FP5: sepolicy: Initial rules & switch to enforcing (7976a8d0) · Commits · e / devices / android_device_fairphone_FP5

BoardConfig.mk

+4 −2

Original line number	Diff line number	Diff line
		@@ -108,8 +108,6 @@ BOARD_KERNEL_CMDLINE := \
		iptable_raw.raw_before_defrag=1 \
		ip6table_raw.raw_before_defrag=1

		BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive

		BOARD_INCLUDE_DTB_IN_BOOTIMG := true
		BOARD_KERNEL_SEPARATED_DTBO := true
		BOARD_KERNEL_PAGESIZE := 4096
		@@ -182,6 +180,10 @@ ENABLE_VENDOR_RIL_SERVICE := true
		# Security
		VENDOR_SECURITY_PATCH := 2023-08-05

		# SELinux
		include device/qcom/sepolