusted_app_all { sysfs_socinfo + sysfs_soc sysfs_esoc sysfs_ssr - }:dir search ; + }:dir search; r_dir_file({domain - isolated_app }, vendor_sysfs_public); dontaudit domain kernel:system module_request; @@ -70,9 +72,10 @@ allowxperm domain domain:icmp_socket ioctl { unpriv_sock_ioctls unpriv_tty_ioctl # For compliance testing test suite reads vendor_security_path_level # Which is the public readable property “ ro.vendor.build.security_patch get_prop(domain, vendor_security_patch_level_prop) -get_prop(domain, public_vendor_default_prop) +get_prop(domain, vendor_public_vendor_default_prop) allow domain qti_debugfs:dir search; + # allow all context to read sysfs_kgsl allow { domain - isolated_app } sysfs_kgsl:dir search; # allow all context to read gpu model diff --git a/sepolicy/legacy/vendor/common/dspservice.te b/sepolicy/legacy/vendor/common/dspservice.te index b0352f259..29c5f735e 100644 --- a/sepolicy/legacy/vendor/common/dspservice.te +++ b/sepolicy/legacy/vendor/common/dspservice.te @@ -47,7 +47,7 @@ hal_attribute_hwservice(vendor_hal_dspmanager, vendor_hal_dspmanager_hwservice) r_dir_file(vendor_dspservice, adsprpcd_file) # For reading "vendor.fastrpc." properties -get_prop(vendor_dspservice, adsprpc_prop) +get_prop(vendor_dspservice, vendor_adsprpc_prop) # Allow access to adsprpc secure and non-secure devices allow vendor_dspservice qdsp_device:chr_file r_file_perms; diff --git a/sepolicy/legacy/vendor/common/dumpstate.te b/sepolicy/legacy/vendor/common/dumpstate.te index e6bf37bbe..86169a403 100644 --- a/sepolicy/legacy/vendor/common/dumpstate.te +++ b/sepolicy/legacy/vendor/common/dumpstate.te @@ -41,4 +41,5 @@ dontaudit dumpstate sysfs:file * ; allow dumpstate debugfs_mmc:dir search; binder_call(dumpstate, hal_light_default) + binder_call(dumpstate, hal_power_default) diff --git a/sepolicy/legacy/vendor/common/embmssl_app.te b/sepolicy/legacy/vendor/common/embmssl_app.te new file mode 100644 index 000000000..2bc2df334 --- /dev/null +++ b/sepolicy/legacy/vendor/common/embmssl_app.te @@ -0,0 +1,38 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_embmssl_app, domain; +app_domain(vendor_embmssl_app); + +#============= vendor_embmssl_app ============== +net_domain(vendor_embmssl_app) +unix_socket_connect(vendor_embmssl_app, vendor_dpmtcm, vendor_dpmd) +allow vendor_embmssl_app { app_api_service radio_service }:service_manager find; + +#allow embmssl app to access embmssl hal +hal_client_domain(vendor_embmssl_app, vendor_hal_embmssl); +hal_client_domain(vendor_embmssl_app, vendor_hal_perf); diff --git a/sepolicy/legacy/vendor/common/file.te b/sepolicy/legacy/vendor/common/file.te index 31c388469..5fb19abb0 100644 --- a/sepolicy/legacy/vendor/common/file.te +++ b/sepolicy/legacy/vendor/common/file.te @@ -195,6 +195,7 @@ type sysfs_hsic_host_rdy, sysfs_type, fs_type; # Files accessed by qcom-system-daemon type sysfs_socinfo, fs_type, sysfs_type; +type sysfs_soc, sysfs_type, fs_type; type vendor_sysfs_public, fs_type, sysfs_type; type qlogd_socket, file_type, mlstrustedobject; @@ -236,7 +237,7 @@ type qfp-daemon_data_file, file_type, data_file_type; type persist_qti_fp_file, file_type, vendor_persist_type; # imshelper_app file types -type imshelper_app_data_file, file_type, data_file_type; +type vendor_imshelper_app_data_file, file_type, data_file_type; # RIDL data files type RIDL_data_file, file_type, data_file_type; @@ -286,6 +287,7 @@ type nfc_vendor_data_file, file_type, data_file_type; # kgsl file type for sysfs access type sysfs_kgsl, sysfs_type, fs_type; type sysfs_kgsl_proc, sysfs_type, fs_type; +type sysfs_kgsl_shell, sysfs_type, fs_type; # kgsl snapshot file type for sysfs access type sysfs_kgsl_snapshot, sysfs_type, fs_type; # kgsl gpu model file type for sysfs access @@ -416,6 +418,8 @@ type vendor_capabilityconfigstore_data_file, file_type, data_file_type; #sensor log files type sensors_vendor_data_file, file_type, data_file_type; -type vendor_sysfs_devicetree_cpu, sysfs_type, fs_type; - type vendor_sysfs_kgsl_gpuclk, sysfs_type, fs_type; + +#slub-debug +type sysfs_slab_zshandle_storeuser, fs_type, sysfs_type; +type sysfs_slab_zspage_storeuser, fs_type, sysfs_type; diff --git a/sepolicy/legacy/vendor/common/file_contexts b/sepolicy/legacy/vendor/common/file_contexts index 7b431d472..3f057dd68 100644 --- a/sepolicy/legacy/vendor/common/file_contexts +++ b/sepolicy/legacy/vendor/common/file_contexts @@ -196,6 +196,7 @@ /(vendor|system/vendor)/bin/init\.qcom\.early_boot\.sh u:object_r:qti_init_shell_exec:s0 /(vendor|system/vendor)/bin/init\.class_main\.sh u:object_r:qti_init_shell_exec:s0 /(vendor|system/vendor)/bin/init\.qcom\.post_boot\.sh u:object_r:qti_init_shell_exec:s0 +/(vendor|system/vendor)/bin/init\.qti\.dcvs\.sh u:object_r:vendor_init-qti-dcvs-sh_exec:s0 /(vendor|system/vendor)/bin/init\.qcom\.sensors\.sh u:object_r:qti_init_shell_exec:s0 /(vendor|system/vendor)/bin/init\.qcom\.usb\.sh u:object_r:qti_init_shell_exec:s0 /(vendor|system/vendor)/bin/init\.mdm\.sh u:object_r:qti_init_shell_exec:s0 @@ -221,6 +222,7 @@ /(vendor|system/vendor)/bin/mmid u:object_r:vendor_mmi_exec:s0 /(vendor|system/vendor)/bin/qdcmss u:object_r:qdcm-ss_exec:s0 /(vendor|system/vendor)/bin/msm_irqbalance u:object_r:vendor_msm_irqbalanced_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.power-service u:object_r:hal_power_default_exec:s0 /(vendor|system/vendor)/bin/imsdatadaemon u:object_r:ims_exec:s0 /(vendor|system/vendor)/bin/imsqmidaemon u:object_r:ims_exec:s0 /(vendor|system/vendor)/bin/ims_rtp_daemon u:object_r:hal_imsrtp_exec:s0 @@ -266,16 +268,17 @@ /(vendor|system/vendor)/bin/subsystem_ramdump u:object_r:vendor_subsystem_ramdump_exec:s0 /(vendor|system/vendor)/bin/ssr_diag u:object_r:vendor_ssr_diag_exec:s0 /(vendor|system/vendor)/bin/hw/qcrild u:object_r:rild_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.[1-3]-service.clearkey u:object_r:hal_drm_clearkey_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.[2-3]-service-lazy.clearkey u:object_r:hal_drm_clearkey_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.[1-3]-service.widevine u:object_r:hal_drm_widevine_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.[2-3]-service-lazy.widevine u:object_r:hal_drm_widevine_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.[1-4]-service.clearkey u:object_r:hal_drm_clearkey_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.[2-4]-service-lazy.clearkey u:object_r:hal_drm_clearkey_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.[1-4]-service.widevine u:object_r:hal_drm_widevine_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.[2-4]-service-lazy.widevine u:object_r:hal_drm_widevine_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@.*-service-qti u:object_r:hal_gnss_qti_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.gnss@.*-service u:object_r:hal_gnss_qti_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti u:object_r:hal_bluetooth_qti_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti-lazy u:object_r:hal_bluetooth_qti_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.display\.color@1\.0-service u:object_r:hal_display_color_default_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.perf@1\.0-service u:object_r:hal_perf_default_exec:s0 -/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.perf@2\.[0-2]-service u:object_r:hal_perf_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.perf@2\.[0-2]-service u:object_r:hal_perf_default_exec:s0 /(vendor|system/vendor)/bin/ssgqmigd u:object_r:ssgqmigd_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.iop@1\.0-service u:object_r:hal_iop_default_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.iop@2\.0-service u:object_r:hal_iop_default_exec:s0 @@ -292,6 +295,7 @@ /(vendor|system/vendor)/bin/garden_app u:object_r:location_exec:s0 /(vendor|system/vendor)/bin/DR_AP_Service u:object_r:location_exec:s0 /(vendor|system/vendor)/bin/slim_daemon u:object_r:location_exec:s0 +/(vendor|system/vendor)/bin/edgnss-daemon u:object_r:location_exec:s0 /(vendor|system/vendor)/bin/xtra-daemon u:object_r:location_exec:s0 /(vendor|system/vendor)/bin/energy-awareness u:object_r:energyawareness_exec:s0 /(vendor|system/vendor)/bin/fidodaemon u:object_r:fidodaemon_exec:s0 @@ -321,6 +325,7 @@ /(vendor|system/vendor)/bin/fingerprint.qcom u:object_r:fps_hal_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.1-service-qti u:object_r:hal_keymaster_qti_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-strongbox-service-qti u:object_r:hal_keymaster_qti_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.cryptfshw@1\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti u:object_r:hal_gatekeeper_qti_exec:s0 @@ -335,7 +340,7 @@ /(vendor|system/vendor)/bin/fm_qsoc_patches u:object_r:fm_qsoc_patches_exec:s0 /(vendor|system/vendor)/bin/chre u:object_r:chre_exec:s0 /(vendor|system/vendor)/bin/tloc_daemon u:object_r:tlocd_exec:s0 -/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.factory@1\.[0-1]-service u:object_r:vendor_hal_factory_qti_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.factory@1\.[0-1]-service u:object_r:vendor_hal_factory_qti_default_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.servicetracker@1\.[0-2]-service u:object_r:vendor_hal_srvctracker_default_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator@1\.0-service u:object_r:hal_graphics_allocator_default_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator-service u:object_r:hal_graphics_allocator_default_exec:s0 @@ -348,6 +353,7 @@ /(vendor|system/vendor)/bin/power_off_alarm u:object_r:power_off_alarm_exec:s0 /vendor/bin/hw/vendor\.qti\.hardware\.vibrator@1\.[0-2]-service u:object_r:hal_vibrator_default_exec:s0 /vendor/bin/hw/vendor\.qti\.hardware\.vibrator\.service u:object_r:hal_vibrator_default_exec:s0 +/vendor/bin/hw/android\.hardware\.usb\@1\.[0-2]-service-qti u:object_r:hal_usb_default_qti_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget@1\.0-service-qti u:object_r:hal_usb_gadget_qti_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.scve\.panorama@1\.0-service u:object_r:vendor_scve_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.scve\.objecttracker@1\.0-service u:object_r:vendor_scve_exec:s0 @@ -363,6 +369,7 @@ /sys/class/thermal(/.*)? u:object_r:sysfs_thermal:s0 /sys/class/sensors(/.*)? u:object_r:sysfs_sensors:s0 /sys/class/uio(/.*)? u:object_r:sysfs_uio:s0 +/sys/class/devfreq(/.*)? u:object_r:sysfs_devfreq:s0 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,rmtfs_sharedmem/uio/uio[0-9]+(/.*)? u:object_r:sysfs_uio_file:s0 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,rmtfs_sharedmem/uio/uio[0-9]+/maps/map[0-9]+(/.*)? u:object_r:sysfs_uio_file:s0 /sys/devices/[^/]+bcl[^/]+(/.*)? u:object_r:sysfs_thermal:s0 @@ -391,6 +398,7 @@ /sys/devices/virtual/smdpkt/smdcntl1[0-9]/open_timeout u:object_r:sysfs_smd_open_timeout:s0 /sys/devices/virtual/smdpkt/smdcntl[0-9]/open_timeout u:object_r:sysfs_smd_open_timeout:s0 /sys/devices/virtual/thermal(/.*)? u:object_r:sysfs_thermal:s0 +/sys/devices/virtual u:object_r:sysfs_thermal:s0 /sys/module/msm_serial_hs/parameters/debug_mask u:object_r:sysfs_msmuart_file:s0 /sys/module/msm_thermal(/.*)? u:object_r:sysfs_thermal:s0 /sys/module/msm_thermal/core_control/cpus_offlined u:object_r:sysfs_mpdecision:s0 @@ -449,8 +457,11 @@ /sys/devices/virtual/workqueue/kgsl-events/nice u:object_r:sysfs_kgsl:s0 /sys/devices/virtual/workqueue/kgsl-workqueue/cpumask u:object_r:sysfs_kgsl:s0 /sys/devices/virtual/workqueue/kgsl-workqueue/nice u:object_r:sysfs_kgsl:s0 +/sys/devices/virtual/kgsl/kgsl(/.*)? u:object_r:sysfs_kgsl:s0 /sys/class/graphics/fb([0-3])+/mdp/caps u:object_r:sysfs_graphics:s0 /sys/class/graphics/fb([0-3])+/ad u:object_r:sysfs_graphics:s0 +/sys/class/lcd_bias/secure_mode u:object_r:sysfs_graphics:s0 +/sys/class/leds/wled/secure_mode u:object_r:sysfs_graphics:s0 /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/backlight(/.*)? u:object_r:sysfs_graphics:s0 /sys/devices/platform/soc/5e00000.qcom,mdss_mdp/backlight(/.*)? u:object_r:sysfs_graphics:s0 /sys/devices/virtual/switch/hdmi(/.*)? u:object_r:sysfs_graphics:s0 @@ -477,7 +488,7 @@ /sys/devices/soc/soc:hbtp/secure_touch_enable u:object_r:hbtp_kernel_sysfs:s0 /sys/devices/soc/soc:hbtp/secure_touch_userspace u:object_r:hbtp_kernel_sysfs:s0 /sys/kernel/hbtp/display_pwr u:object_r:hbtp_kernel_sysfs:s0 -/sys/firmware/devicetree/base/cpus(/.*)? u:object_r:vendor_sysfs_devicetree_cpu:s0 +/sys/firmware/devicetree/base/cpus(/.*)? u:object_r:sysfs_devices_system_cpu:s0 /sys/devices/vendor/vendor:bt_wcn3990/extldo u:object_r:sysfs_bluetooth_writable:s0 /sys/devices/vendor/vendor:bt_wcn3990/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0 /sys/devices/bt_qca6174/extldo u:object_r:sysfs_bluetooth_writable:s0 @@ -665,6 +676,7 @@ /vendor/lib(64)?/libgrallocutils\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libgralloccore\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libExtendedExtractor.so u:object_r:same_process_hal_file:s0 + # RenderScript dependencies. # To test: run cts -m CtsRenderscriptTestCases /vendor/lib(64)?/libRSDriver_adreno\.so u:object_r:same_process_hal_file:s0 @@ -736,9 +748,15 @@ #Android NN Driver /(vendor|system/vendor)/bin/hw/android\.hardware\.neuralnetworks@1\.3-service-qti u:object_r:hal_neuralnetworks_default_exec:s0 + +#Light AIDL HAL +/(vendor|system/vendor)/bin/hw/android\.hardware\.lights-service\.qti u:object_r:hal_light_default_exec:s0 + #wifilearner daemon /(vendor|system/vendor)/bin/wifilearner u:object_r:wifilearnersvc_exec:s0 #Thermal HAL /vendor/bin/hw/android.hardware.thermal@2.0-service.qti u:object_r:hal_thermal_default_exec:s0 /vendor/bin/hw/vendor.qti.hardware.limits@1.0-service u:object_r:vendor_hal_limits_qti_exec:s0 + +/vendor/bin/embmsslServer u:object_r:vendor_hal_embmssl_qti_exec:s0 diff --git a/sepolicy/legacy/vendor/common/fm_app.te b/sepolicy/legacy/vendor/common/fm_app.te index 817ad7dc4..7c424d88b 100644 --- a/sepolicy/legacy/vendor/common/fm_app.te +++ b/sepolicy/legacy/vendor/common/fm_app.te @@ -31,5 +31,5 @@ allow vendor_fm_app sysfs_kgsl:file r_file_perms; allow vendor_fm_app sysfs_kgsl:dir search; hal_client_domain(vendor_fm_app, hal_fm); hal_client_domain(vendor_fm_app, hal_btconfigstore); -allow vendor_fm_app hal_perf_hwservice:hwservice_manager find; get_prop(vendor_fm_app, vendor_bluetooth_prop) +allow vendor_fm_app hal_perf_hwservice:hwservice_manager find; diff --git a/sepolicy/legacy/vendor/common/fsck.te b/sepolicy/legacy/vendor/common/fsck.te index 9db590f99..355665887 100644 --- a/sepolicy/legacy/vendor/common/fsck.te +++ b/sepolicy/legacy/vendor/common/fsck.te @@ -27,3 +27,5 @@ allow fsck persist_block_device:blk_file rw_file_perms; + +allow fsck self:capability kill; diff --git a/sepolicy/legacy/vendor/common/genfs_contexts b/sepolicy/legacy/vendor/common/genfs_contexts index 3880035e2..a8849bfbf 100755 --- a/sepolicy/legacy/vendor/common/genfs_contexts +++ b/sepolicy/legacy/vendor/common/genfs_contexts @@ -33,6 +33,8 @@ genfscon proc /asound/cards u:object_r:proc_audiod:s0 genfscon proc /sys/vm/dirty_ratio u:object_r:proc_dirty_ratio:s0 genfscon sysfs /module/msm_performance/workload_modes u:object_r:sysfs_msm_perf:s0 genfscon sysfs /class/devfreq u:object_r:sysfs_devfreq:s0 +genfscon sysfs /devices/soc0 u:object_r:sysfs_socinfo:s0 +genfscon sysfs /class/kgsl u:object_r:sysfs_kgsl:s0 genfscon sysfs /devices/platform/soc/soc:qcom,cpubw/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu0/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu2/devfreq u:object_r:sysfs_devfreq:s0 @@ -45,7 +47,6 @@ genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu6/devfreq u:object_r:sysfs_d genfscon sysfs /devices/platform/soc/soc:qcom,mincpubw/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/platform/soc/soc:qcom,llccbw/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /module/big_cluster_min_freq_adjust u:object_r:sysfs_devfreq:s0 -genfscon sysfs /devices/soc0 u:object_r:sysfs_socinfo:s0 genfscon sysfs /devices/soc/soc:qcom,cpubw/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/soc/soc:qcom,memlat-cpu0/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/soc/soc:qcom,memlat-cpu2/devfreq u:object_r:sysfs_devfreq:s0 @@ -56,6 +57,7 @@ genfscon debugfs /kgsl/proc u:object_r:qti_debugfs:s0 genfscon sysfs /kernel/wcd_cpe0 u:object_r:sysfs_audio:s0 genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_thermal:s0 genfscon sysfs /devices/virtual/kgsl/kgsl/proc u:object_r:sysfs_kgsl_proc:s0 +genfscon sysfs /class/kgsl/kgsl-3d0/perfcounter u:object_r:sysfs_kgsl_shell:s0 genfscon sysfs /module/qpnp_rtc/parameters/poweron_alarm u:object_r:sysfs_poweron_alarm:s0 @@ -65,13 +67,14 @@ genfscon sysfs /devices/virtual/npu/msm_npu/pwr u:object_r:sysfs_npu:s0 genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon0/name u:object_r:sysfs_graphics:s0 genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon0/cable.0/ u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/1a00000.qcom,mdss_mdp/1a00000.qcom,mdss_mdp:qcom,mdss_fb_primary/power/runtime_status u:object_r:sysfs_graphics:s0 genfscon sysfs /devices/platform/soc/soc:qcom,mdm3/esoc0 u:object_r:sysfs_esoc:s0 -genfscon sysfs /devices/soc0/soc_id u:object_r:vendor_sysfs_public:s0 -genfscon sysfs /devices/system/soc/soc0/id u:object_r:vendor_sysfs_public:s0 -genfscon sysfs /devices/soc0/family u:object_r:vendor_sysfs_public:s0 - +genfscon sysfs /devices/soc0/soc_id u:object_r:vendor_sysfs_public:s0 +genfscon sysfs /devices/system/soc/soc0/id u:object_r:vendor_sysfs_public:s0 +genfscon sysfs /devices/soc0/family u:object_r:vendor_sysfs_public:s0 genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon1/name u:object_r:sysfs_graphics:s0 genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon1/cable.0/ u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/c176000.i2c/i2c-2/2-001d/name u:object_r:sysfs_battery_supply:s0 genfscon sysfs /devices/system/memory/ u:object_r:sysfs_memory_offline:s0 genfscon sysfs /kernel/qvr_external_sensor u:object_r:sysfs_qvr_external_sensor:s0 diff --git a/sepolicy/legacy/vendor/common/gmscore_app.te b/sepolicy/legacy/vendor/common/gmscore_app.te new file mode 100644 index 000000000..9481b67a6 --- /dev/null +++ b/sepolicy/legacy/vendor/common/gmscore_app.te @@ -0,0 +1,34 @@ +# Copyright (c) 2020-2021, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow gmscore_app hal_perf_hwservice:hwservice_manager find; +allow gmscore_app vendor_dpmtcm_socket:sock_file write; +allow gmscore_app vendor_dpmd:unix_stream_socket connectto; + +binder_call(gmscore_app, hal_perf_default) + +get_prop(gmscore_app, vendor_persist_camera_prop) diff --git a/sepolicy/legacy/vendor/common/hal_audio.te b/sepolicy/legacy/vendor/common/hal_audio.te index ad9bdf94d..91396a33e 100644 --- a/sepolicy/legacy/vendor/common/hal_audio.te +++ b/sepolicy/legacy/vendor/common/hal_audio.te @@ -64,4 +64,8 @@ hal_client_domain(hal_audio_default, hal_health) #allow acess to wcd_cpe allow hal_audio sysfs_audio:file rw_file_perms; -allow hal_audio sysfs_audio:dir r_dir_perms ; +allow hal_audio sysfs_audio:dir r_dir_perms; + +allow hal_audio_default sysfs_soc:dir r_dir_perms; + +dontaudit hal_audio_default default_prop:file read; diff --git a/sepolicy/legacy/vendor/common/hal_bluetooth_qti.te b/sepolicy/legacy/vendor/common/hal_bluetooth_qti.te index c699e2673..5b4e4aa28 100644 --- a/sepolicy/legacy/vendor/common/hal_bluetooth_qti.te +++ b/sepolicy/legacy/vendor/common/hal_bluetooth_qti.te @@ -76,3 +76,11 @@ allow hal_bluetooth_qti self:{ socket qipcrtr_socket } create_socket_perms_no_io hal_server_domain(hal_bluetooth_qti, hal_fm) hal_server_domain(hal_bluetooth_qti, hal_btconfigstore) + +allow hal_bluetooth_qti vendor_fm_data_file:dir search; +allow hal_bluetooth_qti fm_radio_device:chr_file r_file_perms; +allow hal_bluetooth_qti vendor_fm_data_file:chr_file r_file_perms; +allow hal_bluetooth_qti sysfs_fm:file write; +# allow rw create file access to fm patchdownloader +allow hal_bluetooth_qti vendor_fm_data_file:file create_file_perms; +allow hal_bluetooth_qti vendor_fm_data_file:dir ra_dir_perms; diff --git a/sepolicy/legacy/vendor/common/hal_bootctl.te b/sepolicy/legacy/vendor/common/hal_bootctl.te index f7b137905..4c64b85cd 100644 --- a/sepolicy/legacy/vendor/common/hal_bootctl.te +++ b/sepolicy/legacy/vendor/common/hal_bootctl.te @@ -64,3 +64,6 @@ allow hal_bootctl sysfs_scsi_target:dir r_dir_perms; # Allow boot_control_hal to write to the XBL devices. allow hal_bootctl xbl_block_device:blk_file rw_file_perms; + +# Read dir permission for dt_firmware +allow hal_bootctl sysfs_dt_firmware_android:dir r_dir_perms; diff --git a/sepolicy/legacy/vendor/common/hal_camera.te b/sepolicy/legacy/vendor/common/hal_camera.te index 15c6ee6d6..30421bbf0 100644 --- a/sepolicy/legacy/vendor/common/hal_camera.te +++ b/sepolicy/legacy/vendor/common/hal_camera.te @@ -79,7 +79,10 @@ allow hal_camera qdsp_device:chr_file r_file_perms; #allow camera to access /dsp r_dir_file(hal_camera, adsprpcd_file); -#allow camera to access adsprpc_prop -get_prop(hal_camera, adsprpc_prop) +#allow camera to access vendor_adsprpc_prop +get_prop(hal_camera, vendor_adsprpc_prop) allow hal_camera_default mm-qcamerad:unix_dgram_socket sendto; +get_prop( hal_camera_default, vendor_video_prop) + +allow hal_camera_default sysfs_soc:dir r_dir_perms; diff --git a/sepolicy/legacy/vendor/common/hal_embmssl.te b/sepolicy/legacy/vendor/common/hal_embmssl.te new file mode 100644 index 000000000..4b1ad7923 --- /dev/null +++ b/sepolicy/legacy/vendor/common/hal_embmssl.te @@ -0,0 +1,53 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_hal_embmssl_qti, domain; +type vendor_hal_embmssl_qti_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(vendor_hal_embmssl_qti) +hal_server_domain(vendor_hal_embmssl_qti, vendor_hal_embmssl) + +# Allow hwbinder call from hal client to server +binder_call(vendor_hal_embmssl_client, vendor_hal_embmssl_server) +binder_call(vendor_hal_embmssl_server, vendor_hal_embmssl_client) + +# Add hwservice related rules +add_hwservice(vendor_hal_embmssl_server, vendor_hal_embmssl_hwservice) + +allow vendor_hal_embmssl_client vendor_hal_embmssl_hwservice:hwservice_manager find; + +allow vendor_hal_embmssl_qti self:qipcrtr_socket create_socket_perms_no_ioctl; +allow vendor_hal_embmssl_qti time_daemon:unix_stream_socket connectto; + +allow vendor_hal_embmssl_qti netmgrd_socket:dir search; +unix_socket_connect(vendor_hal_embmssl_qti, netmgrd, netmgrd) + +allow vendor_hal_embmssl_qti self:netlink_generic_socket create_socket_perms_no_ioctl; + +userdebug_or_eng(` + allow vendor_hal_embmssl_qti diag_device:chr_file { open read write }; +') diff --git a/sepolicy/legacy/vendor/common/hal_factory_qti_default.te b/sepolicy/legacy/vendor/common/hal_factory_qti_default.te index fbbba0cfd..0de46e1fb 100755 --- a/sepolicy/legacy/vendor/common/hal_factory_qti_default.te +++ b/sepolicy/legacy/vendor/common/hal_factory_qti_default.te @@ -31,7 +31,7 @@ hal_server_domain(vendor_hal_factory_qti_default, vendor_hal_factory_qti) type vendor_hal_factory_qti_default_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(vendor_hal_factory_qti_default) -set_prop(vendor_hal_factory_qti, ctl_vendor_mmid_prop) +set_prop(vendor_hal_factory_qti, vendor_ctl_vendor_mmid_prop) # Allow read/write to mmi socket allow vendor_hal_factory_qti vendor_mmi_socket:sock_file rw_file_perms; @@ -41,4 +41,4 @@ allow vendor_hal_factory_qti_default vendor_persist_mmi_file:dir rw_dir_perms; allow vendor_hal_factory_qti_default vendor_persist_mmi_file:file create_file_perms; # Allow set vendor.sys.boot_mode property -set_prop(vendor_hal_factory_qti_default, vendor_boot_mode_prop); \ No newline at end of file +set_prop(vendor_hal_factory_qti_default, vendor_boot_mode_prop); diff --git a/sepolicy/legacy/vendor/common/hal_gatekeeper_qti.te b/sepolicy/legacy/vendor/common/hal_gatekeeper_qti.te index aba16d619..24b4fe20e 100644 --- a/sepolicy/legacy/vendor/common/hal_gatekeeper_qti.te +++ b/sepolicy/legacy/vendor/common/hal_gatekeeper_qti.te @@ -45,4 +45,4 @@ allow hal_gatekeeper_qti skp_device:chr_file rw_file_perms; allow hal_gatekeeper_qti sp_keymaster_device:chr_file rw_file_perms; allow hal_gatekeeper_qti sp_ssr_device:chr_file rw_file_perms; -get_prop(hal_gatekeeper_qti, spcomlib_prop) +get_prop(hal_gatekeeper_qti, vendor_spcomlib_prop) diff --git a/sepolicy/legacy/vendor/common/hal_gnss_qti.te b/sepolicy/legacy/vendor/common/hal_gnss_qti.te index 9cf3f2f95..26864353a 100644 --- a/sepolicy/legacy/vendor/common/hal_gnss_qti.te +++ b/sepolicy/legacy/vendor/common/hal_gnss_qti.te @@ -64,3 +64,5 @@ userdebug_or_eng(` get_prop(hal_gnss, vendor_pd_locater_dbg_prop) ') use_vendor_per_mgr(hal_gnss) + +allow hal_gnss_qti sysfs_soc:dir r_dir_perms; diff --git a/sepolicy/legacy/vendor/common/hal_imsrtp.te b/sepolicy/legacy/vendor/common/hal_imsrtp.te index aec3cfa25..e35936440 100644 --- a/sepolicy/legacy/vendor/common/hal_imsrtp.te +++ b/sepolicy/legacy/vendor/common/hal_imsrtp.te @@ -58,6 +58,6 @@ allow hal_imsrtp ion_device:chr_file r_file_perms; allow hal_imsrtp sysfs_data:file r_file_perms; -get_prop(hal_imsrtp, qcom_ims_prop) +get_prop(hal_imsrtp, vendor_qcom_ims_prop) binder_call(hal_imsrtp, vendor_qtelephony) diff --git a/sepolicy/legacy/vendor/common/hal_keymaster_qti.te b/sepolicy/legacy/vendor/common/hal_keymaster_qti.te index dfab66f10..dedf23e57 100644 --- a/sepolicy/legacy/vendor/common/hal_keymaster_qti.te +++ b/sepolicy/legacy/vendor/common/hal_keymaster_qti.te @@ -44,4 +44,4 @@ allow hal_keymaster_qti skp_device:chr_file rw_file_perms; allow hal_keymaster_qti sp_keymaster_device:chr_file rw_file_perms; allow hal_keymaster_qti sp_ssr_device:chr_file rw_file_perms; -get_prop(hal_keymaster_qti, spcomlib_prop) +get_prop(hal_keymaster_qti, vendor_spcomlib_prop) diff --git a/sepolicy/legacy/vendor/common/hal_neuralnetworks.te b/sepolicy/legacy/vendor/common/hal_neuralnetworks.te index 90893db1a..e057ccf85 100644 --- a/sepolicy/legacy/vendor/common/hal_neuralnetworks.te +++ b/sepolicy/legacy/vendor/common/hal_neuralnetworks.te @@ -43,4 +43,4 @@ allow hal_neuralnetworks_default hal_neuralnetworks_data_file:{ file fifo_file } allow hal_neuralnetworks_default gpu_device:chr_file rw_file_perms; r_dir_file(hal_neuralnetworks_default, adsprpcd_file) -get_prop(hal_neuralnetworks_default, adsprpc_prop) +get_prop(hal_neuralnetworks_default, vendor_adsprpc_prop) diff --git a/sepolicy/legacy/vendor/common/hal_nfc.te b/sepolicy/legacy/vendor/common/hal_nfc.te index e4dcada7d..919d64614 100644 --- a/sepolicy/legacy/vendor/common/hal_nfc.te +++ b/sepolicy/legacy/vendor/common/hal_nfc.te @@ -26,9 +26,19 @@ #IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # Set NFC properties -set_prop(hal_nfc, nfc_nq_prop) +set_prop(hal_nfc, vendor_nfc_nq_prop) #Allow access to firmware allow hal_nfc firmware_file:dir r_dir_perms; allow hal_nfc firmware_file:file r_file_perms; allow hal_nfc nfc_vendor_data_file:file rw_file_perms; + +add_hwservice(hal_nfc_default, hal_nfc_hwservice) + +# Get NFC properties +get_prop(hal_nfc_default, vendor_nfc_nq_prop) + +#Allow access to firmware +r_dir_file(hal_nfc_default, firmware_file) +allow hal_nfc_default nfc_vendor_data_file:file create; +allow hal_nfc_default nfc_vendor_data_file:dir w_dir_perms; diff --git a/sepolicy/legacy/vendor/common/hal_perf_default.te b/sepolicy/legacy/vendor/common/hal_perf_default.te index 6784270c4..cfb95f222 100644 --- a/sepolicy/legacy/vendor/common/hal_perf_default.te +++ b/sepolicy/legacy/vendor/common/hal_perf_default.te @@ -41,15 +41,20 @@ allow hal_perf_client hal_perf_hwservice:hwservice_manager find; allow hal_perf_default cgroup:file r_file_perms; allow hal_perf_default proc:file rw_file_perms; allow hal_perf device_latency:chr_file rw_file_perms; -get_prop(hal_perf, freq_prop) +get_prop(hal_perf, vendor_freq_prop) get_prop(hal_perf, vendor_mpctl_prop) allow hal_perf_default mpctl_data_file:dir rw_dir_perms; allow hal_perf_default mpctl_data_file:file create_file_perms; allow hal_perf_default lm_data_file:dir rw_dir_perms; allow hal_perf_default lm_data_file:file create_file_perms; allow hal_perf_default sysfs_lib:file w_file_perms; +allow hal_perf_default proc_meminfo:file r_file_perms; r_dir_file(hal_perf_default, appdomain); allow hal_perf_default {appdomain}:file rw_file_perms; +allow hal_perf_default self:capability setuid; + +allow hal_perf_default hal_display_config_hwservice:hwservice_manager find; +allow hal_perf_default hal_pasrmanager_memory_hwservice:hwservice_manager find; allow hal_perf { sysfs_devices_system_cpu @@ -58,6 +63,7 @@ allow hal_perf { sysfs_mmc_host sysfs_scsi_host sysfs_kgsl + sysfs_kgsl_proc sysfs_cpu_boost sysfs_msm_perf sysfs_memory @@ -81,6 +87,7 @@ allow hal_perf { sysfs_msm_power sysfs_battery_supply sysfs_process_reclaim + sysfs_dm }:file rw_file_perms; allow hal_perf { @@ -92,3 +99,7 @@ allow hal_perf { # Allow to self kill capability allow hal_perf_default self:capability { kill }; + +binder_call(hal_perf_default, hal_graphics_composer_default) + +allow hal_perf_default sysfs_soc:dir r_dir_perms; diff --git a/sepolicy/legacy/vendor/common/hal_rcsservice.te b/sepolicy/legacy/vendor/common/hal_rcsservice.te index 98b5da314..870fa0bdf 100644 --- a/sepolicy/legacy/vendor/common/hal_rcsservice.te +++ b/sepolicy/legacy/vendor/common/hal_rcsservice.te @@ -40,9 +40,8 @@ get_prop(hal_rcsservice, hwservicemanager_prop) add_hwservice(hal_rcsservice, hal_imscallinfo_hwservice) #add imsfactory to HIDl interface add_hwservice(hal_rcsservice, vendor_hal_imsfactory_hwservice) - # allow read datad property -get_prop(hal_rcsservice, qcom_ims_prop) +get_prop(hal_rcsservice, vendor_qcom_ims_prop) # allow imsrcsd to connect to imsdatad over socket allow hal_rcsservice self: { socket qipcrtr_socket } create_socket_perms; @@ -66,5 +65,5 @@ userdebug_or_eng(` binder_call(hal_rcsservice, radio) ') -set_prop(hal_rcsservice, ctl_vendor_imsrcsservice_prop) -set_prop(hal_rcsservice, qcom_ims_prop) +set_prop(hal_rcsservice, vendor_ctl_vendor_imsrcsservice_prop) +set_prop(hal_rcsservice, vendor_qcom_ims_prop) diff --git a/sepolicy/legacy/vendor/common/hal_secure_element_default.te b/sepolicy/legacy/vendor/common/hal_secure_element_default.te index 4e665002f..2402bdff0 100644 --- a/sepolicy/legacy/vendor/common/hal_secure_element_default.te +++ b/sepolicy/legacy/vendor/common/hal_secure_element_default.te @@ -29,7 +29,7 @@ hal_client_domain(hal_secure_element_default, hal_esepowermanager) #Allow access to the qteeconnector -hal_client_domain(hal_secure_element_default, vendor_hal_qteeconnector) +hal_client_domain(hal_secure_element_default, hal_qteeconnector) # Allow secure-element HAL to retrieve NFC vendor properties -get_prop(hal_secure_element_default, nfc_nq_prop) +get_prop(hal_secure_element_default, vendor_nfc_nq_prop) diff --git a/sepolicy/legacy/vendor/common/hal_sensors.te b/sepolicy/legacy/vendor/common/hal_sensors.te index 70dd516ef..a64312cf2 100644 --- a/sepolicy/legacy/vendor/common/hal_sensors.te +++ b/sepolicy/legacy/vendor/common/hal_sensors.te @@ -28,9 +28,10 @@ userdebug_or_eng(` diag_use(hal_sensors) + get_prop(hal_sensors_default, vendor_sensors_dbg_prop) allow hal_sensors debugfs_tracing:file { open write }; ') -set_prop(hal_sensors, slpi_prop); +set_prop(hal_sensors, vendor_slpi_prop); allow hal_sensors self:{ socket qipcrtr_socket } create_socket_perms; allowxperm hal_sensors self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls; @@ -52,10 +53,12 @@ allow hal_sensors input_device:chr_file r_file_perms; #following to set the ssr allow hal_sensors_default sysfs_slpi:dir search; allow hal_sensors_default sysfs_slpi:file w_file_perms; + allow hal_sensors_default sensors_persist_file:file create_file_perms; allow hal_sensors_default sensors_persist_file:dir create_dir_perms; allow hal_sensors_default mnt_vendor_file:dir r_dir_perms; + allow hal_sensors_default hal_graphics_mapper_hwservice:hwservice_manager find; -get_prop(hal_sensors_default, adsprpc_prop); -get_prop(hal_sensors_default, sensors_prop) \ No newline at end of file +get_prop(hal_sensors_default, vendor_adsprpc_prop); +get_prop(hal_sensors_default, vendor_sensors_prop) diff --git a/sepolicy/legacy/vendor/common/hal_usb_default.te b/sepolicy/legacy/vendor/common/hal_usb_default.te index 896b7285e..ee5b89168 100644 --- a/sepolicy/legacy/vendor/common/hal_usb_default.te +++ b/sepolicy/legacy/vendor/common/hal_usb_default.te @@ -25,6 +25,16 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +type hal_usb_default_qti, domain; +hal_server_domain(hal_usb_default_qti, hal_usb) + +type hal_usb_default_qti_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_usb_default_qti) + +get_prop(hal_usb_default, vendor_usb_prop) +set_prop(hal_usb_default, vendor_usb_prop) + +allow hal_usb_default configfs:file create_file_perms; allow hal_usb_default sysfs_usbpd_device:dir r_dir_perms; allow hal_usb_default sysfs_usbpd_device:lnk_file r_file_perms; allow hal_usb_default sysfs_usbpd_device:file rw_file_perms; diff --git a/sepolicy/legacy/vendor/common/hal_wifi.te b/sepolicy/legacy/vendor/common/hal_wifi.te index 70fd8bf1e..b4d1770cc 100644 --- a/sepolicy/legacy/vendor/common/hal_wifi.te +++ b/sepolicy/legacy/vendor/common/hal_wifi.te @@ -37,6 +37,9 @@ unix_socket_connect(hal_wifi, location, location) allow hal_wifi_default wifihal_socket:dir rw_dir_perms; allow hal_wifi_default wifihal_socket:sock_file create_file_perms; +# Write wlan driver/fw version into property +set_prop(hal_wifi_default, vendor_wifi_version) + allow hal_wifi wlan_device:chr_file rw_file_perms; allow hal_wifi self:capability sys_module; allow hal_wifi kernel:key search; diff --git a/sepolicy/legacy/vendor/common/hal_wifi_supplicant.te b/sepolicy/legacy/vendor/common/hal_wifi_supplicant.te index f79ffa769..17ac7977a 100644 --- a/sepolicy/legacy/vendor/common/hal_wifi_supplicant.te +++ b/sepolicy/legacy/vendor/common/hal_wifi_supplicant.te @@ -28,6 +28,7 @@ # # Allow access to create socket and ioctl. +allow hal_wifi_supplicant_default self:qipcrtr_socket create_socket_perms_no_ioctl; allow hal_wifi_supplicant_default self:socket create_socket_perms; # ioctlcmd=c304, c302 allowxperm hal_wifi_supplicant self:socket ioctl msm_sock_ipc_ioctls; diff --git a/sepolicy/legacy/vendor/common/hbtp.te b/sepolicy/legacy/vendor/common/hbtp.te index fd1dd2101..9e6e34233 100644 --- a/sepolicy/legacy/vendor/common/hbtp.te +++ b/sepolicy/legacy/vendor/common/hbtp.te @@ -64,11 +64,12 @@ allow hbtp self:netlink_kobject_uevent_socket { create read setopt bind }; allow hbtp sysfs_wake_lock:file r_file_perms; # Allow the service to change to system from root -allow hbtp self:capability { setgid setuid }; +allow hbtp self:capability { setgid setuid sys_nice }; + # Allow load touch driver as touchPD r_dir_file(hbtp, adsprpcd_file) -get_prop(hbtp, adsprpc_prop) +get_prop(hbtp, vendor_adsprpc_prop) # Allow the service to access wakelock capability wakelock_use(hbtp) @@ -81,3 +82,5 @@ binder_call(hal_hbtp_server, hal_hbtp_client) add_hwservice(hal_hbtp_server, hal_hbtp_hwservice) allow hal_hbtp_client hal_hbtp_hwservice:hwservice_manager find; hal_client_domain(hbtp, hal_allocator); + +allow hbtp sysfs_soc:dir r_dir_perms; diff --git a/sepolicy/legacy/vendor/common/hvdcp.te b/sepolicy/legacy/vendor/common/hvdcp.te index e61855d2c..5e162ac39 100644 --- a/sepolicy/legacy/vendor/common/hvdcp.te +++ b/sepolicy/legacy/vendor/common/hvdcp.te @@ -71,6 +71,6 @@ allow hvdcp mnt_vendor_file:dir search; allow hvdcp persist_hvdcp_file:dir rw_dir_perms; allow hvdcp persist_hvdcp_file:file create_file_perms; -set_prop(hvdcp, hvdcp_opti_prop) +set_prop(hvdcp, vendor_hvdcp_opti_prop) wakelock_use(hvdcp) diff --git a/sepolicy/legacy/vendor/common/hwservice.te b/sepolicy/legacy/vendor/common/hwservice.te index 1f041111b..ab3969162 100644 --- a/sepolicy/legacy/vendor/common/hwservice.te +++ b/sepolicy/legacy/vendor/common/hwservice.te @@ -1,4 +1,4 @@ -# Copyright (c) 2017-2018, 2020-2021, The Linux Foundation. All rights reserved. +# Copyright (c) 2017-2018, 2020-2021 The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -58,6 +58,7 @@ type hal_qdutils_disp_hwservice, hwservice_manager_type; type hal_sensorscalibrate_qti_hwservice, hwservice_manager_type; type hal_scve_hwservice, hwservice_manager_type; type hal_pasrmanager_hwservice, hwservice_manager_type; +type hal_pasrmanager_memory_hwservice, hwservice_manager_type, protected_hwservice; type hal_wifilearner_hwservice, hwservice_manager_type; type vendor_hal_srvctracker_hwservice, hwservice_manager_type, protected_hwservice; type hal_fm_hwservice, hwservice_manager_type; @@ -65,7 +66,9 @@ type hal_btconfigstore_hwservice, hwservice_manager_type; type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type; type hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice; type hal_perfcallback_hwservice, hwservice_manager_type, protected_hwservice; -type hal_debugutils_hwservice, hwservice_manager_type; +type vendor_hal_mwqemadapter_hwservice, hwservice_manager_type, protected_hwservice; type vendor_hal_dspmanager_hwservice, hwservice_manager_type; type vendor_hal_qccvndhal_hwservice, hwservice_manager_type, protected_hwservice; +type hal_debugutils_hwservice, hwservice_manager_type; type vendor_hal_limits_hwservice, hwservice_manager_type, protected_hwservice; +type vendor_hal_embmssl_hwservice, hwservice_manager_type, protected_hwservice; diff --git a/sepolicy/legacy/vendor/common/hwservice_contexts b/sepolicy/legacy/vendor/common/hwservice_contexts index 652f4ebd4..94efc2707 100644 --- a/sepolicy/legacy/vendor/common/hwservice_contexts +++ b/sepolicy/legacy/vendor/common/hwservice_contexts @@ -25,6 +25,8 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +com.qualcomm.qti.wifidisplayhal::IHDCPSession u:object_r:wifidisplayhalservice_hwservice:s0 +com.qualcomm.qti.wifidisplayhal::IDSManager u:object_r:wifidisplayhalservice_hwservice:s0 vendor.qti.hardware.fingerprint::IQtiExtendedFingerprint u:object_r:hal_fingerprint_hwservice:s0 vendor.qti.hardware.radio.am::IQcRilAudio u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.config::IConfig u:object_r:hal_telephony_hwservice:s0 @@ -54,9 +56,7 @@ com.qualcomm.qti.ant::IAntHci u:object_r:hal_blue vendor.qti.hardware.wipower::IWipower u:object_r:hal_bluetooth_hwservice:s0 vendor.qti.hardware.limits::ILimits u:object_r:vendor_hal_limits_hwservice:s0 vendor.qti.hardware.perf::IPerf u:object_r:hal_perf_hwservice:s0 -com.qualcomm.qti.wifidisplayhal::IHDCPSession u:object_r:wifidisplayhalservice_hwservice:s0 vendor.qti.hardware.iop::IIop u:object_r:hal_iop_hwservice:s0 -com.qualcomm.qti.wifidisplayhal::IDSManager u:object_r:wifidisplayhalservice_hwservice:s0 vendor.qti.hardware.alarm::IAlarm u:object_r:hal_alarm_qti_hwservice:s0 com.qualcomm.qti.uceservice::IUceService u:object_r:hal_imsrcsd_hwservice:s0 vendor.qti.ims.callinfo::IService u:object_r:hal_imscallinfo_hwservice:s0 @@ -70,13 +70,14 @@ vendor.qti.hardware.data.connection::IDataConnection u:object_r:hal_data vendor.qti.hardware.vpp::IHidlVppService u:object_r:hal_vpp_hwservice:s0 vendor.qti.hardware.wigig.supptunnel::ISuppTunnelProvider u:object_r:hal_wigig_hwservice:s0 vendor.qti.hardware.wigig.netperftuner::INetPerfTuner u:object_r:hal_wigig_npt_hwservice:s0 -vendor.qti.hardware.fstman::IFstManager u:object_r:hal_fstman_hwservice:s0 vendor.qti.hardware.qteeconnector::IAppConnector u:object_r:vendor_hal_qteeconnector_hwservice:s0 vendor.qti.hardware.qteeconnector::IGPAppConnector u:object_r:vendor_hal_qteeconnector_hwservice:s0 +vendor.qti.hardware.fstman::IFstManager u:object_r:hal_fstman_hwservice:s0 vendor.qti.esepowermanager::IEsePowerManager u:object_r:hal_esepowermanager_hwservice:s0 vendor.qti.voiceprint::IQtiVoicePrintService u:object_r:hal_voiceprint_hwservice:s0 vendor.qti.hardware.servicetracker::IDebugUtils u:object_r:hal_debugutils_hwservice:s0 vendor.qti.power.pasrmanager::IPasrManager u:object_r:hal_pasrmanager_hwservice:s0 +vendor.qti.memory.pasrmanager::IPasrManager u:object_r:hal_pasrmanager_memory_hwservice:s0 # Below rules are added to support the devices that are using the HALs before they are moved to # vendor.qti.hardware. They are used as it is to maintain the integrity of the software. vendor.qti.qcril.am::IQcRilAudio u:object_r:hal_telephony_hwservice:s0 @@ -111,5 +112,7 @@ vendor.qti.hardware.bluetooth_sar::IBluetoothSar u:object_r:hal_blue com.dsi.ant::IAnt u:object_r:hal_bluetooth_hwservice:s0 vendor.qti.hardware.qseecom::IQSEECom u:object_r:hal_qseecom_hwservice:s0 vendor.qti.hardware.perf::IPerfCallback u:object_r:hal_perfcallback_hwservice:s0 +vendor.qti.hardware.mwqemadapter::IMwqemAdapter u:object_r:vendor_hal_mwqemadapter_hwservice:s0 vendor.qti.hardware.dsp::IDspService u:object_r:vendor_hal_dspmanager_hwservice:s0 vendor.qti.hardware.qccvndhal::IQccvndhal u:object_r:vendor_hal_qccvndhal_hwservice:s0 +vendor.qti.hardware.embmssl::IEmbms u:object_r:vendor_hal_embmssl_hwservice:s0 diff --git a/sepolicy/legacy/vendor/common/ims.te b/sepolicy/legacy/vendor/common/ims.te index a695dc52f..c2791b375 100644 --- a/sepolicy/legacy/vendor/common/ims.te +++ b/sepolicy/legacy/vendor/common/ims.te @@ -59,8 +59,8 @@ allow ims { # Talk to qumuxd via ims_socket unix_socket_connect(ims, ims, qmuxd) -set_prop(ims, qcom_ims_prop) -set_prop(ims, ctl_vendor_imsrcsservice_prop) +set_prop(ims, vendor_qcom_ims_prop) +set_prop(ims, vendor_ctl_vendor_imsrcsservice_prop) # permissions for communication with CNE in LBO use case unix_socket_connect(ims, cnd, cnd) @@ -83,7 +83,7 @@ allowxperm ims self:udp_socket ioctl priv_sock_ioctls; allow ims sysfs_data:file r_file_perms; hwbinder_use(ims) get_prop(ims, hwservicemanager_prop) -get_prop(ims, qcom_ims_prop) -get_prop(ims, cnd_vendor_prop) +get_prop(ims, vendor_qcom_ims_prop) +get_prop(ims, vendor_cnd_vendor_prop) allow ims hal_datafactory_hwservice:hwservice_manager find; binder_call(ims, cnd) diff --git a/sepolicy/legacy/vendor/common/imshelper_app.te b/sepolicy/legacy/vendor/common/imshelper_app.te index ab320c0b6..0793e4946 100644 --- a/sepolicy/legacy/vendor/common/imshelper_app.te +++ b/sepolicy/legacy/vendor/common/imshelper_app.te @@ -29,8 +29,8 @@ app_domain(imshelper_app); unix_socket_connect(imshelper_app, ims, ims) allow imshelper_app app_api_service:service_manager find; -allow qsee_svc_app imshelper_app_data_file:dir create_dir_perms; -allow qsee_svc_app imshelper_app_data_file:file create_file_perms; +#allow qsee_svc_app vendor_imshelper_app_data_file:dir create_dir_perms; +#allow qsee_svc_app vendor_imshelper_app_data_file:file create_file_perms; allow imshelper_app system_app_data_file:dir { getattr search }; allow imshelper_app radio_data_file:dir { getattr search }; diff --git a/sepolicy/legacy/vendor/common/init-qti-dcvs-sh.te b/sepolicy/legacy/vendor/common/init-qti-dcvs-sh.te new file mode 100644 index 000000000..e008a9230 --- /dev/null +++ b/sepolicy/legacy/vendor/common/init-qti-dcvs-sh.te @@ -0,0 +1,41 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_init-qti-dcvs-sh, domain; +type vendor_init-qti-dcvs-sh_exec, exec_type, file_type, vendor_file_type; + +init_daemon_domain(vendor_init-qti-dcvs-sh) + +allow vendor_init-qti-dcvs-sh vendor_shell_exec:file rx_file_perms; + +# execute toybox/toolbox +allow vendor_init-qti-dcvs-sh self:perf_event { open cpu }; +neverallow vendor_init-qti-dcvs-sh self:perf_event ~{ open cpu }; + +allow vendor_init-qti-dcvs-sh sysfs:dir { open read }; +allow vendor_init-qti-dcvs-sh sysfs_devfreq:dir r_dir_perms; +allow vendor_init-qti-dcvs-sh sysfs_devfreq:file w_file_perms; diff --git a/sepolicy/legacy/vendor/common/init-qti-ims-sh.te b/sepolicy/legacy/vendor/common/init-qti-ims-sh.te index 843a6db4c..ee5b4461e 100644 --- a/sepolicy/legacy/vendor/common/init-qti-ims-sh.te +++ b/sepolicy/legacy/vendor/common/init-qti-ims-sh.te @@ -33,4 +33,7 @@ init_daemon_domain(init-qti-ims-sh) allow init-qti-ims-sh vendor_shell_exec:file rx_file_perms; allow init-qti-ims-sh vendor_toolbox_exec:file rx_file_perms; -set_prop(init-qti-ims-sh, qcom_ims_prop) +set_prop(init-qti-ims-sh, vendor_qcom_ims_prop) + +# for ro.build.product +get_prop(init-qti-ims-sh, vendor_qcom_ims_prop) diff --git a/sepolicy/legacy/vendor/common/init.te b/sepolicy/legacy/vendor/common/init.te index b8255503a..628f8173a 100644 --- a/sepolicy/legacy/vendor/common/init.te +++ b/sepolicy/legacy/vendor/common/init.te @@ -33,6 +33,8 @@ allow init { cache_file mnt_vendor_file storage_file + debugfs_tracing_debug + oemfs }:dir mounton; allow init kmsg_device:chr_file write; @@ -67,6 +69,7 @@ allow init sysfs_boot_adsp:file write; allow init sysfs_slpi:file write; allow init sysfs_graphics:file setattr; +allow init socket_device:sock_file create_file_perms; #load /vendor/lib/modules/qca_cld3/qca_cld3_wlan.ko #load /vendor/lib/modules/wil6210.ko @@ -87,3 +90,8 @@ allow init { #Blocked by neverallow vendor_init { file_type fs_type -init_exec }:file entrypoint; #domain_trans(init, vendor_init_exec, vendor_init); allow init mnt_vendor_file:lnk_file r_file_perms; + +allow init firmware_file:filesystem getattr; +allow init proc:file w_file_perms; +allow init bt_firmware_file:filesystem getattr; +allow init sysfs_mmc_host:file w_file_perms; diff --git a/sepolicy/legacy/vendor/common/init_shell.te b/sepolicy/legacy/vendor/common/init_shell.te index 9fe9657dc..6446c65cc 100644 --- a/sepolicy/legacy/vendor/common/init_shell.te +++ b/sepolicy/legacy/vendor/common/init_shell.te @@ -75,31 +75,31 @@ allow qti_init_shell self:capability { }; # For property starting with hw -# freq_prop - for setting frequency from postboot script +# vendor_freq_prop - for setting frequency from postboot script # vendor_mpctl_prop - for setting ctl.mpdecision property from postboot script # vendor_bluetooth_prop - for setting bt related properties from postboot script # ctl_vendor_qmuxd_prop/ctl_vendor_netmgrd_prop - Needed in order to set properties on qmuxd and netmgrd processes -set_prop(qti_init_shell, freq_prop) +set_prop(qti_init_shell, vendor_freq_prop) set_prop(qti_init_shell, vendor_mpctl_prop) set_prop(qti_init_shell, vendor_bluetooth_prop) -set_prop(qti_init_shell, sensors_prop) +set_prop(qti_init_shell, vendor_sensors_prop) set_prop(qti_init_shell, vendor_msm_irqbalance_prop) set_prop(qti_init_shell, vendor_msm_irqbl_sdm630_prop) set_prop(qti_init_shell, vendor_ipacm_prop) set_prop(qti_init_shell, vendor_ipacm-diag_prop) set_prop(qti_init_shell, vendor_dataqti_prop) set_prop(qti_init_shell, vendor_dataadpl_prop) -#set_prop(qti_init_shell, ctl_rildaemon_prop) -set_prop(qti_init_shell, ctl_qcrild_prop) -set_prop(qti_init_shell, ctl_vendor_rild_prop) -set_prop(qti_init_shell, ctl_vendor_qmuxd_prop) -set_prop(qti_init_shell, ctl_vendor_netmgrd_prop) -set_prop(qti_init_shell, ctl_vendor_port-bridge_prop) +#set_prop(qti_init_shell, vendor_ctl_rildaemon_prop) +set_prop(qti_init_shell, vendor_ctl_qcrild_prop) +set_prop(qti_init_shell, vendor_ctl_vendor_rild_prop) +set_prop(qti_init_shell, vendor_ctl_vendor_qmuxd_prop) +set_prop(qti_init_shell, vendor_ctl_vendor_netmgrd_prop) +set_prop(qti_init_shell, vendor_ctl_vendor_port-bridge_prop) set_prop(qti_init_shell, vendor_display_prop) -set_prop(qti_init_shell, scr_enabled_prop) +set_prop(qti_init_shell, vendor_scr_enabled_prop) set_prop(qti_init_shell, vendor_opengles_prop) set_prop(qti_init_shell, vendor_mdm_helper_prop) -set_prop(qti_init_shell, fm_prop) +set_prop(qti_init_shell, vendor_fm_prop) set_prop(qti_init_shell, vendor_alarm_boot_prop) set_prop(qti_init_shell, vendor_gralloc_prop) set_prop(qti_init_shell, vendor_audio_prop) @@ -109,21 +109,24 @@ userdebug_or_eng(` #set_prop(qti_init_shell, ctl_console_prop) set_prop(qti_init_shell, vendor_coresight_prop) set_prop(qti_init_shell, vendor_audio_debug_prop) +set_prop(qti_init_shell, vendor_vm_bms_debug_prop) ') + +set_prop(vendor_qti_init_shell,vendor_dcvs_prop) #Needed for starting vm_bms executable post-boot set_prop(qti_init_shell, vendor_vm_bms_prop) set_prop(qti_init_shell, vendor_usb_prop) #Needed for setting hwui properties in post_boot -set_prop(qti_init_shell, hwui_prop) -set_prop(qti_init_shell, graphics_vulkan_prop) +set_prop(qti_init_shell, vendor_hwui_prop) +set_prop(qti_init_shell, vendor_graphics_vulkan_prop) #Needed for setting vendor_cgroup_follow properties from post_boot set_prop(qti_init_shell, vendor_cgroup_follow_prop) #Needed for setting bservice properties from post_boot -set_prop(qti_init_shell, bservice_prop) +set_prop(qti_init_shell, vendor_bservice_prop) #Needed for setting DSR properties from post_boot -set_prop(qti_init_shell, reschedule_service_prop) +set_prop(qti_init_shell, vendor_reschedule_service_prop) #Needed for setting hvdcp properties from post_boot -set_prop(qti_init_shell, hvdcp_opti_prop) +set_prop(qti_init_shell, vendor_hvdcp_opti_prop) get_prop(qti_init_shell, radio_control_prop) set_prop(qti_init_shell, vendor_gpu_prop) @@ -139,6 +142,8 @@ allow qti_init_shell { sysfs_lowmemorykiller sysfs_mmc_host sysfs_process_reclaim + sysfs_dm + sysfs_net }:file w_file_perms; allow qti_init_shell sysfs_vmpressure:file write; @@ -222,8 +227,9 @@ allow qti_init_shell vendor_mbn_data_file:dir create_dir_perms; allow qti_init_shell vendor_mbn_data_file:file create_file_perms; set_prop(qti_init_shell, vendor_rild_libpath_prop); -set_prop(qti_init_shell, ctl_vendor_hbtp_prop) +set_prop(qti_init_shell, vendor_ctl_vendor_hbtp_prop) set_prop(qti_init_shell, vendor_radio_prop) +get_prop(qti_init_shell, radio_control_prop) allow qti_init_shell fm_qsoc_patches_exec:file rx_file_perms; @@ -275,5 +281,18 @@ allow qti_init_shell vendor_fm_data_file:dir ra_dir_perms; allow qti_init_shell sysfs_android_usb:dir r_dir_perms; allow qti_init_shell sysfs_android_usb:file rw_file_perms; -# allow read permisison for hvdcp_opti properties -get_prop(qti_init_shell, hvdcp_opti_prop) +# allow read permisison for vendor_hvdcp_opti properties +get_prop(qti_init_shell, vendor_hvdcp_opti_prop) + +#allow set permission for vendor.fastrpc properties +set_prop(qti_init_shell, vendor_adsprpc_prop) + +dontaudit qti_init_shell self:capability dac_override; + +#allow configuring slub debug options +allow qti_init_shell sysfs_slab_zshandle_storeuser:file w_file_perms; +allow qti_init_shell sysfs_slab_zspage_storeuser:file w_file_perms; + +#dontaudit default_prop and init read +dontaudit vendor_qti_init_shell default_prop:file read; +set_prop(qti_init_shell, qemu_hw_prop) diff --git a/sepolicy/legacy/vendor/common/kernel.te b/sepolicy/legacy/vendor/common/kernel.te index ffbbea13b..897a327e3 100755 --- a/sepolicy/legacy/vendor/common/kernel.te +++ b/sepolicy/legacy/vendor/common/kernel.te @@ -42,3 +42,4 @@ r_dir_file(kernel, vendor_firmware_file) # Allow kernel to schedule process to different cpuset # when the current cpu is hotplugged out allow kernel domain:process setsched; +allow kernel self:capability kill; diff --git a/sepolicy/legacy/vendor/common/lmkd.te b/sepolicy/legacy/vendor/common/lmkd.te index dcb4155fa..5ddd08cc7 100644 --- a/sepolicy/legacy/vendor/common/lmkd.te +++ b/sepolicy/legacy/vendor/common/lmkd.te @@ -29,3 +29,6 @@ allow lmkd hal_perf_hwservice:hwservice_manager find; allow lmkd hal_perf_default:binder call; allow lmkd hwservicemanager:binder call; get_prop(lmkd, hwservicemanager_prop); + +# Used by LMKD to work with EPOLLWAKEUP events. +allow lmkd self:global_capability2_class_set block_suspend; diff --git a/sepolicy/legacy/vendor/common/location.te b/sepolicy/legacy/vendor/common/location.te index bfbe9f585..a46f6fd78 100644 --- a/sepolicy/legacy/vendor/common/location.te +++ b/sepolicy/legacy/vendor/common/location.te @@ -103,7 +103,7 @@ unix_socket_send(location, wifihal, hal_wifi_default); netmgr_socket(location); #Allow access to properties -set_prop(location, location_prop); +set_prop(location, vendor_location_prop); #diag userdebug_or_eng(` @@ -123,10 +123,16 @@ hal_client_domain(location, vendor_qccsyshal); allow location hal_datafactory_hwservice:hwservice_manager find; binder_call(location, cnd) -get_prop(location, cnd_vendor_prop) +get_prop(location, vendor_cnd_vendor_prop) #Allow access to wake alarm allow location self:capability2 wake_alarm; -#allow qdma prop -#get_prop(location, vendor_qdma_prop); +#xtra-demon +hal_client_domain(location, vendor_qccsyshal); +allow location hal_cacert_hwservice:hwservice_manager find; +allow location vendor_qccsyshal_hwservice:hwservice_manager find; +## Allow location clientdomain to perform binder IPC to qtidataservices_app serverdomain. +binder_call(location, qtidataservices_app) + +allow location sysfs_soc:dir r_dir_perms; diff --git a/sepolicy/legacy/vendor/common/mediacodec.te b/sepolicy/legacy/vendor/common/mediacodec.te index e324ecfb1..9c27042a8 100644 --- a/sepolicy/legacy/vendor/common/mediacodec.te +++ b/sepolicy/legacy/vendor/common/mediacodec.te @@ -1,4 +1,4 @@ -# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -28,7 +28,7 @@ #mediacodec need intraction with audio device nodes allow mediacodec msm_aac_in_device:chr_file rw_file_perms; -get_prop(mediacodec, adsprpc_prop) +get_prop(mediacodec, vendor_adsprpc_prop) #Allow mediacodec to access proc_net files allow mediacodec proc_net:file r_file_perms; @@ -38,7 +38,7 @@ allow mediacodec xdsp_device:chr_file r_file_perms; #Allow mediacodec to access service manager wfdnativemm_service allow mediacodec wfdnativemm_service:service_manager find; -binder_call(mediacodec, wifidisplayhalservice_qti); +hal_client_domain(mediacodec, wifidisplayhalservice) #Allow mediacodec to access vendor_media_data_file files allow mediacodec vendor_media_data_file:dir create_dir_perms; @@ -58,3 +58,6 @@ allow mediacodec audio_device:chr_file rw_file_perms; #Allow mediacodec to access configstore hal_client_domain(mediacodec, hal_capabilityconfigstore_qti) + +allow mediacodec sysfs_soc:dir r_dir_perms; +get_prop(mediacodec, vendor_audio_prop) diff --git a/sepolicy/legacy/vendor/common/mediaprovider.te b/sepolicy/legacy/vendor/common/mediaprovider.te new file mode 100644 index 000000000..7ecdbf180 --- /dev/null +++ b/sepolicy/legacy/vendor/common/mediaprovider.te @@ -0,0 +1,28 @@ +# Copyright (c) 2020-2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +dontaudit mediaprovider hal_perf_hwservice:hwservice_manager find; diff --git a/sepolicy/legacy/vendor/common/mediaserver.te b/sepolicy/legacy/vendor/common/mediaserver.te index 164618a4a..ff7845fe5 100644 --- a/sepolicy/legacy/vendor/common/mediaserver.te +++ b/sepolicy/legacy/vendor/common/mediaserver.te @@ -1,4 +1,4 @@ -# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -50,13 +50,15 @@ r_dir_file(mediaserver, sysfs_thermal); binder_call(mediaserver, vendor_wfdservice) -#allow mediaserver to access adsprpc_prop -get_prop(mediaserver, adsprpc_prop) +#allow mediaserver to access vendor_adsprpc_prop +get_prop(mediaserver, vendor_adsprpc_prop) binder_call(mediaserver, bootanim); get_prop(mediaserver, vendor_audio_prop) +get_prop(mediaserver, vendor_sys_video_prop) + allow mediaserver surfaceflinger:unix_stream_socket rw_socket_perms; hal_client_domain(mediaserver, hal_graphics_composer) diff --git a/sepolicy/legacy/vendor/common/mm-qcamerad.te b/sepolicy/legacy/vendor/common/mm-qcamerad.te index 992f19806..49b317bc5 100644 --- a/sepolicy/legacy/vendor/common/mm-qcamerad.te +++ b/sepolicy/legacy/vendor/common/mm-qcamerad.te @@ -79,8 +79,8 @@ allow mm-qcamerad xdsp_device:chr_file rw_file_perms; #allow mm-qcamerad to access /dsp r_dir_file(mm-qcamerad, adsprpcd_file); -#allow mm-qcamerad to access adsprpc_prop -get_prop(mm-qcamerad, adsprpc_prop) +#allow mm-qcamerad to access vendor_adsprpc_prop +get_prop(mm-qcamerad, vendor_adsprpc_prop) r_dir_file(mm-qcamerad, firmware_file) allow mm-qcamerad graphics_device:dir r_dir_perms; diff --git a/sepolicy/legacy/vendor/common/mmi_sys.te b/sepolicy/legacy/vendor/common/mmi_sys.te index d95156c7a..0ae67ebcf 100755 --- a/sepolicy/legacy/vendor/common/mmi_sys.te +++ b/sepolicy/legacy/vendor/common/mmi_sys.te @@ -37,6 +37,4 @@ hal_client_domain(vendor_mmi_sys, vendor_hal_factory_qti); #diag userdebug_or_eng(` diag_use(vendor_mmi_sys) - hal_client_domain(vendor_mmi_sys, vendor_hal_diaghal) - hal_client_domain(vendor_mmi_sys, hal_allocator) ') diff --git a/sepolicy/legacy/vendor/common/netd.te b/sepolicy/legacy/vendor/common/netd.te index a9407f8ee..c584ef091 100644 --- a/sepolicy/legacy/vendor/common/netd.te +++ b/sepolicy/legacy/vendor/common/netd.te @@ -1,4 +1,4 @@ -# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -33,7 +33,7 @@ binder_use(netd); allow netd netd:packet_socket create_socket_perms_no_ioctl; allow netd vendor_wfdservice:fd use; -#allow netd vendor_wfdservice:tcp_socket rw_socket_perms; +#allow netd wfdservice:tcp_socket rw_socket_perms; hal_client_domain(netd, wifidisplayhalservice); #allow netd to use privileged sock ioctls diff --git a/sepolicy/legacy/vendor/common/netmgrd.te b/sepolicy/legacy/vendor/common/netmgrd.te index 31593c76d..de479112f 100644 --- a/sepolicy/legacy/vendor/common/netmgrd.te +++ b/sepolicy/legacy/vendor/common/netmgrd.te @@ -109,3 +109,12 @@ allow netmgrd sysfs_net:file rw_file_perms; userdebug_or_eng(` r_dir_file(netmgrd, sysfs_diag) ') + +allow netmgrd sysfs_soc:dir r_dir_perms; + +# Allow netmgrd to set vendor properties +set_prop(netmgrd, vendor_data_ko_prop) + +# Allow netmgrd to use shsusrd properties +set_prop(netmgrd, vendor_data_shsusr_prop) +set_prop(netmgrd, vendor_data_qmipriod_prop) diff --git a/sepolicy/legacy/vendor/common/network_stack.te b/sepolicy/legacy/vendor/common/network_stack.te new file mode 100644 index 000000000..e9334514e --- /dev/null +++ b/sepolicy/legacy/vendor/common/network_stack.te @@ -0,0 +1,28 @@ +# Copyright (c) 2019,2021 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +hal_client_domain(network_stack, hal_perf); diff --git a/sepolicy/legacy/vendor/common/nfc.te b/sepolicy/legacy/vendor/common/nfc.te index 5238e9b66..16660faab 100644 --- a/sepolicy/legacy/vendor/common/nfc.te +++ b/sepolicy/legacy/vendor/common/nfc.te @@ -26,7 +26,7 @@ #IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # Set NFC properties -get_prop(nfc, nfc_nq_prop) +get_prop(nfc, vendor_nfc_nq_prop) #qmux_socket(nfc); #allow nfc nfc_data_file:file x_file_perms; allow nfc self:socket create_socket_perms_no_ioctl; diff --git a/sepolicy/legacy/vendor/common/nqnfcinfo.te b/sepolicy/legacy/vendor/common/nqnfcinfo.te index 66ed75dcf..d07f634dd 100644 --- a/sepolicy/legacy/vendor/common/nqnfcinfo.te +++ b/sepolicy/legacy/vendor/common/nqnfcinfo.te @@ -31,7 +31,7 @@ type nqnfcinfo_exec, exec_type, vendor_file_type, file_type; # Started by init init_daemon_domain(nqnfcinfo) -set_prop(nqnfcinfo, nfc_nq_prop); +set_prop(nqnfcinfo, vendor_nfc_nq_prop); # Access device nodes inside /dev/nq-nci allow nqnfcinfo nfc_device:chr_file rw_file_perms; diff --git a/sepolicy/legacy/vendor/common/platform_app.te b/sepolicy/legacy/vendor/common/platform_app.te index 3e76affbe..097a1417c 100644 --- a/sepolicy/legacy/vendor/common/platform_app.te +++ b/sepolicy/legacy/vendor/common/platform_app.te @@ -64,6 +64,11 @@ hal_client_domain(platform_app, hal_scve) get_prop(platform_app, vendor_mpctl_prop) #fm hal_client_domain(platform_app, hal_fm); +hal_client_domain(platform_app, hal_fingerprint); allow platform_app fm_radio_device:chr_file r_file_perms; #allow platform app to access btconfigstore hal hal_client_domain(platform_app, hal_btconfigstore); + +get_prop(platform_app, vendor_display_notch_prop) +get_prop(platform_app, build_bootimage_prop) +allow platform_app cgroup:file w_file_perms; diff --git a/sepolicy/legacy/vendor/common/port-bridge.te b/sepolicy/legacy/vendor/common/port-bridge.te index 908e1498f..da7c3fcd8 100644 --- a/sepolicy/legacy/vendor/common/port-bridge.te +++ b/sepolicy/legacy/vendor/common/port-bridge.te @@ -56,3 +56,5 @@ allow port-bridge sysfs_data:file r_file_perms; allow port-bridge port-bridge_socket:dir w_dir_perms; allow port-bridge port-bridge_socket:sock_file create_file_perms; + +allow port-bridge sysfs_soc:dir r_dir_perms; diff --git a/sepolicy/legacy/vendor/common/property.te b/sepolicy/legacy/vendor/common/property.te index 49a500277..7457da06e 100644 --- a/sepolicy/legacy/vendor/common/property.te +++ b/sepolicy/legacy/vendor/common/property.te @@ -26,160 +26,167 @@ # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # property for uicc_daemon -vendor_restricted_prop(qcom_ims_prop) -vendor_internal_prop(ctl_vendor_qmuxd_prop) -vendor_internal_prop(ctl_vendor_netmgrd_prop) -vendor_internal_prop(ctl_vendor_port-bridge_prop) -vendor_internal_prop(ctl_qcrild_prop) -vendor_restricted_prop(vendor_tee_listener_prop) -vendor_internal_prop(ctl_vendor_rild_prop) +vendor_restricted_prop(vendor_qcom_ims_prop); +vendor_internal_prop(vendor_ctl_vendor_qmuxd_prop); +vendor_internal_prop(vendor_ctl_vendor_netmgrd_prop); +vendor_internal_prop(vendor_ctl_vendor_port-bridge_prop); +vendor_internal_prop(vendor_ctl_qcrild_prop); +vendor_restricted_prop(vendor_tee_listener_prop); +vendor_internal_prop(vendor_ctl_vendor_rild_prop); # property for LKCore ctl start -vendor_restricted_prop(ctl_LKCore_prop) - -vendor_internal_prop(freq_prop) -vendor_internal_prop(vendor_vm_bms_prop) #To start vm_bms -vendor_internal_prop(vendor_dataqti_prop) -vendor_internal_prop(vendor_dataadpl_prop) -vendor_internal_prop(vendor_dataqdp_prop) -vendor_internal_prop(vendor_ipacm_prop) -vendor_internal_prop(vendor_ipacm-diag_prop) -vendor_restricted_prop(cnd_vendor_prop) -vendor_internal_prop(sensors_prop) -vendor_restricted_prop(slpi_prop) -vendor_internal_prop(vendor_msm_irqbalance_prop) -vendor_internal_prop(vendor_msm_irqbl_sdm630_prop) -vendor_restricted_prop(camera_prop) -vendor_internal_prop(spcomlib_prop) -vendor_restricted_prop(vendor_display_prop) -vendor_restricted_prop(scr_enabled_prop) -vendor_restricted_prop(bg_daemon_prop) -vendor_restricted_prop(bg_boot_complete_prop) -vendor_restricted_prop(vendor_opengles_prop) -vendor_internal_prop(vendor_mdm_helper_prop) -vendor_restricted_prop(vendor_mpctl_prop) -vendor_restricted_prop(vendor_iop_prop) -vendor_restricted_prop(public_vendor_default_prop) +vendor_restricted_prop(vendor_ctl_LKCore_prop); + +vendor_internal_prop(vendor_freq_prop); +vendor_internal_prop(vendor_vm_bms_prop); #To start vm_bms +vendor_internal_prop(vendor_vm_bms_debug_prop); +vendor_internal_prop(vendor_dataqti_prop); +vendor_internal_prop(vendor_dataadpl_prop); +vendor_internal_prop(vendor_dataqdp_prop); +vendor_internal_prop(vendor_ipacm_prop); +vendor_internal_prop(vendor_ipacm-diag_prop); +vendor_restricted_prop(vendor_cnd_vendor_prop); +vendor_internal_prop(vendor_sensors_prop); +vendor_restricted_prop(vendor_slpi_prop); +vendor_internal_prop(vendor_msm_irqbalance_prop); +vendor_internal_prop(vendor_msm_irqbl_sdm630_prop); +vendor_restricted_prop(camera_prop); +vendor_internal_prop(vendor_spcomlib_prop); +vendor_restricted_prop(vendor_display_prop); +vendor_restricted_prop(vendor_scr_enabled_prop); +vendor_restricted_prop(vendor_bg_daemon_prop); +vendor_restricted_prop(vendor_bg_boot_complete_prop); +vendor_restricted_prop(vendor_opengles_prop); +vendor_internal_prop(vendor_mdm_helper_prop); +vendor_restricted_prop(vendor_mpctl_prop); +vendor_restricted_prop(vendor_iop_prop); +vendor_restricted_prop(vendor_public_vendor_default_prop); #Scroll Pre-obtain -vendor_restricted_prop(vendor_scroll_prop) +vendor_restricted_prop(vendor_scroll_prop); # properties for ActivityManager tuning -vendor_restricted_prop(vendor_am_prop) +vendor_restricted_prop(vendor_am_prop); #Needed for ubwc support -vendor_restricted_prop(vendor_gralloc_prop) +vendor_restricted_prop(vendor_gralloc_prop); -vendor_restricted_prop(fm_prop) -vendor_restricted_prop(chgdiabled_prop) +vendor_restricted_prop(vendor_fm_prop); +vendor_restricted_prop(chgdiabled_prop); vendor_restricted_prop(vendor_xlat_prop); # property for location -vendor_internal_prop(location_prop) +vendor_internal_prop(vendor_location_prop); #properites for init.qcom.sh script -vendor_internal_prop(vendor_usb_prop) +vendor_internal_prop(vendor_usb_prop); -vendor_restricted_prop(vendor_coresight_prop) +vendor_restricted_prop(vendor_coresight_prop); -vendor_restricted_prop(vendor_alarm_boot_prop) +vendor_restricted_prop(vendor_alarm_boot_prop); -vendor_restricted_prop(vendor_wifi_ftmd_prop) +vendor_restricted_prop(vendor_wifi_ftmd_prop); + +vendor_internal_prop(vendor_wifi_version); # WIGIG -vendor_internal_prop(vendor_wigig_prop) -vendor_internal_prop(ctl_vendor_wigigsvc_prop) +vendor_internal_prop(vendor_wigig_prop); +vendor_internal_prop(vendor_ctl_vendor_wigigsvc_prop); #HWUI property -vendor_restricted_prop(hwui_prop) +vendor_restricted_prop(vendor_hwui_prop); -vendor_restricted_prop(graphics_vulkan_prop) +vendor_restricted_prop(vendor_graphics_vulkan_prop); #cgroup follow -vendor_restricted_prop(vendor_cgroup_follow_prop) +vendor_restricted_prop(vendor_cgroup_follow_prop); #Bservice property -vendor_restricted_prop(bservice_prop) +vendor_restricted_prop(vendor_bservice_prop); #Delayed Service Reschedule property -vendor_restricted_prop(reschedule_service_prop) +vendor_restricted_prop(vendor_reschedule_service_prop); #boot mode property -vendor_internal_prop(vendor_boot_mode_prop) +vendor_internal_prop(vendor_boot_mode_prop); #properties for nfc -vendor_restricted_prop(nfc_nq_prop) +vendor_restricted_prop(vendor_nfc_nq_prop); -vendor_internal_prop(vendor_rild_libpath_prop) +vendor_internal_prop(vendor_rild_libpath_prop); #Peripheral manager -vendor_restricted_prop(vendor_per_mgr_state_prop) +vendor_restricted_prop(vendor_per_mgr_state_prop); -vendor_internal_prop(vendor_system_prop) +vendor_internal_prop(vendor_system_prop); # Bluetooth props -vendor_restricted_prop(vendor_bluetooth_prop) +vendor_restricted_prop(vendor_bluetooth_prop); # HBTP -vendor_internal_prop(ctl_vendor_hbtp_prop) +vendor_internal_prop(vendor_ctl_vendor_hbtp_prop); # factory properties -vendor_internal_prop(ctl_vendor_mmid_prop) +vendor_internal_prop(vendor_ctl_vendor_mmid_prop); #qcc property -#vendor_internal_prop(vendor_qdma_prop) vendor_public_prop(vendor_qcc_prop); #imsrcsservice -vendor_restricted_prop(ctl_vendor_imsrcsservice_prop) +vendor_restricted_prop(vendor_ctl_vendor_imsrcsservice_prop); #mmi -vendor_internal_prop(vendor_mmi_prop) +vendor_internal_prop(vendor_mmi_prop); #time service -vendor_internal_prop(vendor_time_service_prop) -vendor_restricted_prop(vendor_radio_prop) +vendor_internal_prop(vendor_time_service_prop); +vendor_restricted_prop(vendor_radio_prop); # Audio props -vendor_restricted_prop(vendor_audio_prop) +vendor_restricted_prop(vendor_audio_prop); # Audio debug props -vendor_internal_prop(vendor_audio_debug_prop) +vendor_internal_prop(vendor_audio_debug_prop); #ss-restart -vendor_internal_prop(vendor_ssr_prop) +vendor_internal_prop(vendor_ssr_prop); #ss-services (PD) -vendor_internal_prop(vendor_pd_locater_dbg_prop) +vendor_internal_prop(vendor_pd_locater_dbg_prop); #qdcmss property -vendor_internal_prop(vendor_qdcmss_prop) +vendor_internal_prop(vendor_qdcmss_prop); # Wifi Softap -vendor_restricted_prop(vendor_softap_prop) +vendor_restricted_prop(vendor_softap_prop); #mm-video -vendor_restricted_prop(vendor_video_prop) +vendor_restricted_prop(vendor_video_prop); #qtccconnector vendor_internal_prop(vendor_qteeconnector_opti_prop) - #rmt_storage -vendor_internal_prop(ctl_vendor_rmt_storage_prop) +vendor_internal_prop(vendor_ctl_vendor_rmt_storage_prop); -vendor_restricted_prop(vendor_gpu_prop) +vendor_restricted_prop(vendor_gpu_prop); -vendor_internal_prop(vendor_data_ko_prop) +vendor_internal_prop(vendor_data_ko_prop); + +#shsusrd props +vendor_restricted_prop(vendor_data_shsusr_prop); +vendor_restricted_prop(vendor_data_qmipriod_prop); #hvdcp_opti -vendor_internal_prop(hvdcp_opti_prop) +vendor_internal_prop(vendor_hvdcp_opti_prop); #adsprpc props -vendor_restricted_prop(adsprpc_prop) +vendor_restricted_prop(vendor_adsprpc_prop); #qvr property -vendor_restricted_prop(qvr_prop) +vendor_restricted_prop(vendor_qvr_prop); #capabilityconfigstore hal (CCHAL) -vendor_internal_prop(vendor_cap_configstore_dbg_prop) +vendor_internal_prop(vendor_cap_configstore_dbg_prop); + +vendor_internal_prop(vendor_dcvs_prop); diff --git a/sepolicy/legacy/vendor/common/property_contexts b/sepolicy/legacy/vendor/common/property_contexts index 06310babd..9c347323d 100644 --- a/sepolicy/legacy/vendor/common/property_contexts +++ b/sepolicy/legacy/vendor/common/property_contexts @@ -32,44 +32,43 @@ persist.vendor.qcom.bluetooth. u:object_r:vendor_bluetooth_prop:s0 vendor.qcom.bluetooth. u:object_r:vendor_bluetooth_prop:s0 vendor.wc_transport. u:object_r:vendor_bluetooth_prop:s0 ro.vendor.bluetooth. u:object_r:vendor_bluetooth_prop:s0 -vendor.ims. u:object_r:qcom_ims_prop:s0 -ro.vendor.build.software.version u:object_r:qcom_ims_prop:s0 -persist.vendor.ims. u:object_r:qcom_ims_prop:s0 -persist.vendor.qti.telephony.vt_cam_interface u:object_r:qcom_ims_prop:s0 -vendor.hw.fm. u:object_r:fm_prop:s0 -ctl.vendor.qmuxd u:object_r:ctl_vendor_qmuxd_prop:s0 -ctl.vendor.netmgrd u:object_r:ctl_vendor_netmgrd_prop:s0 -ctl.vendor.port-bridge u:object_r:ctl_vendor_port-bridge_prop:s0 -ctl.vendor.qcrild u:object_r:ctl_qcrild_prop:s0 -ctl.vendor.ril-daemon u:object_r:ctl_vendor_rild_prop:s0 -ctl.vendor.cnd u:object_r:cnd_vendor_prop:s0 -persist.vendor.sys.cnd u:object_r:cnd_vendor_prop:s0 -persist.vendor.cne. u:object_r:cnd_vendor_prop:s0 -persist.vendor.cne.feature u:object_r:cnd_vendor_prop:s0 -persist.vendor.cne.logging.qxdm u:object_r:cnd_vendor_prop:s0 -persist.vendor.cnd. u:object_r:cnd_vendor_prop:s0 -persist.vendor.cnd.wqe u:object_r:cnd_vendor_prop:s0 +vendor.ims. u:object_r:vendor_qcom_ims_prop:s0 +ro.vendor.build.software.version u:object_r:vendor_qcom_ims_prop:s0 +persist.vendor.ims. u:object_r:vendor_qcom_ims_prop:s0 +persist.vendor.qti.telephony.vt_cam_interface u:object_r:vendor_qcom_ims_prop:s0 +vendor.hw.fm. u:object_r:vendor_fm_prop:s0 +ctl.vendor.qmuxd u:object_r:vendor_ctl_vendor_qmuxd_prop:s0 +ctl.vendor.netmgrd u:object_r:vendor_ctl_vendor_netmgrd_prop:s0 +ctl.vendor.port-bridge u:object_r:vendor_ctl_vendor_port-bridge_prop:s0 +ctl.vendor.qcrild u:object_r:vendor_ctl_qcrild_prop:s0 +ctl.vendor.ril-daemon u:object_r:vendor_ctl_vendor_rild_prop:s0 +ctl.vendor.cnd u:object_r:vendor_cnd_vendor_prop:s0 +persist.vendor.sys.cnd u:object_r:vendor_cnd_vendor_prop:s0 +persist.vendor.cne. u:object_r:vendor_cnd_vendor_prop:s0 +persist.vendor.cne.feature u:object_r:vendor_cnd_vendor_prop:s0 +persist.vendor.cne.logging.qxdm u:object_r:vendor_cnd_vendor_prop:s0 +persist.vendor.cnd. u:object_r:vendor_cnd_vendor_prop:s0 +persist.vendor.cnd.wqe u:object_r:vendor_cnd_vendor_prop:s0 ctl.vendor.vm_bms u:object_r:vendor_vm_bms_prop:s0 +vendor.vbms.debug.enable u:object_r:vendor_vm_bms_debug_prop:s0 ro.vendor.qualcomm.bluetooth. u:object_r:vendor_bluetooth_prop:s0 ctl.vendor.ipacm u:object_r:vendor_ipacm_prop:s0 ctl.vendor.ipacm-diag u:object_r:vendor_ipacm-diag_prop:s0 ctl.vendor.dataqti u:object_r:vendor_dataqti_prop:s0 ctl.vendor.dataadpl u:object_r:vendor_dataadpl_prop:s0 -ctl.vendor.sensors u:object_r:sensors_prop:s0 -persist.vendor.sensors. u:object_r:sensors_prop:s0 -ro.vendor.sensors. u:object_r:sensors_prop:s0 - +ctl.vendor.sensors u:object_r:vendor_sensors_prop:s0 +init.svc.vendor.qrtrns.enable u:object_r:vendor_sensors_prop:s0 ctl.vendor.msm_irqbalance u:object_r:vendor_msm_irqbalance_prop:s0 ctl.vendor.msm_irqbl_sdm630 u:object_r:vendor_msm_irqbl_sdm630_prop:s0 -vendor.slpi. u:object_r:slpi_prop:s0 +vendor.slpi. u:object_r:vendor_slpi_prop:s0 ctl.vendor.msm_irqbal_lb u:object_r:vendor_msm_irqbalance_prop:s0 -vendor.spcom. u:object_r:spcomlib_prop:s0 +vendor.spcom. u:object_r:vendor_spcomlib_prop:s0 vendor.display. u:object_r:vendor_display_prop:s0 ro.vendor.display. u:object_r:vendor_display_prop:s0 persist.vendor.display. u:object_r:vendor_display_prop:s0 -ro.vendor.scr_enabled u:object_r:scr_enabled_prop:s0 -vendor.bg_reset u:object_r:bg_daemon_prop:s0 -vendor.bg.boot_complete u:object_r:bg_boot_complete_prop:s0 +ro.vendor.scr_enabled u:object_r:vendor_scr_enabled_prop:s0 +vendor.bg_reset u:object_r:vendor_bg_daemon_prop:s0 +vendor.bg.boot_complete u:object_r:vendor_bg_boot_complete_prop:s0 vendor.opengles.version u:object_r:vendor_opengles_prop:s0 ro.vendor.qualcomm.bt.hci_transport u:object_r:vendor_bluetooth_prop:s0 ctl.vendor.mdm_helper u:object_r:vendor_mdm_helper_prop:s0 @@ -83,8 +82,10 @@ vendor.perf.iop_v3.enable u:object_r:vendor_iop_prop:s0 vendor.perf.iop_v3.enable.debug u:object_r:vendor_iop_prop:s0 vendor.iop.enable_prefetch_ofr u:object_r:vendor_iop_prop:s0 vendor.perf.gestureflingboost.enable u:object_r:vendor_scroll_prop:s0 -vendor.qti.izat. u:object_r:location_prop:s0 +vendor.qti.izat. u:object_r:vendor_location_prop:s0 vendor.usb. u:object_r:vendor_usb_prop:s0 +vendor.wlan.driver.version u:object_r:vendor_wifi_version:s0 +vendor.wlan.firmware.version u:object_r:vendor_wifi_version:s0 persist.vendor.usb. u:object_r:vendor_usb_prop:s0 ro.vendor.dbg.coresight.cfg_file u:object_r:vendor_coresight_prop:s0 vendor.audio. u:object_r:vendor_audio_prop:s0 @@ -103,50 +104,50 @@ vendor.wifi.ftmd. u:object_r:vendor_wifi_ftmd_prop:s0 # WIGIG vendor.wigig. u:object_r:vendor_wigig_prop:s0 -ctl.vendor.wigig_supplicant u:object_r:ctl_vendor_wigigsvc_prop:s0 -ctl.vendor.wigig_hostapd u:object_r:ctl_vendor_wigigsvc_prop:s0 +ctl.vendor.wigig_supplicant u:object_r:vendor_ctl_vendor_wigigsvc_prop:s0 +ctl.vendor.wigig_hostapd u:object_r:vendor_ctl_vendor_wigigsvc_prop:s0 #HWUI Property -ro.vendor.hwui.texture_cache_size u:object_r:hwui_prop:s0 +ro.vendor.hwui.texture_cache_size u:object_r:vendor_hwui_prop:s0 # ActivityManager tuning properties ro.vendor.qti.sys.fw. u:object_r:vendor_am_prop:s0 -# public_vendor_default_prop -ro.vendor.graphics.memory u:object_r:public_vendor_default_prop:s0 -vendor.debug.egl.changepixelformat u:object_r:public_vendor_default_prop:s0 -vendor.debug.prerotation.disable u:object_r:public_vendor_default_prop:s0 -vendor.dump.gpu.output u:object_r:public_vendor_default_prop:s0 -vendor.debug.egl.swapinterval u:object_r:public_vendor_default_prop:s0 -vendor.debug.egl.profiler u:object_r:public_vendor_default_prop:s0 -vendor.debug.rs. u:object_r:public_vendor_default_prop:s0 +# vendor_public_vendor_default_prop +ro.vendor.graphics.memory u:object_r:vendor_public_vendor_default_prop:s0 +vendor.debug.egl.changepixelformat u:object_r:vendor_public_vendor_default_prop:s0 +vendor.debug.prerotation.disable u:object_r:vendor_public_vendor_default_prop:s0 +vendor.dump.gpu.output u:object_r:vendor_public_vendor_default_prop:s0 +vendor.debug.egl.swapinterval u:object_r:vendor_public_vendor_default_prop:s0 +vendor.debug.egl.profiler u:object_r:vendor_public_vendor_default_prop:s0 +vendor.debug.rs. u:object_r:vendor_public_vendor_default_prop:s0 # cgroup follow ro.vendor.qti.cgroup_follow.enable u:object_r:vendor_cgroup_follow_prop:s0 ro.vendor.qti.cgroup_follow.dex2oat_only u:object_r:vendor_cgroup_follow_prop:s0 #Bservice Property -ro.vendor.qti.sys.fw.bservice_ u:object_r:bservice_prop:s0 +ro.vendor.qti.sys.fw.bservice_ u:object_r:vendor_bservice_prop:s0 #Delayed Service Restart Property -ro.vendor.qti.am.reschedule_service u:object_r:reschedule_service_prop:s0 -persist.vendor.graphics.vulkan.disable u:object_r:graphics_vulkan_prop:s0 +ro.vendor.qti.am.reschedule_service u:object_r:vendor_reschedule_service_prop:s0 +persist.vendor.graphics.vulkan.disable u:object_r:vendor_graphics_vulkan_prop:s0 #boot mode property vendor.sys.boot_mode u:object_r:vendor_boot_mode_prop:s0 # GPU -ro.vendor.gpu.available_frequencies u:object_r:freq_prop:s0 +ro.vendor.gpu.available_frequencies u:object_r:vendor_freq_prop:s0 # NFC -vendor.qti.nfc. u:object_r:nfc_nq_prop:s0 +vendor.qti.nfc. u:object_r:vendor_nfc_nq_prop:s0 # LKCore start -ctl.vendor.LKCore-dbg u:object_r:ctl_LKCore_prop:s0 -ctl.vendor.LKCore-rel u:object_r:ctl_LKCore_prop:s0 +ctl.vendor.LKCore-dbg u:object_r:vendor_ctl_LKCore_prop:s0 +ctl.vendor.LKCore-rel u:object_r:vendor_ctl_LKCore_prop:s0 vendor.rild.libpath u:object_r:vendor_rild_libpath_prop:s0 # Peripheral Manager vendor.peripheral. u:object_r:vendor_per_mgr_state_prop:s0 # HBTP -ctl.vendor.hbtp u:object_r:ctl_vendor_hbtp_prop:s0 +ctl.vendor.hbtp u:object_r:vendor_ctl_vendor_hbtp_prop:s0 # factory properties -ctl.vendor.mmid u:object_r:ctl_vendor_mmid_prop:s0 +ctl.vendor.mmid u:object_r:vendor_ctl_vendor_mmid_prop:s0 # qcc property vendor.qti.qdma. u:object_r:vendor_qcc_prop:s0 @@ -154,7 +155,7 @@ vendor.qti.qdma. u:object_r:vendor_qcc_prop:s0 #Needed by qsee need to rename this vendor.sys.listeners.registered u:object_r:vendor_tee_listener_prop:s0 -ctl.vendor.imsrcsservice u:object_r:ctl_vendor_imsrcsservice_prop:s0 +ctl.vendor.imsrcsservice u:object_r:vendor_ctl_vendor_imsrcsservice_prop:s0 persist.vendor.mmi. u:object_r:vendor_mmi_prop:s0 @@ -185,40 +186,48 @@ vendor.media.target.version u:object_r:vendor_video_prop:s0 vendor.video.disable.ubwc u:object_r:vendor_video_prop:s0 #rmt_storage -ctl.vendor.rmt_storage u:object_r:ctl_vendor_rmt_storage_prop:s0 +ctl.vendor.rmt_storage u:object_r:vendor_ctl_vendor_rmt_storage_prop:s0 #GPU Available frequencies vendor.gpu.available_frequencies u:object_r:vendor_gpu_prop:s0 +#netmgrd ko loading persist.vendor.data.shs_ko_load u:object_r:vendor_data_ko_prop:s0 persist.vendor.data.perf_ko_load u:object_r:vendor_data_ko_prop:s0 +persist.vendor.data.offload_ko_load u:object_r:vendor_data_ko_prop:s0 + +# shsusrd loading +persist.vendor.data.shsusr_load u:object_r:vendor_data_shsusr_prop:s0 +persist.vendor.data.qmipriod_load u:object_r:vendor_data_qmipriod_prop:s0 #capabilityconfigstore (CCHAL) persist.vendor.cap_configstore_debug u:object_r:vendor_cap_configstore_dbg_prop:s0 #hvdcp_opti -persist.vendor.bms u:object_r:hvdcp_opti_prop:s0 -persist.vendor.chg u:object_r:hvdcp_opti_prop:s0 -persist.vendor.chg_plcy_mgr u:object_r:hvdcp_opti_prop:s0 -persist.vendor.cp u:object_r:hvdcp_opti_prop:s0 -persist.vendor.ctm u:object_r:hvdcp_opti_prop:s0 -persist.vendor.hvdcp2 u:object_r:hvdcp_opti_prop:s0 -persist.vendor.hvdcp_opti u:object_r:hvdcp_opti_prop:s0 -persist.vendor.hvdcp u:object_r:hvdcp_opti_prop:s0 -persist.vendor.pps u:object_r:hvdcp_opti_prop:s0 -persist.vendor.std-pd u:object_r:hvdcp_opti_prop:s0 -persist.vendor.tb u:object_r:hvdcp_opti_prop:s0 -persist.vendor.vin u:object_r:hvdcp_opti_prop:s0 -persist.vendor.qg u:object_r:hvdcp_opti_prop:s0 -persist.vendor.soh u:object_r:hvdcp_opti_prop:s0 +persist.vendor.bms u:object_r:vendor_hvdcp_opti_prop:s0 +persist.vendor.chg u:object_r:vendor_hvdcp_opti_prop:s0 +persist.vendor.chg_plcy_mgr u:object_r:vendor_hvdcp_opti_prop:s0 +persist.vendor.cp u:object_r:vendor_hvdcp_opti_prop:s0 +persist.vendor.ctm u:object_r:vendor_hvdcp_opti_prop:s0 +persist.vendor.hvdcp2 u:object_r:vendor_hvdcp_opti_prop:s0 +persist.vendor.hvdcp_opti u:object_r:vendor_hvdcp_opti_prop:s0 +persist.vendor.hvdcp u:object_r:vendor_hvdcp_opti_prop:s0 +persist.vendor.pps u:object_r:vendor_hvdcp_opti_prop:s0 +persist.vendor.std-pd u:object_r:vendor_hvdcp_opti_prop:s0 +persist.vendor.tb u:object_r:vendor_hvdcp_opti_prop:s0 +persist.vendor.vin u:object_r:vendor_hvdcp_opti_prop:s0 +persist.vendor.qg u:object_r:vendor_hvdcp_opti_prop:s0 +persist.vendor.soh u:object_r:vendor_hvdcp_opti_prop:s0 #adsprpc -vendor.fastrpc. u:object_r:adsprpc_prop:s0 +vendor.fastrpc. u:object_r:vendor_adsprpc_prop:s0 #qvr properties -vendor.qvr u:object_r:qvr_prop:s0 +vendor.qvr u:object_r:vendor_qvr_prop:s0 #qteeconnector persist.vendor.qteeconnector. u:object_r:vendor_qteeconnector_opti_prop:s0 #bt lazyhal property -ro.vendor.bt.enablelazyhal u:object_r:bluetooth_prop:s0 exact bool +ro.vendor.bt.enablelazyhal u:object_r:vendor_bluetooth_prop:s0 exact bool + +vendor.dcvs.prop u:object_r:vendor_dcvs_prop:s0 diff --git a/sepolicy/legacy/vendor/common/qcc_app.te b/sepolicy/legacy/vendor/common/qcc_app.te index fc99afb38..edb6e8741 100755 --- a/sepolicy/legacy/vendor/common/qcc_app.te +++ b/sepolicy/legacy/vendor/common/qcc_app.te @@ -28,5 +28,5 @@ hal_client_domain(vendor_qcc_app, vendor_hal_qccvndhal); # IPerf -hal_client_domain(vendor_qcc_app, vendor_hal_perf); +hal_client_domain(vendor_qcc_app, hal_perf); diff --git a/sepolicy/legacy/vendor/common/qseecomd.te b/sepolicy/legacy/vendor/common/qseecomd.te index 6cc4d3597..669113d78 100644 --- a/sepolicy/legacy/vendor/common/qseecomd.te +++ b/sepolicy/legacy/vendor/common/qseecomd.te @@ -38,11 +38,15 @@ allow tee self:capability { # for anti-rollback protection allow tee block_device:dir r_dir_perms; allow tee rpmb_device:blk_file rw_file_perms; +allow tee rpmb_device:chr_file rw_file_perms; allowxperm tee rpmb_device:blk_file ioctl { MMC_IOC_CMD }; #For Wakelocks wakelock_use(tee) +#allow tee acess for SFS +allow tee tmpfs:dir read; + # Need to figure out how many scsi generic devices are preset # before being able to identify which one is rpmb device allow tee device:dir r_dir_perms; @@ -120,3 +124,5 @@ allow tee graphics_device:chr_file rw_file_perms; # Allow access to qsee data file allow tee data_qsee_file:dir create_dir_perms; allow tee data_qsee_file:file create_file_perms; + +allow tee rpmb_device:chr_file { getattr open read write }; diff --git a/sepolicy/legacy/vendor/common/qtelephony.te b/sepolicy/legacy/vendor/common/qtelephony.te index 210206e23..60d82e3c1 100644 --- a/sepolicy/legacy/vendor/common/qtelephony.te +++ b/sepolicy/legacy/vendor/common/qtelephony.te @@ -26,16 +26,19 @@ # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. get_prop(vendor_qtelephony, vendor_radio_prop) -get_prop(vendor_qtelephony, qcom_ims_prop) +get_prop(vendor_qtelephony, vendor_qcom_ims_prop) get_prop(vendor_qtelephony, vendor_persist_camera_prop) get_prop(vendor_qtelephony, vendor_audio_prop) get_prop(vendor_qtelephony, vendor_video_prop) allow vendor_qtelephony { cameraserver_service mediaextractor_service mediaserver_service mediametrics_service radio_service drmserver_service audioserver_service}:service_manager find; allow vendor_qtelephony hal_imsrtp_hwservice:hwservice_manager find; +allow vendor_qtelephony hal_perf_hwservice:hwservice_manager find; hal_client_domain(vendor_qtelephony, hal_telephony) binder_call(vendor_qtelephony, hal_imsrtp) +binder_call(vendor_qtelephony, hal_perf_default) userdebug_or_eng(` diag_use(vendor_qtelephony) ') +allow vendor_qtelephony hal_datafactory_hwservice:hwservice_manager find; diff --git a/sepolicy/legacy/vendor/common/qti_logkit_app.te b/sepolicy/legacy/vendor/common/qti_logkit_app.te index 94e4ab39d..914da6c70 100644 --- a/sepolicy/legacy/vendor/common/qti_logkit_app.te +++ b/sepolicy/legacy/vendor/common/qti_logkit_app.te @@ -31,8 +31,8 @@ app_domain(qti_logkit_app) binder_use(qti_logkit_app) # allow set prop to start lkcore -set_prop(qti_logkit_app, ctl_LKCore_prop) -set_prop(qti_logkit_app, fm_prop) +set_prop(qti_logkit_app, vendor_ctl_LKCore_prop) +set_prop(qti_logkit_app, vendor_fm_prop) allow qti_logkit_app app_api_service:service_manager find; allow qti_logkit_app surfaceflinger_service:service_manager find; diff --git a/sepolicy/legacy/vendor/common/qtidataservices_app.te b/sepolicy/legacy/vendor/common/qtidataservices_app.te index 50304a348..4908d22ea 100755 --- a/sepolicy/legacy/vendor/common/qtidataservices_app.te +++ b/sepolicy/legacy/vendor/common/qtidataservices_app.te @@ -31,7 +31,7 @@ app_domain(qtidataservices_app); add_hwservice(qtidataservices_app, hal_cacert_hwservice) hwbinder_use(qtidataservices_app) -get_prop(qtidataservices_app, cnd_vendor_prop) +get_prop(qtidataservices_app, vendor_cnd_vendor_prop) set_prop(qtidataservices_app, telephony_status_prop) allow qtidataservices_app { app_api_service activity_service }:service_manager find; @@ -41,10 +41,13 @@ allow qtidataservices_app radio_data_file:dir r_dir_perms; allow qtidataservices_app hal_datafactory_hwservice:hwservice_manager find; allow qtidataservices_app hal_iwlan_hwservice:hwservice_manager find; allow qtidataservices_app radio_service:service_manager find; +allow qtidataservices_app hal_perf_hwservice:hwservice_manager find; allow qtidataservices_app sysfs_data:file r_file_perms; binder_call(qtidataservices_app, cnd) binder_call(qtidataservices_app, rild) +binder_call(qtidataservices_app, hal_perf_default) +binder_call(qtidataservices_app, location); net_domain(qtidataservices_app) diff --git a/sepolicy/legacy/vendor/common/qvrd.te b/sepolicy/legacy/vendor/common/qvrd.te index ae01fafa6..d26bce63b 100644 --- a/sepolicy/legacy/vendor/common/qvrd.te +++ b/sepolicy/legacy/vendor/common/qvrd.te @@ -40,7 +40,7 @@ r_dir_file(vendor_qvrd, sysfs_kgsl) # Allow access to ADSP & SLPI allow vendor_qvrd { ion_device qdsp_device dsp_device xdsp_device }:chr_file r_file_perms; -get_prop(vendor_qvrd, adsprpc_prop) +get_prop(vendor_qvrd, vendor_adsprpc_prop) # # Display diff --git a/sepolicy/legacy/vendor/common/recovery.te b/sepolicy/legacy/vendor/common/recovery.te index 90f0ad599..a7915e77c 100755 --- a/sepolicy/legacy/vendor/common/recovery.te +++ b/sepolicy/legacy/vendor/common/recovery.te @@ -50,5 +50,6 @@ recovery_only(` # Enable adb on configfs devices allow recovery configfs:file rw_file_perms; allow recovery configfs:dir rw_dir_perms; + set_prop(recovery, ffs_control_prop); get_prop(recovery, vendor_boot_mode_prop) ') diff --git a/sepolicy/legacy/vendor/common/rmt_storage.te b/sepolicy/legacy/vendor/common/rmt_storage.te index 178901d8c..7da83dcf9 100644 --- a/sepolicy/legacy/vendor/common/rmt_storage.te +++ b/sepolicy/legacy/vendor/common/rmt_storage.te @@ -47,7 +47,7 @@ allow rmt_storage self:capability { setpcap }; -set_prop(rmt_storage, ctl_vendor_rmt_storage_prop) +set_prop(rmt_storage, vendor_ctl_vendor_rmt_storage_prop) #For Wakelocks wakelock_use(rmt_storage) diff --git a/sepolicy/legacy/vendor/common/seapp_contexts b/sepolicy/legacy/vendor/common/seapp_contexts index bced83e2a..2ae3cbc0e 100644 --- a/sepolicy/legacy/vendor/common/seapp_contexts +++ b/sepolicy/legacy/vendor/common/seapp_contexts @@ -1,4 +1,4 @@ -# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# Copyright (c) 2019, 2021, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -58,3 +58,12 @@ user=_app seinfo=platform name=org.codeaurora.ims isPrivApp=true domain=vendor_q #Add DeviceInfoHidlClient to vendor_qtelephony user=_app seinfo=platform name=com.qualcomm.qti.devicestatisticsservice domain=vendor_qtelephony type=app_data_file levelFrom=all + +# QtiTelephonyService app +user=_app seinfo=platform name=com.qualcomm.qti.telephonyservice domain=vendor_qtelephony type=app_data_file levelFrom=all + +#Add ExtTelephonyService to vendor_qtelephony +user=_app seinfo=platform name=com.qti.phone domain=vendor_qtelephony type=app_data_file levelFrom=all + +#allow embms msdc app to access embmssl hal +user=_app seinfo=platform name=com.qti.ltebc domain=vendor_embmssl_app type=app_data_file levelFrom=all diff --git a/sepolicy/legacy/vendor/common/sec_nvm.te b/sepolicy/legacy/vendor/common/sec_nvm.te index a7cf1cd73..eb26fdebe 100644 --- a/sepolicy/legacy/vendor/common/sec_nvm.te +++ b/sepolicy/legacy/vendor/common/sec_nvm.te @@ -53,5 +53,5 @@ allow sec_nvm persist_secnvm_file:file create_file_perms; allow sec_nvm ion_device:chr_file rw_file_perms; # Allow set/get prop to set/check if app is loaded -set_prop(sec_nvm, spcomlib_prop) +set_prop(sec_nvm, vendor_spcomlib_prop) allow sec_nvm sysfs_data:file r_file_perms; diff --git a/sepolicy/legacy/vendor/common/secure_element.te b/sepolicy/legacy/vendor/common/secure_element.te new file mode 100644 index 000000000..5a2cdad54 --- /dev/null +++ b/sepolicy/legacy/vendor/common/secure_element.te @@ -0,0 +1,29 @@ +#Copyright (c) 2019,2021 The Linux Foundation. All rights reserved. +# +#Redistribution and use in source and binary forms, with or without +#modification, are permitted provided that the following conditions are +#met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#allow secure_element to access perf hal +hal_client_domain(secure_element, hal_perf) diff --git a/sepolicy/legacy/vendor/common/sensors.te b/sepolicy/legacy/vendor/common/sensors.te index a83cf1c88..27f65b807 100644 --- a/sepolicy/legacy/vendor/common/sensors.te +++ b/sepolicy/legacy/vendor/common/sensors.te @@ -106,9 +106,11 @@ allow sensors xdsp_device:chr_file r_file_perms; # For reading dir/files on /dsp r_dir_file(sensors, adsprpcd_file) -# For reading adsprpc_prop -get_prop(sensors, adsprpc_prop) +# For reading vendor_adsprpc_prop +get_prop(sensors, vendor_adsprpc_prop) #allow access for sensors_vendor_data_file partition for ODL allow sensors sensors_vendor_data_file:dir create_dir_perms; -allow sensors sensors_vendor_data_file:file create_file_perms; \ No newline at end of file +allow sensors sensors_vendor_data_file:file create_file_perms; + +allow sensors sysfs_soc:dir r_dir_perms; diff --git a/sepolicy/legacy/vendor/common/shell.te b/sepolicy/legacy/vendor/common/shell.te index b87208a38..b56916d86 100644 --- a/sepolicy/legacy/vendor/common/shell.te +++ b/sepolicy/legacy/vendor/common/shell.te @@ -1,4 +1,5 @@ # Copyright (c) 2015-2016, 2020, The Linux Foundation. All rights reserved. +# Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -34,4 +35,7 @@ r_dir_file(shell, qti_logkit_priv_data_file) r_dir_file(shell, qti_logkit_pub_data_file) # allow any 3rd party shell app to be a client of DSP HAL -hal_client_domain(shell, vendor_hal_dspmanager) \ No newline at end of file +hal_client_domain(shell, vendor_hal_dspmanager) + +# allow shell users to control kgsl perfcounters +allow shell sysfs_kgsl_shell:file rw_file_perms; diff --git a/sepolicy/legacy/vendor/common/spdaemon.te b/sepolicy/legacy/vendor/common/spdaemon.te index 6f00855b1..5719e13a5 100644 --- a/sepolicy/legacy/vendor/common/spdaemon.te +++ b/sepolicy/legacy/vendor/common/spdaemon.te @@ -60,6 +60,6 @@ r_dir_file(spdaemon, firmware_file); use_vendor_per_mgr(spdaemon) # Allow set/get prop to set/check if app is loaded -set_prop(spdaemon, spcomlib_prop) +set_prop(spdaemon, vendor_spcomlib_prop) allow spdaemon sysfs_data:file r_file_perms; diff --git a/sepolicy/legacy/vendor/common/sysmonapp/keys.conf b/sepolicy/legacy/vendor/common/sysmonapp/keys.conf new file mode 100644 index 000000000..e3c413482 --- /dev/null +++ b/sepolicy/legacy/vendor/common/sysmonapp/keys.conf @@ -0,0 +1,29 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +[@SYSMONAPP] +ALL : device/qcom/common/sepolicy/legacy/vendor/common/sysmonapp/sysmonapp_app_cert.x509.pem diff --git a/sepolicy/legacy/vendor/common/sysmonapp/mac_permissions.xml b/sepolicy/legacy/vendor/common/sysmonapp/mac_permissions.xml new file mode 100644 index 000000000..1b87982f5 --- /dev/null +++ b/sepolicy/legacy/vendor/common/sysmonapp/mac_permissions.xml @@ -0,0 +1,36 @@ + + + + + + + + + diff --git a/sepolicy/legacy/vendor/common/sysmonapp/seapp_contexts b/sepolicy/legacy/vendor/common/sysmonapp/seapp_contexts new file mode 100644 index 000000000..f974b9e2b --- /dev/null +++ b/sepolicy/legacy/vendor/common/sysmonapp/seapp_contexts @@ -0,0 +1,30 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# sysmonapp applications +user=_app seinfo=sysmonapp domain=sysmonapp_app name=com.qualcomm.sysmonappInternal type=app_data_file levelFrom=all +user=_app seinfo=sysmonapp domain=sysmonapp_app name=com.qualcomm.qti.sysmonappExternal type=app_data_file levelFrom=all diff --git a/sepolicy/legacy/vendor/common/sysmonapp/sysmonapp_app.te b/sepolicy/legacy/vendor/common/sysmonapp/sysmonapp_app.te new file mode 100644 index 000000000..f2d14829e --- /dev/null +++ b/sepolicy/legacy/vendor/common/sysmonapp/sysmonapp_app.te @@ -0,0 +1,43 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +## sysmonapp_app +## This file defines permissions that sysmonapp_app can carry + +type sysmonapp_app, domain; +app_domain(sysmonapp_app); + +# For service manager access +allow sysmonapp_app app_api_service:service_manager find; + +# For access to camera and media +allow sysmonapp_app cameraserver_service:service_manager find; +allow sysmonapp_app mediaserver_service:service_manager find; + +# To access FastRPC devices +allow sysmonapp_app qdsp_device:chr_file r_file_perms; +allow sysmonapp_app xdsp_device:chr_file r_file_perms; diff --git a/sepolicy/legacy/vendor/common/sysmonapp/sysmonapp_app_cert.x509.pem b/sepolicy/legacy/vendor/common/sysmonapp/sysmonapp_app_cert.x509.pem new file mode 100644 index 000000000..0dc086780 --- /dev/null +++ b/sepolicy/legacy/vendor/common/sysmonapp/sysmonapp_app_cert.x509.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID+zCCAuOgAwIBAgIJAI6ZXMpc0lvVMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJJTjESMBAGA1UECAwJVGVsYW5nYW5hMRIwEAYDVQQHDAlIeWRlcmFiYWQx +FjAUBgNVBAoMDVF1YWxjb21tLEluYy4xDDAKBgNVBAsMA1FDVDEPMA0GA1UEAwwG +c2dhbmRlMSYwJAYJKoZIhvcNAQkBFhdzZ2FuZGVAcXRpLnF1YWxjb21tLmNvbTAe +Fw0xODA2MTgwNTM0MTVaFw00NTExMDMwNTM0MTVaMIGUMQswCQYDVQQGEwJJTjES +MBAGA1UECAwJVGVsYW5nYW5hMRIwEAYDVQQHDAlIeWRlcmFiYWQxFjAUBgNVBAoM +DVF1YWxjb21tLEluYy4xDDAKBgNVBAsMA1FDVDEPMA0GA1UEAwwGc2dhbmRlMSYw +JAYJKoZIhvcNAQkBFhdzZ2FuZGVAcXRpLnF1YWxjb21tLmNvbTCCASAwDQYJKoZI +hvcNAQEBBQADggENADCCAQgCggEBAJf2rCxstFL2XNWAfKOfDYDkIBXDR5hIQgki +TlO3gOt7HuQ2VJXwiE7u9DxuBo2Z/bjqA0jsTyoVPUv4L0ZzV5sJHTyNmGtZbE8Y +1HaXopIWTTM3rACZc/flhDUilEwLwhwSnaPLb+ZfBAziJfB4zlVFTqtW9ppyHTuK +LtyZ/T3d0IbpKsQveuUrRi2C7D+DLw4ma8jLxZxB74SIrJDHAwO2fBfVYdr1zomV +2Xw3yByP9LtH1iZn0mazK2iwLc0jwMA0MkP9vXy0AgU/K05fK2NGA1ohYGE+VylP +2/xdOoTGYG9o+rQ4E4aRHLhUm0rrYJ+gMr5dNfAYKrYkNhYAFQ8CAQOjUDBOMB0G +A1UdDgQWBBTmhWIosfZ4boEKTQfYpXyEEKWJczAfBgNVHSMEGDAWgBTmhWIosfZ4 +boEKTQfYpXyEEKWJczAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA5 +60hYg8NV88l1vIJm67f2ZNOdRRcdN9cfRZcvQJ+5b6Fi5y3OWrAZZUoq809GwVzM +BLD39kW7FeD7SGoXEn0aEiNPW7Ow0wEyNIKcnbL1BSCqNbuFpoDuTm8WA81NG3jV +I3seJtbJBlOH800udMsuq1HlR2Bf0gG7CrCqSAoWupu6wFT9bvjRH92xd/nx9f5H +vKdLHuCavy9woAp+pAZG06QYQ3r5xghUrSFzeBwRZyCvEdoPNMKRnAsLSPDVNPKh +mrvpzBOuFpFrMikMTniOua0O7u1Mozb9JUCVJ3gKg6XDjkOggUZz4YOnjZTYCt+U +M4A7lXTNwu+o0hww8cEB +-----END CERTIFICATE----- diff --git a/sepolicy/legacy/vendor/common/system_app.te b/sepolicy/legacy/vendor/common/system_app.te index 6feb00824..2ddc27720 100644 --- a/sepolicy/legacy/vendor/common/system_app.te +++ b/sepolicy/legacy/vendor/common/system_app.te @@ -159,7 +159,7 @@ hal_client_domain(system_app, hal_perf) #allow system app to interact with the esepowermanager hal_client_domain(system_app, hal_esepowermanager) -get_prop(system_app, fm_prop) +get_prop(system_app, vendor_fm_prop) #allow system_app access factory hal_client_domain(system_app, vendor_hal_factory_qti); diff --git a/sepolicy/legacy/vendor/common/system_server.te b/sepolicy/legacy/vendor/common/system_server.te index 3f914bba2..3d5759e4e 100644 --- a/sepolicy/legacy/vendor/common/system_server.te +++ b/sepolicy/legacy/vendor/common/system_server.te @@ -136,9 +136,9 @@ allow system_server { vendor_location_app system_app } :file write; get_prop(system_server, vendor_opengles_prop) #get_prop(system_server, qemu_hw_mainkeys_prop) -get_prop(system_server, hwui_prop) -get_prop(system_server, bservice_prop) -get_prop(system_server, reschedule_service_prop) +get_prop(system_server, vendor_hwui_prop) +get_prop(system_server, vendor_bservice_prop) +get_prop(system_server, vendor_reschedule_service_prop) allow system_server appdomain:file w_file_perms; get_prop(system_server, vendor_cgroup_follow_prop) @@ -186,3 +186,5 @@ get_prop(system_server, vendor_xlat_prop) # allow system_server to access IWifiStats HAL service hal_client_domain(system_server, hal_wifilearner) + +dontaudit system_server vendor_default_prop:file read; diff --git a/sepolicy/legacy/vendor/common/systemhelper_app.te b/sepolicy/legacy/vendor/common/systemhelper_app.te new file mode 100644 index 000000000..c706b495b --- /dev/null +++ b/sepolicy/legacy/vendor/common/systemhelper_app.te @@ -0,0 +1,32 @@ +# Copyright (c) 2019,2021 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +hal_client_domain(vendor_systemhelper_app, hal_perf) +allow vendor_systemhelper_app content_capture_service:service_manager find; + + diff --git a/sepolicy/legacy/vendor/common/te_macros b/sepolicy/legacy/vendor/common/te_macros index 58e3bcb9f..376026251 100644 --- a/sepolicy/legacy/vendor/common/te_macros +++ b/sepolicy/legacy/vendor/common/te_macros @@ -73,6 +73,17 @@ allow $1 vendor_per_mgr_service:service_manager find; get_prop($1, vendor_per_mgr_state_prop); ') +##################################### +# cnd_nims_socket_perm(clientdomain) +# allow cnd to read /proc/pid/cmdline to get appname +# allow cnd to use inet socket created by app. +define(`cnd_nims_socket_perm', ` +allow cnd $1:dir r_dir_perms; +allow cnd $1:file r_file_perms; +allow cnd $1:fd use; +allow cnd $1:tcp_socket rw_socket_perms; +') + ##################################### # diag_use(clientdomain) # allow clientdomain to read/write to diag diff --git a/sepolicy/legacy/vendor/common/thermal-engine.te b/sepolicy/legacy/vendor/common/thermal-engine.te index e6bc843f5..7f1591754 100644 --- a/sepolicy/legacy/vendor/common/thermal-engine.te +++ b/sepolicy/legacy/vendor/common/thermal-engine.te @@ -100,3 +100,6 @@ r_dir_file(thermal-engine, sysfs_uio_file) r_dir_file(thermal-engine, adsprpcd_file); allow thermal-engine qdsp_device:chr_file r_file_perms; allow thermal-engine ion_device:chr_file r_file_perms; + +allow thermal-engine sysfs_devfreq:dir r_dir_perms; +allow thermal-engine sysfs_soc:dir r_dir_perms; diff --git a/sepolicy/legacy/vendor/common/tlocd.te b/sepolicy/legacy/vendor/common/tlocd.te index a769e4960..5a067f7e6 100644 --- a/sepolicy/legacy/vendor/common/tlocd.te +++ b/sepolicy/legacy/vendor/common/tlocd.te @@ -49,5 +49,5 @@ allowxperm tlocd self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls; allow tlocd ion_device:chr_file rw_file_perms; -# Allow search of location vendor data files allow tlocd location_data_file:dir search; +allow tlocd vendor_smcinvoke_device:chr_file rw_file_perms; diff --git a/sepolicy/legacy/vendor/common/untrusted_app.te b/sepolicy/legacy/vendor/common/untrusted_app.te index ef8519273..b1bac8505 100644 --- a/sepolicy/legacy/vendor/common/untrusted_app.te +++ b/sepolicy/legacy/vendor/common/untrusted_app.te @@ -39,3 +39,4 @@ allow untrusted_app gba_auth_service:service_manager find; # some addtional change. # allow untrusted apps to access hal_perf # hal_client_domain(untrusted_app, hal_perf); +get_prop(untrusted_app_29, vendor_persist_camera_prop) diff --git a/sepolicy/legacy/vendor/common/vendor_init.te b/sepolicy/legacy/vendor/common/vendor_init.te index a556fcd53..a5368fc75 100644 --- a/sepolicy/legacy/vendor/common/vendor_init.te +++ b/sepolicy/legacy/vendor/common/vendor_init.te @@ -88,23 +88,21 @@ set_prop(vendor_init, vendor_rild_libpath_prop) #Blocked by neverallow vendor_init { file_type fs_type }:file execute_no_trans; #allow vendor_init vendor_toolbox_exec:file rx_file_perms; -set_prop(vendor_init, cnd_vendor_prop) +set_prop(vendor_init, vendor_cnd_vendor_prop) #Access vendor gpu freq properties set_prop(vendor_init, vendor_gpu_prop) -set_prop(vendor_init, public_vendor_default_prop) +set_prop(vendor_init, vendor_public_vendor_default_prop) #allow vendor GPU property set_prop(vendor_init, vendor_opengles_prop) get_prop(vendor_init, vendor_video_prop) - -set_prop(vendor_init, vendor_qteeconnector_opti_prop) - +get_prop(vendor_init, persist_debug_prop) set_prop(vendor_init, vendor_sys_video_prop) #Acess vendor hvdcp properties -set_prop(vendor_init, hvdcp_opti_prop) +set_prop(vendor_init, vendor_hvdcp_opti_prop) # Allow timezone to be overrided by vendor set_prop(vendor_init, exported_system_prop) @@ -113,7 +111,14 @@ set_prop(vendor_init, exported_system_prop) set_prop(vendor_init, vendor_bluetooth_prop) # Access vendor sensor properties -set_prop(vendor_init, sensors_prop) +set_prop(vendor_init, vendor_sensors_prop) + +# Access qteeconnector properties +set_prop(vendor_init, vendor_qteeconnector_opti_prop) + +set_prop(vendor_init, vendor_dcvs_prop) + +set_prop(vendor_init, vendor_freq_prop) #Access vendor wigig properties, mainly for on-demand module loading set_prop(vendor_init, vendor_wigig_prop) @@ -121,7 +126,9 @@ userdebug_or_eng(` allow vendor_init proc_security:file rw_file_perms; ') +allow vendor_init tee_device:chr_file getattr; +allow vendor_init ipa_dev:file create_file_perms; + set_prop(vendor_init, vendor_persist_dpm_prop) -# allow vendor_init to use wait for qseecom -allow vendor_init tee_device:chr_file getattr; +allow vendor_init block_device:lnk_file setattr; diff --git a/sepolicy/legacy/vendor/common/vm_bms.te b/sepolicy/legacy/vendor/common/vm_bms.te index 77d4f9787..d8e128e9c 100644 --- a/sepolicy/legacy/vendor/common/vm_bms.te +++ b/sepolicy/legacy/vendor/common/vm_bms.te @@ -54,3 +54,9 @@ allow vm_bms self:capability { setpcap setgid setuid }; #allow vm_bms to block the system suspend and get wake lock wakelock_use(vm_bms) + +#allow start and stop of vm_bms via ctl.start/ctl.stop +set_prop(vm_bms, vendor_vm_bms_prop) +userdebug_or_eng(` +set_prop(vm_bms, vendor_vm_bms_debug_prop) +') diff --git a/sepolicy/legacy/vendor/common/vndservice_contexts b/sepolicy/legacy/vendor/common/vndservice_contexts index 45435c19b..b668cafb2 100644 --- a/sepolicy/legacy/vendor/common/vndservice_contexts +++ b/sepolicy/legacy/vendor/common/vndservice_contexts @@ -1,4 +1,4 @@ -# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# Copyright (c) 2017, 2020 The Linux Foundation. All rights reserved. # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -30,4 +30,3 @@ display.qservice u:object_r:qdisplay_service:s0 com.qualcomm.qti.qseeproxy u:object_r:qseeproxy_service:s0 eSEPowerManagerService u:object_r:esepmdaemon_service:s0 wfd.native.mm.service u:object_r:wfdnativemm_service:s0 -wfdhdcpvndservice u:object_r:wfdhdcpvndservice_service:s0 diff --git a/sepolicy/legacy/vendor/common/vold.te b/sepolicy/legacy/vendor/common/vold.te index 2e192b94f..d2609046a 100755 --- a/sepolicy/legacy/vendor/common/vold.te +++ b/sepolicy/legacy/vendor/common/vold.te @@ -36,3 +36,9 @@ allow vold cache_recovery_file:file create_file_perms; allow vold { proc_sysrq proc_dirty_ratio }:file rw_file_perms; wakelock_use(vold) allow vold swap_block_device:blk_file r_file_perms; + +# Based on the comment from b/111409607 FITRIM might +# be needed +allow vold mnt_vendor_file:dir { open read ioctl }; + +allow vold sysfs_mmc_host:file w_file_perms; diff --git a/sepolicy/legacy/vendor/common/vppservice.te b/sepolicy/legacy/vendor/common/vppservice.te index 96c04351b..469849644 100755 --- a/sepolicy/legacy/vendor/common/vppservice.te +++ b/sepolicy/legacy/vendor/common/vppservice.te @@ -41,7 +41,7 @@ binder_call(hal_vpp_server, hal_vpp_client) # allow vppservice to access adsprpcd r_dir_file(vendor_vppservice, adsprpcd_file); -get_prop(vendor_vppservice, adsprpc_prop) +get_prop(vendor_vppservice, vendor_adsprpc_prop) r_dir_file(vendor_vppservice, firmware_file); #allow access to vppservice (/data/vendor/vpp) diff --git a/sepolicy/legacy/vendor/common/wcnss_service.te b/sepolicy/legacy/vendor/common/wcnss_service.te index 80e3b0763..cf82e9a94 100644 --- a/sepolicy/legacy/vendor/common/wcnss_service.te +++ b/sepolicy/legacy/vendor/common/wcnss_service.te @@ -75,6 +75,7 @@ allow wcnss_service vfat:file create_file_perms; allow wcnss_service sdcardfs:dir create_dir_perms; allow wcnss_service sdcardfs:file create_file_perms; allow wcnss_service mnt_vendor_file:file rw_file_perms; +allow wcnss_service kmsg_device:chr_file { write open }; # This is needed for ptt_socket app to write logs file collected to sdcard r_dir_file(wcnss_service, proc_wifi_dbg) @@ -94,3 +95,12 @@ hal_client_domain(wcnss_service, hal_perf) # allow to read /sys/class/net file r_dir_file(wcnss_service, sysfs_net); + +allow wcnss_service property_socket:sock_file write; +allow wcnss_service sysfs_soc:dir r_dir_perms; +allow wcnss_service init:unix_stream_socket connectto; +dontaudit wcnss_service wifi_data_file:dir search; + +allow wcnss_service wifi_vendor_wpa_socket:dir create_dir_perms; +allow wcnss_service wifi_vendor_wpa_socket:sock_file create_file_perms; +allow wcnss_service wifi_vendor_wpa_socket:file create_file_perms; diff --git a/sepolicy/legacy/vendor/common/wfdservice.te b/sepolicy/legacy/vendor/common/wfdservice.te index 4414891fb..a1748353f 100644 --- a/sepolicy/legacy/vendor/common/wfdservice.te +++ b/sepolicy/legacy/vendor/common/wfdservice.te @@ -1,4 +1,4 @@ -# Copyright (c) 2019 The Linux Foundation. All rights reserved. +# Copyright (c) 2017, 2019-2020 The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -25,4 +25,38 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +#allow access to sysfs to know HDMI repeater state +allow vendor_wfdservice sysfs_graphics:file rw_file_perms; +allow vendor_wfdservice sysfs_graphics:dir r_dir_perms; + +#Allow hardware binder use +hwbinder_use(vendor_wfdservice) +get_prop(vendor_wfdservice, hwservicemanager_prop) + +#Allow hal graphics mapper permissions +hal_client_domain(vendor_wfdservice, hal_graphics_composer); + +#Allow hal graphics allocator permissions +hal_client_domain(vendor_wfdservice, hal_graphics_allocator); + hal_client_domain(vendor_wfdservice, wifidisplayhalservice); + +#Denial seen - SELinux : avc: denied { find } for interface=com.qualcomm.qti.wifidisplayhal::IHDCPSession +#pid=3530 scontext=u:r:vendor_wfdservice:s0 tcontext=u:object_r:wifidisplayhalservice_hwservice:s0 tclass=hwservice_manager +allow vendor_wfdservice wifidisplayhalservice_hwservice:hwservice_manager find; + +#Allow for property access +get_prop(vendor_wfdservice, vendor_gralloc_prop) +get_prop(vendor_wfdservice, vendor_video_prop) + +# Add the rule for wfd to access /proc/asound/pcm file +r_dir_file(vendor_wfdservice, proc_asound) + +# Add the rule for wfd to access /proc/asound/card0/state file +r_dir_file(vendor_wfdservice, proc_audiod) + +# Fix sink avc denials +allow vendor_wfdservice mediametrics:binder call; +allow vendor_wfdservice vendor_audio_prop:file read; +allow vendor_wfdservice vendor_audio_prop:file open; +allow vendor_wfdservice vendor_audio_prop:file getattr; \ No newline at end of file diff --git a/sepolicy/legacy/vendor/common/wifidisplayhalservice.te b/sepolicy/legacy/vendor/common/wifidisplayhalservice.te index 127f9d185..8360d2da8 100644 --- a/sepolicy/legacy/vendor/common/wifidisplayhalservice.te +++ b/sepolicy/legacy/vendor/common/wifidisplayhalservice.te @@ -1,4 +1,4 @@ -# Copyright (c) 2017,2019 The Linux Foundation. All rights reserved. +# Copyright (c) 2017, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -28,85 +28,32 @@ #Define Domain type wifidisplayhalservice_qti, domain; type wifidisplayhalservice_qti_exec, exec_type, vendor_file_type, file_type; +net_domain(wifidisplayhalservice_qti) + +hal_server_domain_bypass(wifidisplayhalservice_qti,wifidisplayhalservice) #Allow for transition from init domain to wifidisplayhalservice init_daemon_domain(wifidisplayhalservice_qti) -#Inherit base network permissions from netd -net_domain(wifidisplayhalservice_qti) - #Allow wifidisplayhalservice to use Vendor Binder IPC vndbinder_use(wifidisplayhalservice) -hal_server_domain_bypass(wifidisplayhalservice_qti,wifidisplayhalservice) - # Allow hwbinder call from hal client to server binder_call(wifidisplayhalservice_client, wifidisplayhalservice_server) binder_call(wifidisplayhalservice_server, wifidisplayhalservice_client) # Add hwservice related rules -hal_attribute_hwservice(wifidisplayhalservice, wifidisplayhalservice_hwservice) +add_hwservice(wifidisplayhalservice_server, wifidisplayhalservice_hwservice) #Direct streaming native service -add_service(wifidisplayhalservice_qti, wfdnativemm_service) +add_service(wifidisplayhalservice, wfdnativemm_service) #Allow access to firmware files for HDCP session -r_dir_file(wifidisplayhalservice_qti, firmware_file) +r_dir_file(wifidisplayhalservice, vendor_firmware_file) +r_dir_file(wifidisplayhalservice, firmware_file) #Allow access to tee/ion device and tcp socket for HDCP sessions -allow wifidisplayhalservice_qti tee_device:chr_file rw_file_perms; - -#Allow access to PCM sound card -allow wifidisplayhalservice_qti audio_device:chr_file rw_file_perms; -allow wifidisplayhalservice_qti audio_device:dir r_dir_perms; - -#Allow access to /dev/video/* devices for encoding/decoding -allow wifidisplayhalservice_qti video_device:chr_file rw_file_perms; - -#Allow binder call to mediacodec from wifidisplayhalservice -binder_call(wifidisplayhalservice_qti, mediacodec); - -#Allow udp socket ioctl -allow wifidisplayhalservice_qti self:udp_socket create_socket_perms; -# ioctlcmd=8bff,8912 -allowxperm wifidisplayhalservice_qti self:udp_socket ioctl priv_sock_ioctls; - -#Allow access to proc/net/arp -allow wifidisplayhalservice_qti proc_net:file r_file_perms; - -# Add the rule for wfd to access /proc/asound/pcm file -r_dir_file(wifidisplayhalservice_qti, proc_asound) - -# Add the rule for wfd to access /proc/asound/card0/state file -r_dir_file(wifidisplayhalservice_qti, proc_audiod) - -#Allow hal graphics allocator permissions -hal_client_domain(wifidisplayhalservice_qti, hal_graphics_allocator); - -#Allow hal graphics mapper permissions -hal_client_domain(wifidisplayhalservice_qti, hal_graphics_composer); - -#Allow wifidisplayhalservice_qti to query interface name of network (p2p etc.) -allow wifidisplayhalservice_qti self:netlink_generic_socket create_socket_perms_no_ioctl; - -#Allow communication with init over property server -unix_socket_connect(wifidisplayhalservice_qti, property, init); - -#Allow ion device access -allow wifidisplayhalservice_qti ion_device:chr_file r_file_perms; - -userdebug_or_eng(` -#Allow for property access - get_prop(wifidisplayhalservice_qti,wfd_vendor_debug_prop) -#Allow to dump in /data/vendor/media/ - allow wifidisplayhalservice_qti vendor_media_data_file:dir w_dir_perms; - allow wifidisplayhalservice_qti vendor_media_data_file:file create_file_perms; -#Allow to access logmask file in /data/vendor - allow wifidisplayhalservice_qti vendor_data_file:file r_file_perms; -') - -#Allow source to access video SKU and UBWC property(for encoder config) -get_prop(wifidisplayhalservice_qti, vendor_video_prop) +allow wifidisplayhalservice tee_device:chr_file rw_file_perms; +allow wifidisplayhalservice ion_device:chr_file r_file_perms; -#Allow access to uhid driver for HID event injection -allow wifidisplayhalservice_qti uhid_device:chr_file rw_file_perms; +allow wifidisplayhalservice qdisplay_service:service_manager { find }; diff --git a/sepolicy/legacy/vendor/common/wigighalsvc.te b/sepolicy/legacy/vendor/common/wigighalsvc.te index bf19fa351..ebbf746d7 100644 --- a/sepolicy/legacy/vendor/common/wigighalsvc.te +++ b/sepolicy/legacy/vendor/common/wigighalsvc.te @@ -42,7 +42,7 @@ allow hal_wigig_client hal_wigig_hwservice:hwservice_manager find; add_hwservice(hal_wigig, hal_wigig_hwservice) # allow start/stop services via ctl.start and ctl.stop -set_prop(hal_wigig, ctl_vendor_wigigsvc_prop) +set_prop(hal_wigig, vendor_ctl_vendor_wigigsvc_prop) # access wigig properties # need to write vendor.wigig.driver/read vendor.wigig.driver.probed diff --git a/sepolicy/legacy/vendor/common/zygote.te b/sepolicy/legacy/vendor/common/zygote.te index fa10d3542..812951bcd 100644 --- a/sepolicy/legacy/vendor/common/zygote.te +++ b/sepolicy/legacy/vendor/common/zygote.te @@ -27,3 +27,5 @@ allow zygote system_prop:property_service set; get_prop(zygote, vendor_mpctl_prop) +get_prop(zygote, vendor_video_prop) +allow zygote self:capability kill; diff --git a/sepolicy/legacy/vendor/msm8937/device.te b/sepolicy/legacy/vendor/msm8937/device.te new file mode 100644 index 000000000..038e386a0 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/device.te @@ -0,0 +1,26 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/sepolicy/legacy/vendor/msm8937/file.te b/sepolicy/legacy/vendor/msm8937/file.te new file mode 100644 index 000000000..10d41462a --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/file.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#sysfs emmc dload type +type sysfs_emmc_dload, sysfs_type, fs_type; diff --git a/sepolicy/legacy/vendor/msm8937/file_contexts b/sepolicy/legacy/vendor/msm8937/file_contexts new file mode 100644 index 000000000..5fe87da38 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/file_contexts @@ -0,0 +1,100 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +################################### +# Primary storage device nodes +# +/dev/mmcblk0rpmb u:object_r:rpmb_device:s0 +/dev/block/mmcblk0 u:object_r:root_block_device:s0 +/dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0 + +#Using soc instead of soc.0 for 3.18 kernel +/dev/block/platform/soc/7824900.sdhci/by-name/fsg u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/fsc u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/modemst1 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/modemst2 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/ssd u:object_r:ssd_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/system u:object_r:system_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/dip u:object_r:dip_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/mdtp u:object_r:mdtp_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/config u:object_r:frp_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/boot u:object_r:boot_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/recovery u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/cache u:object_r:cache_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/logdump u:object_r:logdump_partition:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/super u:object_r:super_block_device:s0 + + + +#rawdump partition +/dev/block/platform/soc/7824900.sdhci/by-name/rawdump u:object_r:rawdump_block_device:s0 +/sys/kernel/dload/emmc_dload u:object_r:sysfs_emmc_dload:s0 + +############################################################################################ +#Same hal process libs +# +/vendor/lib(64)?/hw/gralloc\.msm8937\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/hw/vulkan\.msm8937\.so u:object_r:same_process_hal_file:s0 + +#For adreno libs +/vendor/lib(64)?/libsc-a3xx\.so u:object_r:same_process_hal_file:s0 + +# Single hal process +/(vendor|system/vendor)/bin/hw/hal-server u:object_r:hal-server_exec:s0 + +# FBE +/(vendor|system/vendor)/bin/init.qti.qseecomd.sh u:object_r:init-qti-fbe-sh_exec:s0 + +################################## +# A/B partitions. +#EMMC +/dev/block/platform/soc/7824900.sdhci/by-name/aboot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/mdtp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/sbl1_[ab] u:object_r:xbl_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/recovery_[ab] u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 + +#sysfs +/sys/devices(/platform)?/soc/1b00000.qcom,msm-cam/video4linux/video[0-33]/name(/.*)? u:object_r:sysfs_jpeg:s0 +/sys/devices(/platform)?/soc/1d00000.qcom,vidc/video4linux/video[0-33]/name(/.*)? u:object_r:sysfs_graphics:s0 diff --git a/sepolicy/legacy/vendor/msm8937/genfs_contexts b/sepolicy/legacy/vendor/msm8937/genfs_contexts new file mode 100644 index 000000000..5d6d66330 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/genfs_contexts @@ -0,0 +1,203 @@ +# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#PMI8950 files +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8950@2:qcom,qpnp-smbcharger/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8950@2:qcom,fg/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8950@2:qcom,qpnp-smbcharger/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8950@3:qcom,haptics@c000/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8950@2:qcom,qpnp-smbcharger/leds/red u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8950@2:qcom,leds@a100 u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8950@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8950@3:qcom,leds@d800/leds/wled u:object_r:sysfs_leds:s0 +genfscon sysfs /bus/spmi/devices/spmi0-02/200f000.qcom,spmi:qcom,pmi8950@2:vadc@3100/usbin u:object_r:sysfs_battery_supply:s0 + +#PMI8940 files +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8940@2:qcom,qpnp-smbcharger/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8940@2:qcom,fg/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8940@2:qcom,qpnp-smbcharger/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8940@3:qcom,haptic@c000/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8940@2:qcom,qpnp-smbcharger/leds/red u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8940@2:qcom,leds@a100 u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8940@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8940@3:qcom,leds@d800/leds/wled u:object_r:sysfs_leds:s0 +genfscon sysfs /bus/spmi/devices/spmi0-02/200f000.qcom,spmi:qcom,pmi8940@2:vadc@3100/usbin u:object_r:sysfs_battery_supply:s0 + +#PMI8937 files +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8937@2:qcom,qpnp-smbcharger/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8937@2:qcom,fg/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8937@2:qcom,qpnp-smbcharger/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8937@3:qcom,haptics@c000/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8937@2:qcom,qpnp-smbcharger/leds/red u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8937@2:qcom,leds@a100 u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8937@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8937@3:qcom,leds@d800/leds/wled u:object_r:sysfs_leds:s0 +genfscon sysfs /bus/spmi/devices/spmi0-02/200f000.qcom,spmi:qcom,pmi8937@2:vadc@3100/usbin u:object_r:sysfs_battery_supply:s0 +#PMI path +genfscon sysfs /devices/soc/qpnp-smbcharger-16/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/qpnp-smbcharger-17/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/qpnp-fg-17/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/qpnp-fg-18/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/78db000.usb/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/soc/qpnp-smbcharger-16/leds/red u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/soc/leds-qpnp-19/leds/ u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/soc/qpnp-flash-led-23/leds/ u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/soc/qpnp-wled-22/leds/ u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/soc/qpnp-haptic-24/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/soc/qpnp-vadc-14/usbin u:object_r:sysfs_battery_supply:s0 +#PMI632 files +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/pc_port u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/main u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qpnp,qg/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi632@3:qcom,leds@d000/leds u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi632@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi632@3:qcom,vibrator@5700/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/78b6000.i2c/i2c-2/2-000c/78b6000.i2c:qcom,smb1355@c:qcom,smb1355-charger@1000/power_supply/parallel u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/78b6000.i2c/i2c-2/2-000c/78b6000.i2c:qcom,smb1355@8:qcom,smb1355-charger@1000/power_supply/parallel u:object_r:sysfs_battery_supply:s0 + +#Common PMIC files +genfscon sysfs /class/qcom-battery u:object_r:sysfs_battery_supply:s0 + +#Needed for SSR +genfscon sysfs /devices/platform/soc/1de0000.qcom,venus/subsys0/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys1/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/c200000.qcom,lpass/subsys2/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/a21b000.qcom,pronto/subsys3/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys4/name u:object_r:sysfs_ssr:s0 + +#SSR nodes for 32 bit go has different path for kernel 4.19 +genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys0/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/1de0000.qcom,venus/subsys3/name u:object_r:sysfs_ssr:s0 + +#SSR nodes for msm8937 64 bit has different path +genfscon sysfs /devices/soc/c200000.qcom,lpass/subsys1/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/soc/a21b000.qcom,pronto/subsys2/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/soc/4080000.qcom,mss/subsys3/name u:object_r:sysfs_ssr:s0 + +#SDM439 device specific sysnode for imsdatadaemon +genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys4/name u:object_r:sysfs_ssr:s0 + +#SSR nodes for 32 bit has diffrent path +genfscon sysfs /devices/soc/1de0000.qcom,venus/subsys0/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/soc/soc:qcom,kgsl-hyp/subsys1/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/soc/c200000.qcom,lpass/subsys2/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/soc/a21b000.qcom,pronto/subsys3/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/soc/4080000.qcom,mss/subsys4/name u:object_r:sysfs_ssr:s0 + +#cpu-ddr devfreq nodes for K4.19. +genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-ddr-latfloor/devfreq u:object_r:sysfs_devfreq:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,cpu4-cpu-ddr-latfloor/devfreq u:object_r:sysfs_devfreq:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-ddr-latfloor/devfreq u:object_r:sysfs_devfreq:s0 + +#SDM429 +genfscon sysfs /devices/platform/soc/c200000.qcom,lpass/subsys1/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/a21b000.qcom,pronto/subsys2/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys3/name u:object_r:sysfs_ssr:s0 + +#PM8916 FILES +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:pm8916@0:qcom,vmbms/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:pm8916@0:qcom,charger/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:pm8916@0:qcom,charger/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-01/200f000.qcom,spmi:pm8916@1:qcom,vibrator@c000/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:pm8916@0:qcom,charger/leds/red u:object_r:sysfs_graphics:s0 + +#SMB1360 FILES +genfscon sysfs /devices/platform/soc/78b6000.i2c/i2c-2/2-0014/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/78b6000.i2c/i2c-2/2-0014/power_supply/usb u:object_r:sysfs_usb_supply:s0 + +#net sysfs +genfscon sysfs /devices/platform/soc/a000000.qcom,wcnss-wlan/net u:object_r:sysfs_net:s0 + +#video sysfs +genfscon sysfs /devices/platform/soc/1d00000.qcom,vidc/video4linux/video32/name u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/1d00000.qcom,vidc/video4linux/video33/name u:object_r:sysfs_graphics:s0 + +genfscon sysfs /kernel/slab/zs_handle/store_user u:object_r:sysfs_slab_zshandle_storeuser:s0 +genfscon sysfs /kernel/slab/zspage/store_user u:object_r:sysfs_slab_zspage_storeuser:s0 + +#PMIC devices wakeup nodes +genfscon sysfs /devices/virtual/misc/msm_amrwbplus/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_wma/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_amrnb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/diag/diag/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_qcelp/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_alac/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_mp3/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_g711alaw/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_multi_aac/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_aac/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_ape/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_wmapro/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_amrwb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_g711mlaw/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_evrc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:fpc1020/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:smp2p-modem/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:smp2p-wcnss/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/78db000.usb/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/1de0000.qcom,venus/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/a21b000.qcom,pronto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/4080000.qcom,mss/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/a000000.qcom,wcnss-wlan/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/1b0c000.qcom,cci/1b0c000.qcom,cci:qcom,camera@2/video4linux/video2/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:pm8916@0:qcom,pm8916_rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:pm8916@0:qcom,charger/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:pm8916@0:qcom,vmbms/power_supply/bms/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:pm8916@0:qcom,charger/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:smp2p-adsp/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/c200000.qcom,lpass/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/78db000.usb/msm_hsusb_host/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/7af5000.i2c/i2c-5/5-0028/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/1b0c000.qcom,cci/1b0c000.qcom,cci:qcom,camera@0/video4linux/video1/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:pm8916@0:qcom,vmbms/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:pm8916@0:qcom,power-on@800/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-01/200f000.qcom,spmi:pm8916@1:analog-codec@f000/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:pm8916@0:qcom,pm8916_rtc/rtc/rtc0/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:pm8916@0:qcom,charger/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-01/200f000.qcom,spmi:pm8916@1:analog-codec@f000/msm_digital_codec/wakeup/wakeup u:object_r:sysfs_wakeup:s0 + +#SDM439 device specific wakeup nodes +genfscon sysfs /devices/platform/soc/1b0c000.qcom,cci/1b0c000.qcom,cci:qcom,camera@1/video4linux/video2/wakeup u:object_r:sysfs_wakeup:s0 + +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,power-on@800/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:qcom,pm8953@0:qcom,pm8953_rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qpnp,qg/power_supply/bms/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/78b6000.i2c/i2c-2/2-000c/78b6000.i2c:qcom,smb1355@c:qcom,smb1355-charger@1000/power_supply/parallel/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/main/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:qcom,pm8953@0:qcom,power-on@800/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-01/200f000.qcom,spmi:qcom,pm8953@1:anlg-cdc@f000/msm_digital_codec/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:qcom,pm8953@0:qcom,pm8953_rtc/rtc/rtc0/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-01/200f000.qcom,spmi:qcom,pm8953@1:anlg-cdc@f000/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/pc_port/wakeup u:object_r:sysfs_wakeup:s0 diff --git a/sepolicy/legacy/vendor/msm8937/hal-server.te b/sepolicy/legacy/vendor/msm8937/hal-server.te new file mode 100644 index 000000000..7b735f0ec --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/hal-server.te @@ -0,0 +1,40 @@ +# Copyright (c) 2017-18, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type hal-server, domain; +type hal-server_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(hal-server) + +############################ +# Common section which is generic +# needed by most of the domains/services +# +vndbinder_use(hal-server) +hwbinder_use(hal-server) + +get_prop(hal-server, hwservicemanager_prop) diff --git a/sepolicy/legacy/vendor/msm8937/idmap.te b/sepolicy/legacy/vendor/msm8937/idmap.te new file mode 100644 index 000000000..84b11e8f4 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/idmap.te @@ -0,0 +1,30 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#for oemfs +allow idmap oemfs:file r_file_perms; +allow idmap oemfs:dir r_dir_perms; diff --git a/sepolicy/legacy/vendor/msm8937/init-qti-fbe-sh.te b/sepolicy/legacy/vendor/msm8937/init-qti-fbe-sh.te new file mode 100644 index 000000000..2124eaa40 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/init-qti-fbe-sh.te @@ -0,0 +1,38 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type init-qti-fbe-sh, domain; +type init-qti-fbe-sh_exec, exec_type, file_type, vendor_file_type; + +init_daemon_domain(init-qti-fbe-sh) + +not_full_treble(`allow init-qti-fbe-sh shell_exec:file rx_file_perms;') +full_treble_only(`allow init-qti-fbe-sh vendor_shell_exec:file rx_file_perms;') +# execute toybox/toolbox +not_full_treble(`allow init-qti-fbe-sh toolbox_exec:file rx_file_perms;') +full_treble_only(`allow init-qti-fbe-sh vendor_toolbox_exec:file rx_file_perms;') +get_prop(init-qti-fbe-sh, vendor_tee_listener_prop) diff --git a/sepolicy/legacy/vendor/msm8937/init_shell.te b/sepolicy/legacy/vendor/msm8937/init_shell.te new file mode 100644 index 000000000..5f2ea564a --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/init_shell.te @@ -0,0 +1,30 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# For regionalization +allow qti_init_shell regionalization_file:dir r_dir_perms; +allow qti_init_shell regionalization_file:file create_file_perms; diff --git a/sepolicy/legacy/vendor/msm8937/mediaswcodec.te b/sepolicy/legacy/vendor/msm8937/mediaswcodec.te new file mode 100644 index 000000000..ef1e003cd --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/mediaswcodec.te @@ -0,0 +1,28 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. + +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow mediaswcodec gpu_device:chr_file { open read write ioctl }; diff --git a/sepolicy/legacy/vendor/msm8937/platform_app.te b/sepolicy/legacy/vendor/msm8937/platform_app.te new file mode 100755 index 000000000..bc02a1912 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/platform_app.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#for oemfs +allow platform_app oemfs:lnk_file { read getattr }; diff --git a/sepolicy/legacy/vendor/msm8937/priv_app.te b/sepolicy/legacy/vendor/msm8937/priv_app.te new file mode 100644 index 000000000..203ed549f --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/priv_app.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#for oemfs +allow priv_app oemfs:lnk_file { read getattr }; diff --git a/sepolicy/legacy/vendor/msm8937/qti-logkit.te b/sepolicy/legacy/vendor/msm8937/qti-logkit.te new file mode 100644 index 000000000..725cf4768 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/qti-logkit.te @@ -0,0 +1,33 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# allow qti_logkit for rawdump partition +allow qti_logkit block_device:dir r_dir_perms; +allow qti_logkit rawdump_block_device:blk_file rw_file_perms; + +# allow qti_logkit for sysfs emmc dload node +allow qti_logkit sysfs_emmc_dload:file rw_file_perms; diff --git a/sepolicy/legacy/vendor/msm8937/recovery.te b/sepolicy/legacy/vendor/msm8937/recovery.te new file mode 100644 index 000000000..ef6eb7b0c --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/recovery.te @@ -0,0 +1,30 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +recovery_only(` + allow recovery shell_exec:file x_file_perms; +') diff --git a/sepolicy/legacy/vendor/msm8937/ridl.te b/sepolicy/legacy/vendor/msm8937/ridl.te new file mode 100644 index 000000000..0147c26cf --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/ridl.te @@ -0,0 +1,33 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# allow RIDL for rawdump partition +allow RIDL block_device:dir r_dir_perms; +allow RIDL rawdump_block_device:blk_file rw_file_perms; + +# allow RIDL for enable sysfs node +allow RIDL sysfs_emmc_dload:file rw_file_perms; diff --git a/sepolicy/legacy/vendor/msm8937/system_server.te b/sepolicy/legacy/vendor/msm8937/system_server.te new file mode 100755 index 000000000..9ae74c604 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/system_server.te @@ -0,0 +1,31 @@ +# Copyright (c) 2016, 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow system_server resourcecache_data_file:dir create_dir_perms; +allow system_server resourcecache_data_file:file create_file_perms; + +allow system_server sysfs_virtualkeys:file r_file_perms; diff --git a/sepolicy/legacy/vendor/msm8937/update_engine_common.te b/sepolicy/legacy/vendor/msm8937/update_engine_common.te new file mode 100644 index 000000000..51f9bea9b --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/update_engine_common.te @@ -0,0 +1,48 @@ +# Copyright (c) 2017, 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Allow update_engine and update_engine_sideload (recovery) read/write on the +# device-specific partitions it should update. +allow update_engine_common { + custom_ab_block_device + xbl_block_device + ssd_device + modem_block_device + root_block_device + system_block_device + boot_block_device + mdtp_device + recovery_block_device +}:blk_file rw_file_perms; + +allow update_engine_common tmpfs:lnk_file r_file_perms; +allow update_engine_common metadata_file:dir search; +allow update_engine_common {adsprpcd_file firmware_file}:dir search; +allow update_engine_common {bt_firmware_file firmware_file}:filesystem getattr; + +dontaudit update_engine_common self:capability {dac_read_search dac_override}; + diff --git a/sepolicy/legacy/vendor/msm8937/zygote.te b/sepolicy/legacy/vendor/msm8937/zygote.te new file mode 100644 index 000000000..4ada212ba --- /dev/null +++ b/sepolicy/legacy/vendor/msm8937/zygote.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow zygote oemfs:dir r_dir_perms; +allow zygote oemfs:file r_file_perms; diff --git a/sepolicy/legacy/vendor/msm8953/device.te b/sepolicy/legacy/vendor/msm8953/device.te new file mode 100644 index 000000000..038e386a0 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/device.te @@ -0,0 +1,26 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/sepolicy/legacy/vendor/msm8953/file.te b/sepolicy/legacy/vendor/msm8953/file.te new file mode 100644 index 000000000..10d41462a --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/file.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#sysfs emmc dload type +type sysfs_emmc_dload, sysfs_type, fs_type; diff --git a/sepolicy/legacy/vendor/msm8953/file_contexts b/sepolicy/legacy/vendor/msm8953/file_contexts new file mode 100644 index 000000000..cc6775193 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/file_contexts @@ -0,0 +1,88 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +################################### +# Primary storage device nodes +# +/dev/mmcblk0rpmb u:object_r:rpmb_device:s0 +/dev/block/mmcblk0 u:object_r:root_block_device:s0 +/dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0 + +#Using soc instead of soc.0 for 3.18 kernel +/dev/block/platform/soc/7824900.sdhci/by-name/fsg u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/fsc u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/modemst1 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/modemst2 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/ssd u:object_r:ssd_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/system u:object_r:system_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/dip u:object_r:dip_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/mdtp u:object_r:mdtp_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/config u:object_r:frp_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/logdump u:object_r:logdump_partition:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/boot u:object_r:boot_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/recovery u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/cache u:object_r:cache_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/super u:object_r:super_block_device:s0 + +#rawdump partition +/dev/block/platform/soc/7824900.sdhci/by-name/rawdump u:object_r:rawdump_block_device:s0 +/sys/kernel/dload/emmc_dload u:object_r:sysfs_emmc_dload:s0 + +############################################################################################ +#Same hal process libs +# +/vendor/lib(64)?/hw/gralloc\.msm8953\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/hw/vulkan\.msm8953\.so u:object_r:same_process_hal_file:s0 + +# FBE +/(vendor|system/vendor)/bin/init.qti.qseecomd.sh u:object_r:init-qti-fbe-sh_exec:s0 + +################################## +# A/B partitions. +#EMMC +/dev/block/platform/soc/7824900.sdhci/by-name/aboot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/mdtp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/sbl1_[ab] u:object_r:xbl_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/recovery_[ab] u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 diff --git a/sepolicy/legacy/vendor/msm8953/genfs_contexts b/sepolicy/legacy/vendor/msm8953/genfs_contexts new file mode 100644 index 000000000..d24e9ef28 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/genfs_contexts @@ -0,0 +1,103 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#PM8950 files +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-00/200f000.qcom,spmi:qcom,pm8953@0:qcom,pm8953_typec@bf00/power_supply/typec u:object_r:sysfs_battery_supply:s0 + +#PMI8950 files +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8950@2:qcom,qpnp-smbcharger/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8950@2:qcom,fg/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8950@2:qcom,qpnp-smbcharger/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8950@3:qcom,haptics@c000/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8950@2:qcom,qpnp-smbcharger/leds/red u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8950@2:qcom,leds@a100 u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8950@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8950@3:qcom,leds@d800/leds/wled u:object_r:sysfs_leds:s0 +genfscon sysfs /bus/spmi/devices/spmi0-02/200f000.qcom,spmi:qcom,pmi8950@2:vadc@3100/usbin u:object_r:sysfs_battery_supply:s0 + +#PMI8940 files +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8940@2:qcom,qpnp-smbcharger/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8940@2:qcom,fg/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8940@2:qcom,qpnp-smbcharger/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8940@3:qcom,haptic@c000/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8940@2:qcom,qpnp-smbcharger/leds/red u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8940@2:qcom,leds@a100 u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8940@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8940@3:qcom,leds@d800/leds/wled u:object_r:sysfs_leds:s0 +genfscon sysfs /bus/spmi/devices/spmi0-02/200f000.qcom,spmi:qcom,pmi8940@2:vadc@3100/usbin u:object_r:sysfs_battery_supply:s0 + +#PMI8937 files +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8937@2:qcom,qpnp-smbcharger/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8937@2:qcom,fg/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8937@2:qcom,qpnp-smbcharger/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8937@3:qcom,haptic@c000/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8937@2:qcom,qpnp-smbcharger/leds/red u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi8937@2:qcom,leds@a100 u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8937@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi8937@3:qcom,leds@d800/leds/wled u:object_r:sysfs_leds:s0 +genfscon sysfs /bus/spmi/devices/spmi0-02/200f000.qcom,spmi:qcom,pmi8937@2:vadc@3100/usbin u:object_r:sysfs_battery_supply:s0 + +#PMI632 files +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/pc_port u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/main u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qpnp,qg/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-02/200f000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi632@3:qcom,leds@d000/leds u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi632@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi632@3:qcom,vibrator@5700/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/78b6000.i2c/i2c-2/2-000c/78b6000.i2c:qcom,smb1355@c:qcom,smb1355-charger@1000/power_supply/parallel u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/78b6000.i2c/i2c-2/2-000c/78b6000.i2c:qcom,smb1355@8:qcom,smb1355-charger@1000/power_supply/parallel u:object_r:sysfs_battery_supply:s0 + +#cpu-ddr devfreq nodes for K4.19. +genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0 + + +#Common PMIC files +genfscon sysfs /class/qcom-battery u:object_r:sysfs_battery_supply:s0 + +#Needed for SSR +genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys0/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/1de0000.qcom,venus/subsys1/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/c200000.qcom,lpass/subsys2/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/a21b000.qcom,pronto/subsys3/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys4/name u:object_r:sysfs_ssr:s0 + +#PMI path +genfscon sysfs /devices/soc/qpnp-smbcharger-16/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/qpnp-smbcharger-18/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/qpnp-fg-17/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/qpnp-fg-19/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/78db000.usb/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/soc/7000000.usb/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/soc/qpnp-smbcharger-16/leds/red u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/soc/leds-qpnp-19/leds/ u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/soc/qpnp-flash-led-23/leds/ u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/soc/qpnp-wled-22/leds/ u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/soc/qpnp-haptic-24/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/soc/qpnp-vadc-14/usbin u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/qpnp-typec-9/power_supply/typec u:object_r:sysfs_battery_supply:s0 diff --git a/sepolicy/legacy/vendor/msm8953/idmap.te b/sepolicy/legacy/vendor/msm8953/idmap.te new file mode 100644 index 000000000..84b11e8f4 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/idmap.te @@ -0,0 +1,30 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#for oemfs +allow idmap oemfs:file r_file_perms; +allow idmap oemfs:dir r_dir_perms; diff --git a/sepolicy/legacy/vendor/msm8953/init-qti-fbe-sh.te b/sepolicy/legacy/vendor/msm8953/init-qti-fbe-sh.te new file mode 100644 index 000000000..2124eaa40 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/init-qti-fbe-sh.te @@ -0,0 +1,38 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type init-qti-fbe-sh, domain; +type init-qti-fbe-sh_exec, exec_type, file_type, vendor_file_type; + +init_daemon_domain(init-qti-fbe-sh) + +not_full_treble(`allow init-qti-fbe-sh shell_exec:file rx_file_perms;') +full_treble_only(`allow init-qti-fbe-sh vendor_shell_exec:file rx_file_perms;') +# execute toybox/toolbox +not_full_treble(`allow init-qti-fbe-sh toolbox_exec:file rx_file_perms;') +full_treble_only(`allow init-qti-fbe-sh vendor_toolbox_exec:file rx_file_perms;') +get_prop(init-qti-fbe-sh, vendor_tee_listener_prop) diff --git a/sepolicy/legacy/vendor/msm8953/init_shell.te b/sepolicy/legacy/vendor/msm8953/init_shell.te new file mode 100644 index 000000000..477845748 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/init_shell.te @@ -0,0 +1,34 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow qti_init_shell { + vendor_media_msm8953_version_prop +}:property_service set; + +# For regionalization +allow qti_init_shell regionalization_file:dir r_dir_perms; +allow qti_init_shell regionalization_file:file create_file_perms; diff --git a/sepolicy/legacy/vendor/msm8953/mediacodec.te b/sepolicy/legacy/vendor/msm8953/mediacodec.te new file mode 100644 index 000000000..97a7ab398 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/mediacodec.te @@ -0,0 +1,29 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# allow mediacodec to access media.msm8953version +get_prop(mediacodec,vendor_media_msm8953_version_prop) diff --git a/sepolicy/legacy/vendor/msm8953/platform_app.te b/sepolicy/legacy/vendor/msm8953/platform_app.te new file mode 100755 index 000000000..bc02a1912 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/platform_app.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#for oemfs +allow platform_app oemfs:lnk_file { read getattr }; diff --git a/sepolicy/legacy/vendor/msm8953/priv_app.te b/sepolicy/legacy/vendor/msm8953/priv_app.te new file mode 100644 index 000000000..203ed549f --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/priv_app.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#for oemfs +allow priv_app oemfs:lnk_file { read getattr }; diff --git a/sepolicy/legacy/vendor/msm8953/property.te b/sepolicy/legacy/vendor/msm8953/property.te new file mode 100644 index 000000000..288dc6df4 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/property.te @@ -0,0 +1,29 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#properites for init.qcom.sh script +vendor_restricted_prop(vendor_media_msm8953_version_prop); diff --git a/sepolicy/legacy/vendor/msm8953/property_contexts b/sepolicy/legacy/vendor/msm8953/property_contexts new file mode 100644 index 000000000..1919e3dca --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/property_contexts @@ -0,0 +1,28 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +vendor.media.msm8953.version u:object_r:vendor_media_msm8953_version_prop:s0 diff --git a/sepolicy/legacy/vendor/msm8953/qti-logkit.te b/sepolicy/legacy/vendor/msm8953/qti-logkit.te new file mode 100644 index 000000000..725cf4768 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/qti-logkit.te @@ -0,0 +1,33 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# allow qti_logkit for rawdump partition +allow qti_logkit block_device:dir r_dir_perms; +allow qti_logkit rawdump_block_device:blk_file rw_file_perms; + +# allow qti_logkit for sysfs emmc dload node +allow qti_logkit sysfs_emmc_dload:file rw_file_perms; diff --git a/sepolicy/legacy/vendor/msm8953/ridl.te b/sepolicy/legacy/vendor/msm8953/ridl.te new file mode 100644 index 000000000..0147c26cf --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/ridl.te @@ -0,0 +1,33 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# allow RIDL for rawdump partition +allow RIDL block_device:dir r_dir_perms; +allow RIDL rawdump_block_device:blk_file rw_file_perms; + +# allow RIDL for enable sysfs node +allow RIDL sysfs_emmc_dload:file rw_file_perms; diff --git a/sepolicy/legacy/vendor/msm8953/system_server.te b/sepolicy/legacy/vendor/msm8953/system_server.te new file mode 100755 index 000000000..d2cb28e2a --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/system_server.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow system_server resourcecache_data_file:dir create_dir_perms; +allow system_server resourcecache_data_file:file create_file_perms; diff --git a/sepolicy/legacy/vendor/msm8953/zygote.te b/sepolicy/legacy/vendor/msm8953/zygote.te new file mode 100644 index 000000000..4cbef970d --- /dev/null +++ b/sepolicy/legacy/vendor/msm8953/zygote.te @@ -0,0 +1,30 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow zygote oemfs:dir r_dir_perms; +allow zygote oemfs:file r_file_perms; +get_prop(zygote,vendor_media_msm8953_version_prop) diff --git a/sepolicy/legacy/vendor/msm8998/file_contexts b/sepolicy/legacy/vendor/msm8998/file_contexts new file mode 100644 index 000000000..741930916 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8998/file_contexts @@ -0,0 +1,174 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +################################### +# Dev block nodes for eMMC +/dev/block/platform/soc/c0c4000.sdhci/by-name/fsc u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/fsg u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/modemst1 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/modemst2 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/ssd u:object_r:ssd_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/rpm u:object_r:rpmb_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/system u:object_r:system_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/msadp u:object_r:mba_debug_dev:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/dip u:object_r:dip_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdtp u:object_r:mdtp_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/boot u:object_r:boot_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/recovery u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/cache u:object_r:cache_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdm1m9kefs1 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdm1m9kefs2 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdm1m9kefs3 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdm1m9kefsc u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/logdump u:object_r:logdump_partition:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/super u:object_r:super_block_device:s0 + + +#for UFS blocks +/dev/block/platform/soc/1da4000.ufshc/by-name/fsc u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/fsg u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/modemst1 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/modemst2 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/ssd u:object_r:ssd_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/rpm u:object_r:rpmb_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/system u:object_r:system_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/msadp u:object_r:mba_debug_dev:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/dip u:object_r:dip_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdtp u:object_r:mdtp_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/boot u:object_r:boot_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/recovery u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/cache u:object_r:cache_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdm1m9kefs1 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdm1m9kefs2 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdm1m9kefs3 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdm1m9kefsc u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/logdump u:object_r:logdump_partition:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/super u:object_r:super_block_device:s0 + +#Primary storage device nodes +/dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0 +/dev/block/mmcblk0 u:object_r:root_block_device:s0 + +################################## +# FBE +/(vendor|system/vendor)/bin/init.qti.qseecomd.sh u:object_r:init-qti-fbe-sh_exec:s0 + +################################## +# A/B partitions. +#EMMC +/dev/block/platform/soc/c0c4000.sdhci/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/apdp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdtp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/bluetooth_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/recovery_[ab] u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 + +#UFS +/dev/block/platform/soc/1da4000.ufshc/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/apdp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdtp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/bluetooth_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/system_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/vendor_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/recovery_[ab] u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 + +# Block device holding the GPT, where the A/B attributes are stored. +/dev/block/platform/soc/1da4000.ufshc/sd[ade] u:object_r:gpt_block_device:s0 + +# Block devices for the drive that holds the xbl_a and xbl_b partitions. +/dev/block/platform/soc/1da4000.ufshc/sd[bc] u:object_r:xbl_block_device:s0 + +############################################################################################ +#Same hal process libs +# +/vendor/lib(64)?/hw/gralloc\.msm8998\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/hw/vulkan\.msm8998\.so u:object_r:same_process_hal_file:s0 +#sysfs +/sys/devices(/platform)?/soc/caa0000.qcom,jpeg/video4linux/video[0-33]/name(/.*)? u:object_r:sysfs_jpeg:s0 +/sys/devices(/platform)?/soc/ca00000.qcom,msm-cam/video4linux/video[0-33]/name(/.*)? u:object_r:sysfs_jpeg:s0 + +#SSR nodes +/sys/devices(/platform)?/soc/soc:qcom,ipa_fws@1e08000/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices(/platform)?/soc/cce0000.qcom,venus/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices(/platform)?/soc/1d0101c.qcom,spss/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices(/platform)?/soc/soc:qcom,kgsl-hyp/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices(/platform)?/soc/17300000.qcom,lpass/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices(/platform)?/soc/5c00000.qcom,ssc/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices(/platform)?/soc/4080000.qcom,mss/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices(/platform)?/soc/soc:qcom,wil6210/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 + +/sys/devices(/platform)?/soc/soc:qcom,ipa_fws@1e08000/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 +/sys/devices(/platform)?/soc/cce0000.qcom,venus/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 +/sys/devices(/platform)?/soc/1d0101c.qcom,spss/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 +/sys/devices(/platform)?/soc/soc:qcom,kgsl-hyp/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 +/sys/devices(/platform)?/soc/17300000.qcom,lpass/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 +/sys/devices(/platform)?/soc/5c00000.qcom,ssc/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 +/sys/devices(/platform)?/soc/4080000.qcom,mss/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 +/sys/devices(/platform)?/soc/soc:qcom,wil6210/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 diff --git a/sepolicy/legacy/vendor/msm8998/genfs_contexts b/sepolicy/legacy/vendor/msm8998/genfs_contexts new file mode 100644 index 000000000..c612119c9 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8998/genfs_contexts @@ -0,0 +1,39 @@ +# Copyright (c) 2018, 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +################################### + +#vibrator sysfs node +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pmi8998@3:qcom,haptics@c000/leds/vibrator u:object_r:sysfs_leds:s0 + +#pmic sysfs_nodes +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/dc u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/pc_port u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qpnp,fg/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/main u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/c1b5000.i2c/i2c-7/7-0008/c1b5000.i2c:qcom,smb138x@8:qcom,smb1381-charger@1000/power_supply/parallel u:object_r:sysfs_battery_supply:s0 diff --git a/sepolicy/legacy/vendor/msm8998/idmap.te b/sepolicy/legacy/vendor/msm8998/idmap.te new file mode 100644 index 000000000..5a17b2589 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8998/idmap.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, 2018 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#for oemfs +r_dir_file(idmap, oemfs); diff --git a/sepolicy/legacy/vendor/msm8998/init-qti-fbe-sh.te b/sepolicy/legacy/vendor/msm8998/init-qti-fbe-sh.te new file mode 100644 index 000000000..702223ec9 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8998/init-qti-fbe-sh.te @@ -0,0 +1,37 @@ +# Copyright (c) 2016,2017 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type init-qti-fbe-sh, domain; +type init-qti-fbe-sh_exec, exec_type, file_type, vendor_file_type; + +init_daemon_domain(init-qti-fbe-sh) + +allow init-qti-fbe-sh vendor_shell_exec:file rx_file_perms; + +# execute toybox/toolbox +allow init-qti-fbe-sh vendor_toolbox_exec:file rx_file_perms; +get_prop(init-qti-fbe-sh, vendor_tee_listener_prop) diff --git a/sepolicy/legacy/vendor/msm8998/init_shell.te b/sepolicy/legacy/vendor/msm8998/init_shell.te new file mode 100644 index 000000000..9f2b95ce3 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8998/init_shell.te @@ -0,0 +1,33 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# For regionalization +allow qti_init_shell regionalization_file:dir r_dir_perms; +allow qti_init_shell regionalization_file:file create_file_perms; + +#Needed for starting cdsprpcd service post-boot +set_prop(qti_init_shell, vendor_cdsprpcd_prop) diff --git a/sepolicy/legacy/vendor/msm8998/platform_app.te b/sepolicy/legacy/vendor/msm8998/platform_app.te new file mode 100644 index 000000000..bc02a1912 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8998/platform_app.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#for oemfs +allow platform_app oemfs:lnk_file { read getattr }; diff --git a/sepolicy/legacy/vendor/msm8998/priv_app.te b/sepolicy/legacy/vendor/msm8998/priv_app.te new file mode 100644 index 000000000..203ed549f --- /dev/null +++ b/sepolicy/legacy/vendor/msm8998/priv_app.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#for oemfs +allow priv_app oemfs:lnk_file { read getattr }; diff --git a/sepolicy/legacy/vendor/msm8998/property.te b/sepolicy/legacy/vendor/msm8998/property.te new file mode 100644 index 000000000..20a82c431 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8998/property.te @@ -0,0 +1,29 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#properites for init.qcom.sh script +vendor_restricted_prop(vendor_cdsprpcd_prop); diff --git a/sepolicy/legacy/vendor/msm8998/property_contexts b/sepolicy/legacy/vendor/msm8998/property_contexts new file mode 100644 index 000000000..5f846afc3 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8998/property_contexts @@ -0,0 +1,28 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +ctl.vendor.cdsprpcd u:object_r:vendor_cdsprpcd_prop:s0 diff --git a/sepolicy/legacy/vendor/msm8998/recovery.te b/sepolicy/legacy/vendor/msm8998/recovery.te new file mode 100644 index 000000000..4f75bc4ed --- /dev/null +++ b/sepolicy/legacy/vendor/msm8998/recovery.te @@ -0,0 +1,30 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +recovery_only(` + allow recovery vendor_shell_exec:file x_file_perms; +') diff --git a/sepolicy/legacy/vendor/msm8998/system_server.te b/sepolicy/legacy/vendor/msm8998/system_server.te new file mode 100644 index 000000000..d2cb28e2a --- /dev/null +++ b/sepolicy/legacy/vendor/msm8998/system_server.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow system_server resourcecache_data_file:dir create_dir_perms; +allow system_server resourcecache_data_file:file create_file_perms; diff --git a/sepolicy/legacy/vendor/msm8998/update_engine_common.te b/sepolicy/legacy/vendor/msm8998/update_engine_common.te new file mode 100644 index 000000000..f54049f83 --- /dev/null +++ b/sepolicy/legacy/vendor/msm8998/update_engine_common.te @@ -0,0 +1,40 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Allow update_engine and update_engine_sideload (recovery) read/write on the +# device-specific partitions it should update. +allow update_engine_common { + custom_ab_block_device + xbl_block_device + ssd_device + modem_block_device + root_block_device + system_block_device + boot_block_device + mdtp_device +}:blk_file rw_file_perms; + diff --git a/sepolicy/legacy/vendor/msm8998/zygote.te b/sepolicy/legacy/vendor/msm8998/zygote.te new file mode 100644 index 000000000..dbffa1e5d --- /dev/null +++ b/sepolicy/legacy/vendor/msm8998/zygote.te @@ -0,0 +1,30 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# For regionalization +allow zygote oemfs:dir r_dir_perms; +allow zygote oemfs:file r_file_perms; diff --git a/sepolicy/legacy/vendor/sdm660/bluetooth.te b/sepolicy/legacy/vendor/sdm660/bluetooth.te new file mode 100644 index 000000000..e56672d15 --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/bluetooth.te @@ -0,0 +1,28 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +get_prop(bluetooth, vendor_bluetooth_prop) diff --git a/sepolicy/legacy/vendor/sdm660/bootanim.te b/sepolicy/legacy/vendor/sdm660/bootanim.te new file mode 100644 index 000000000..96b1ae59f --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/bootanim.te @@ -0,0 +1,28 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow bootanim sysfs_kgsl:dir search; diff --git a/sepolicy/legacy/vendor/sdm660/file_contexts b/sepolicy/legacy/vendor/sdm660/file_contexts new file mode 100644 index 000000000..1f59c5aa4 --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/file_contexts @@ -0,0 +1,165 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +################################### +# Dev block nodes for eMMC +/dev/block/platform/soc/c0c4000.sdhci/by-name/fsc u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/fsg u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/modemst1 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/modemst2 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/ssd u:object_r:ssd_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/rpm u:object_r:rpmb_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/system u:object_r:system_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/msadp u:object_r:mba_debug_dev:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/dip u:object_r:dip_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdtp u:object_r:mdtp_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/boot u:object_r:boot_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/recovery u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/cache u:object_r:cache_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdm1m9kefs1 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdm1m9kefs2 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdm1m9kefs3 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdm1m9kefsc u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/logdump u:object_r:logdump_partition:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/super u:object_r:super_block_device:s0 + + +#for UFS blocks +/dev/block/platform/soc/1da4000.ufshc/by-name/fsc u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/fsg u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/modemst1 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/modemst2 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/ssd u:object_r:ssd_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/rpm u:object_r:rpmb_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/system u:object_r:system_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/msadp u:object_r:mba_debug_dev:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/dip u:object_r:dip_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdtp u:object_r:mdtp_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/boot u:object_r:boot_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/recovery u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/cache u:object_r:cache_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdm1m9kefs1 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdm1m9kefs2 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdm1m9kefs3 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdm1m9kefsc u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/logdump u:object_r:logdump_partition:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/super u:object_r:super_block_device:s0 + +#Primary storage device nodes +/dev/mmcblk0rpmb u:object_r:rpmb_device:s0 +/dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0 +/dev/block/mmcblk0 u:object_r:root_block_device:s0 + +################################## +# FBE +/(vendor|system/vendor)/bin/init.qti.qseecomd.sh u:object_r:init-qti-fbe-sh_exec:s0 + +################################## +# A/B partitions. +#EMMC +/dev/block/platform/soc/c0c4000.sdhci/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/apdp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdtp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/bluetooth_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/recovery_[ab] u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 + +#UFS +/dev/block/platform/soc/1da4000.ufshc/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/apdp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdtp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/bluetooth_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/system_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/vendor_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/recovery_[ab] u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 + +# Block device holding the GPT, where the A/B attributes are stored. +/dev/block/platform/soc/1da4000.ufshc/sd[ade] u:object_r:gpt_block_device:s0 + +# Block devices for the drive that holds the xbl_a and xbl_b partitions. +/dev/block/platform/soc/1da4000.ufshc/sd[bc] u:object_r:xbl_block_device:s0 + +############################################################################################ +#Same hal process libs +# +/vendor/lib(64)?/hw/gralloc\.sdm660\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/hw/vulkan\.sdm660\.so u:object_r:same_process_hal_file:s0 + +#/(vendor|system/vendor)/bin/init\.qcom\.debug-sdm660\.sh u:object_r:qti_init_shell_exec:s0 +/(vendor|system/vendor)/bin/init\.qti\.can\.sh u:object_r:qti_init_shell_exec:s0 +#sysfs +/sys/devices(/platform)?/soc/caa0000.qcom,jpeg/video4linux/video[0-33]/name(/.*)? u:object_r:sysfs_jpeg:s0 +/sys/devices(/platform)?/soc/ca00000.qcom,msm-cam/video4linux/video[0-33]/name(/.*)? u:object_r:sysfs_jpeg:s0 +#sysfs graphics +/sys/devices/virtual/graphics/fb0/supported_bitclk u:object_r:sysfs_graphics:s0 + +/sys/devices/platform/soc/c0c4000.sdhci/mmc_host/mmc0/mmc0:0001/block/mmcblk0/queue/discard_max_bytes u:object_r:sysfs_mmc_host:s0 + +/sys/devices/platform/soc/151c0000.slim/tavil-slim-pgd/wakeup/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 diff --git a/sepolicy/legacy/vendor/sdm660/genfs_contexts b/sepolicy/legacy/vendor/sdm660/genfs_contexts new file mode 100644 index 000000000..071f40f52 --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/genfs_contexts @@ -0,0 +1,158 @@ +# Copyright (c) 2018, 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +################################### + +#secure touch sysfs node +genfscon sysfs /devices/soc/c178000.i2c/i2c-4/4-0020 u:object_r:sysfs_sectouch:s0 + +genfscon sysfs /devices/soc/cce0000.qcom,venus/subsys0/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/soc/1a300000.qcom,turing/subsys3/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/soc/4080000.qcom,mss/subsys4/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/soc/soc:qcom,kgsl-hyp/subsys1/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/soc/15700000.qcom,lpass/subsys2/name u:object_r:sysfs_ssr:s0 + +#SSR nodes for sdm660 with kernel 4.14 has different path +genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys0/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/cce0000.qcom,venus/subsys1/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/15700000.qcom,lpass/subsys2/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/1a300000.qcom,turing/subsys3/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys4/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /bus/msm_subsys u:object_r:sysfs_ssr:s0 + +#for sdm630 +genfscon sysfs /devices/soc/4080000.qcom,mss/subsys3/name u:object_r:sysfs_ssr:s0 + +#sdm660 +genfscon sysfs /devices/soc/cce0000.qcom,venus/subsys1/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/soc/4080000.qcom,mss/subsys0/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/soc/soc:qcom,kgsl-hyp/subsys4/name u:object_r:sysfs_ssr:s0 + +#pmic sysfs_nodes +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/dc u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/main u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/pc_port u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qpnp,fg/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,usb-pdphy@1700/usbpd/usbpd0 u:object_r:sysfs_usbpd_device:s0 +genfscon sysfs /devices/soc/c176000.i2c/i2c-2/2-001d/power_supply/parallel u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /class/qcom-battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/red u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/green u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/blue u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d800/leds/wled u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/ca0c000.qcom,cci/ca0c000.qcom,cci:qcom,camera@0/video4linux/video4/name u:object_r:sysfs_graphics:s0 + +#pmic sysfs nodes for sdm660 with kernel 4.14 have different paths +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/battery u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/dc u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/main u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/pc_port u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/usb u:object_r:sysfs_usb_supply:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qpnp,fg/power_supply/bms u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,usb-pdphy@1700/usbpd/usbpd0 u:object_r:sysfs_usbpd_device:s0 +genfscon sysfs /devices/platform/soc/c176000.i2c/i2c-2/2-001d/power_supply/parallel u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/red u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/green u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/blue u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0 + +#cpu-ddr devfreq nodes for K4.14 +genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-ddr-lat/devfreq u:object_r:sysfs_devfreq:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,cpu4-cpu-ddr-lat/devfreq u:object_r:sysfs_devfreq:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-ddr-latfloor/devfreq u:object_r:sysfs_devfreq:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,cpu4-cpu-ddr-latfloor/devfreq u:object_r:sysfs_devfreq:s0 + +#net sysfs +genfscon sysfs /devices/platform/soc/18800000.qcom,icnss/net u:object_r:sysfs_net:s0 + +#vibrator sysfs node +genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-01/800f000.qcom,spmi:qcom,pm660@1:qcom,haptics@c000/leds/vibrator u:object_r:sysfs_leds:s0 + +genfscon sysfs /kernel/slab/zs_handle/store_user u:object_r:sysfs_slab_zshandle_storeuser:s0 +genfscon sysfs /kernel/slab/zspage/store_user u:object_r:sysfs_slab_zspage_storeuser:s0 + +#SDM660 specific wakeup nodes +genfscon sysfs /devices/platform/soc/15700000.qcom,lpass/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/1a300000.qcom,turing/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/diag/diag/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/14780000.qcom,ipa/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/a800000.ssusb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-modem/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:gpio_keys/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-adsp/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_aac/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_alac/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_amrnb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_amrwb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_amrwbplus/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_ape/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_evrc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_g711alaw/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_g711mlaw/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_mp3/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_qcelp/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_wma/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_wmapro/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/misc/msm_multi_aac/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/4080000.qcom,mss/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/cce0000.qcom,venus/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/18800000.qcom,icnss/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-cdsp/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/c1b6000.i2c/i2c-6/6-0028/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,smp2p_sleepstate/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/c176000.i2c/i2c-2/2-001d/power_supply/parallel/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/ca0c000.qcom,cci/ca0c000.qcom,cci:qcom,camera@2/video4linux/video3/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:anlg-cdc@f000/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/ca0c000.qcom,cci/ca0c000.qcom,cci:qcom,camera@0/video4linux/video4/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qpnp,fg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,pm660_rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pm660l@2:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,pm660_rtc/rtc/rtc0/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qpnp,fg/power_supply/bms/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/main/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,usb-pdphy@1700/usbpd/usbpd0/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/pc_port/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 + +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,usb-pdphy@1700/extcon/extcon4/cable.0/name u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,usb-pdphy@1700/extcon/extcon4/cable.1/name u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,usb-pdphy@1700/extcon/extcon4/cable.2/name u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon0/cable.1/name u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon1/cable.1/name u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,mdss_wb_panel/extcon/extcon2/cable.0/name u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/extcon/extcon3/cable.0/name u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/extcon/extcon3/cable.1/name u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon0/state u:object_r:sysfs_graphics:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon1/state u:object_r:sysfs_graphics:s0 diff --git a/sepolicy/legacy/vendor/sdm660/hal_graphics_composer.te b/sepolicy/legacy/vendor/sdm660/hal_graphics_composer.te new file mode 100644 index 000000000..99626a17b --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/hal_graphics_composer.te @@ -0,0 +1,28 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow hal_graphics_composer_default sysfs:file read; diff --git a/sepolicy/legacy/vendor/sdm660/idmap.te b/sepolicy/legacy/vendor/sdm660/idmap.te new file mode 100755 index 000000000..5a17b2589 --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/idmap.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, 2018 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#for oemfs +r_dir_file(idmap, oemfs); diff --git a/sepolicy/legacy/vendor/sdm660/init-qti-fbe-sh.te b/sepolicy/legacy/vendor/sdm660/init-qti-fbe-sh.te new file mode 100644 index 000000000..702223ec9 --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/init-qti-fbe-sh.te @@ -0,0 +1,37 @@ +# Copyright (c) 2016,2017 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type init-qti-fbe-sh, domain; +type init-qti-fbe-sh_exec, exec_type, file_type, vendor_file_type; + +init_daemon_domain(init-qti-fbe-sh) + +allow init-qti-fbe-sh vendor_shell_exec:file rx_file_perms; + +# execute toybox/toolbox +allow init-qti-fbe-sh vendor_toolbox_exec:file rx_file_perms; +get_prop(init-qti-fbe-sh, vendor_tee_listener_prop) diff --git a/sepolicy/legacy/vendor/sdm660/init.te b/sepolicy/legacy/vendor/sdm660/init.te new file mode 100644 index 000000000..7dbc1bce8 --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/init.te @@ -0,0 +1,29 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow init socket_device:sock_file { unlink setattr create }; +allow init vendor_file:file execute; diff --git a/sepolicy/legacy/vendor/sdm660/init_shell.te b/sepolicy/legacy/vendor/sdm660/init_shell.te new file mode 100644 index 000000000..57154014a --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/init_shell.te @@ -0,0 +1,36 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# For regionalization +allow qti_init_shell regionalization_file:dir r_dir_perms; +allow qti_init_shell regionalization_file:file create_file_perms; + +#Needed for starting cdsprpcd service post-boot +set_prop(qti_init_shell, vendor_cdsprpcd_prop) +#Needed for ctl property denials +allow qti_init_shell ctl_start_prop:property_service set; +allow qti_init_shell ctl_stop_prop:property_service set; diff --git a/sepolicy/legacy/vendor/sdm660/location_app.te b/sepolicy/legacy/vendor/sdm660/location_app.te new file mode 100644 index 000000000..0d0273bbc --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/location_app.te @@ -0,0 +1,28 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow vendor_location_app sysfs_kgsl_gpu_model:file r_file_perms; diff --git a/sepolicy/legacy/vendor/sdm660/platform_app.te b/sepolicy/legacy/vendor/sdm660/platform_app.te new file mode 100755 index 000000000..bc02a1912 --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/platform_app.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#for oemfs +allow platform_app oemfs:lnk_file { read getattr }; diff --git a/sepolicy/legacy/vendor/sdm660/priv_app.te b/sepolicy/legacy/vendor/sdm660/priv_app.te new file mode 100755 index 000000000..203ed549f --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/priv_app.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#for oemfs +allow priv_app oemfs:lnk_file { read getattr }; diff --git a/sepolicy/legacy/vendor/sdm660/property.te b/sepolicy/legacy/vendor/sdm660/property.te new file mode 100644 index 000000000..20a82c431 --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/property.te @@ -0,0 +1,29 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#properites for init.qcom.sh script +vendor_restricted_prop(vendor_cdsprpcd_prop); diff --git a/sepolicy/legacy/vendor/sdm660/property_contexts b/sepolicy/legacy/vendor/sdm660/property_contexts new file mode 100644 index 000000000..5f846afc3 --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/property_contexts @@ -0,0 +1,28 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +ctl.vendor.cdsprpcd u:object_r:vendor_cdsprpcd_prop:s0 diff --git a/sepolicy/legacy/vendor/sdm660/recovery.te b/sepolicy/legacy/vendor/sdm660/recovery.te new file mode 100644 index 000000000..4f75bc4ed --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/recovery.te @@ -0,0 +1,30 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +recovery_only(` + allow recovery vendor_shell_exec:file x_file_perms; +') diff --git a/sepolicy/legacy/vendor/sdm660/system_server.te b/sepolicy/legacy/vendor/sdm660/system_server.te new file mode 100755 index 000000000..d2cb28e2a --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/system_server.te @@ -0,0 +1,29 @@ +# Copyright (c) 2016, 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow system_server resourcecache_data_file:dir create_dir_perms; +allow system_server resourcecache_data_file:file create_file_perms; diff --git a/sepolicy/legacy/vendor/sdm660/thermal-engine.te b/sepolicy/legacy/vendor/sdm660/thermal-engine.te new file mode 100644 index 000000000..e24c0dc43 --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/thermal-engine.te @@ -0,0 +1,31 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow thermal-engine sysfs_devfreq:dir { open read search }; +allow thermal-engine sysfs_thermal:dir { open read search }; +allow thermal-engine sysfs:dir {open read search }; +allow thermal-engine sysfs_kgsl:dir { open read }; diff --git a/sepolicy/legacy/vendor/sdm660/update_engine_common.te b/sepolicy/legacy/vendor/sdm660/update_engine_common.te new file mode 100644 index 000000000..bf757a3b3 --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/update_engine_common.te @@ -0,0 +1,47 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Allow update_engine and update_engine_sideload (recovery) read/write on the +# device-specific partitions it should update. +allow update_engine_common { + custom_ab_block_device + xbl_block_device + ssd_device + modem_block_device + root_block_device + system_block_device + boot_block_device + mdtp_device + recovery_block_device +}:blk_file rw_file_perms; + +allow update_engine_common tmpfs:lnk_file r_file_perms; +allow update_engine_common metadata_file:dir search; +allow update_engine_common {adsprpcd_file firmware_file}:dir search; +allow update_engine_common {bt_firmware_file firmware_file}:filesystem getattr; + +dontaudit update_engine_common self:capability {dac_read_search dac_override}; diff --git a/sepolicy/legacy/vendor/sdm660/vendor_init.te b/sepolicy/legacy/vendor/sdm660/vendor_init.te new file mode 100644 index 000000000..b29678cfa --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/vendor_init.te @@ -0,0 +1,30 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow vendor_init vendor_freq_prop:property_service set; + +set_prop(vendor_init, vendor_video_prop); diff --git a/sepolicy/legacy/vendor/sdm660/zygote.te b/sepolicy/legacy/vendor/sdm660/zygote.te new file mode 100644 index 000000000..bd1bb3331 --- /dev/null +++ b/sepolicy/legacy/vendor/sdm660/zygote.te @@ -0,0 +1,33 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# For regionalization +allow zygote oemfs:dir r_dir_perms; +allow zygote oemfs:file r_file_perms; + +#video prop permisssions +get_prop(zygote , vendor_video_prop) diff --git a/sepolicy/legacy/vendor/test/property.te b/sepolicy/legacy/vendor/test/property.te index 3b8838de0..1857caef4 100644 --- a/sepolicy/legacy/vendor/test/property.te +++ b/sepolicy/legacy/vendor/test/property.te @@ -24,10 +24,9 @@ # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -vendor_restricted_prop(sensors_dbg_prop); +vendor_internal_prop(vendor_wfd_vendor_debug_prop); -#WiFi Display -vendor_restricted_prop(wfd_vendor_debug_prop); +vendor_restricted_prop(vendor_sensors_dbg_prop); #debugutils HAL -vendor_restricted_prop(vendor_dbg_brkpoint_prop); +vendor_internal_prop(vendor_dbg_brkpoint_prop); diff --git a/sepolicy/legacy/vendor/test/property_contexts b/sepolicy/legacy/vendor/test/property_contexts index b468aec7f..867ffa3a3 100644 --- a/sepolicy/legacy/vendor/test/property_contexts +++ b/sepolicy/legacy/vendor/test/property_contexts @@ -24,12 +24,14 @@ # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -persist.vendor.debug.sensors. u:object_r:sensors_dbg_prop:s0 #Wifi Display -persist.vendor.debug.mux. u:object_r:wfd_vendor_debug_prop:s0 -persist.vendor.debug.rtp. u:object_r:wfd_vendor_debug_prop:s0 -persist.vendor.debug.wfd. u:object_r:wfd_vendor_debug_prop:s0 +persist.vendor.debug.mux. u:object_r:vendor_wfd_vendor_debug_prop:s0 +persist.vendor.debug.rtp. u:object_r:vendor_wfd_vendor_debug_prop:s0 +persist.vendor.debug.wfd. u:object_r:vendor_wfd_vendor_debug_prop:s0 + +persist.vendor.debug.sensors. u:object_r:vendor_sensors_dbg_prop:s0 #debugutils HAL vendor.debug.breakpoint.continue u:object_r:vendor_dbg_brkpoint_prop:s0 + diff --git a/sepolicy/legacy/vendor/test/qsta_app.te b/sepolicy/legacy/vendor/test/qsta_app.te new file mode 100644 index 000000000..448de9712 --- /dev/null +++ b/sepolicy/legacy/vendor/test/qsta_app.te @@ -0,0 +1,62 @@ +# Copyright (c) 2018,2020-2021 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +## qsta_app +## +## This file defines the permissions that qsta_apps can carry + +type qsta_app, domain; +app_domain(qsta_app) +hal_client_domain(qsta_app, hal_perf) + +#allow only qsta_app with userdebug to access ioctl +userdebug_or_eng(` + allowxperm qsta_app self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls; + allow qsta_app self:{ socket qipcrtr_socket } create_socket_perms; + allow qsta_app xdsp_device:chr_file r_file_perms; + allow qsta_app ssr_device:chr_file r_file_perms; +') + +allow qsta_app { + app_api_service + surfaceflinger_service + audioserver_service + mediaserver_service +}:service_manager find; + +allow qsta_app mnt_vendor_file:dir { getattr search }; +allow qsta_app system_app_data_file:dir create_dir_perms; +allow qsta_app system_app_data_file:file create_file_perms; +allow qsta_app diag_device:chr_file { read write open ioctl }; +allow qsta_app sensors_persist_file:dir { getattr search }; +allow qsta_app sensors_persist_file:file { read open }; + +allow qsta_app vendor_file:file read; +allow qsta_app gpuservice:binder call; +allow qsta_app sysfs_data:file read; +allow qsta_app sysfs_data:file open; +get_prop(qsta_app, vendor_sensors_prop); diff --git a/sepolicy/legacy/vendor/test/seapp_contexts b/sepolicy/legacy/vendor/test/seapp_contexts index b9e982f06..fe87e6ad3 100644 --- a/sepolicy/legacy/vendor/test/seapp_contexts +++ b/sepolicy/legacy/vendor/test/seapp_contexts @@ -43,9 +43,15 @@ user=_app seinfo=platform name=com.qti.qualcomm.npudemo domain=npu_app type=app_ #Add new domain for VT loopback app user=_app seinfo=platform name=com.qti.vtloopback domain=vtloopback_app type=app_data_file levelfrom=all +#Add new domain for sysmon app +user=_app seinfo=platform name=com.qualcomm.qti.sysmonappExternal domain=sysmon_app type=app_data_file levelFrom=all + #Add new domain for usta app -user=_app seinfo=platform name=com.qualcomm.qti.usta domain=vendor_usta_app type=app_data_file levelFrom=all +user=system seinfo=platform name=com.qualcomm.qti.usta domain=vendor_usta_app type=system_app_data_file #Add new domain for ustaservice app # Needed for USTA test app user=system seinfo=platform name=com.qualcomm.qti.ustaservice domain=ustaservice_app type=system_app_data_file + +#Add new domain for qsta app +user=_app seinfo=platform name=com.qualcomm.qti.sensors.qsensortest domain=qsta_app type=app_data_file levelFrom=all diff --git a/sepolicy/legacy/vendor/test/sysmon_app.te b/sepolicy/legacy/vendor/test/sysmon_app.te new file mode 100644 index 000000000..0ce1866f4 --- /dev/null +++ b/sepolicy/legacy/vendor/test/sysmon_app.te @@ -0,0 +1,41 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +## sysmon_app +## +## This file defines the permissions that sysmon_apps can carry + +type sysmon_app, domain; + +app_domain(sysmon_app) + +# display by the com.qualcomm.qti.sysmonappExternal.SysMonApp +allow sysmon_app app_api_service:service_manager find; + +# Allow access to FastRPC +allow sysmon_app qdsp_device:chr_file r_file_perms; +allow sysmon_app xdsp_device:chr_file r_file_perms; diff --git a/sepolicy/legacy/vendor/test/sysmonapp/sysmonapp_app.te b/sepolicy/legacy/vendor/test/sysmonapp/sysmonapp_app.te new file mode 100644 index 000000000..f2d14829e --- /dev/null +++ b/sepolicy/legacy/vendor/test/sysmonapp/sysmonapp_app.te @@ -0,0 +1,43 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +## sysmonapp_app +## This file defines permissions that sysmonapp_app can carry + +type sysmonapp_app, domain; +app_domain(sysmonapp_app); + +# For service manager access +allow sysmonapp_app app_api_service:service_manager find; + +# For access to camera and media +allow sysmonapp_app cameraserver_service:service_manager find; +allow sysmonapp_app mediaserver_service:service_manager find; + +# To access FastRPC devices +allow sysmonapp_app qdsp_device:chr_file r_file_perms; +allow sysmonapp_app xdsp_device:chr_file r_file_perms; diff --git a/sepolicy/legacy/vendor/test/usta_app.te b/sepolicy/legacy/vendor/test/usta_app.te index 2f9a40426..398d704a0 100755 --- a/sepolicy/legacy/vendor/test/usta_app.te +++ b/sepolicy/legacy/vendor/test/usta_app.te @@ -33,12 +33,12 @@ type vendor_usta_app, domain, mlstrustedsubject; app_domain(vendor_usta_app) hal_client_domain(vendor_usta_app, vendor_hal_perf) -get_prop(vendor_usta_app, sensors_prop) +get_prop(vendor_usta_app, vendor_sensors_prop) #allow only vendor_usta_app with userdebug to access ioctl userdebug_or_eng(` diag_use(vendor_usta_app) - get_prop(vendor_usta_app, sensors_dbg_prop) + get_prop(vendor_usta_app, vendor_sensors_dbg_prop) allowxperm vendor_usta_app self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls; allow vendor_usta_app self:{ socket qipcrtr_socket } create_socket_perms; allow vendor_usta_app xdsp_device:chr_file r_file_perms; diff --git a/sepolicy/legacy/vendor/test/vtloopback_app.te b/sepolicy/legacy/vendor/test/vtloopback_app.te index 7b40c8258..0a0039c1b 100755 --- a/sepolicy/legacy/vendor/test/vtloopback_app.te +++ b/sepolicy/legacy/vendor/test/vtloopback_app.te @@ -35,6 +35,6 @@ binder_call(vtloopback_app, hal_imsrtp) allow vtloopback_app hal_imsrtp_hwservice:hwservice_manager find; allow vtloopback_app cameraserver_service:service_manager find; allow vtloopback_app mediaserver_service:service_manager find; -get_prop(vtloopback_app, qcom_ims_prop) +get_prop(vtloopback_app, vendor_qcom_ims_prop) allow vtloopback_app { app_api_service activity_service }:service_manager find; ')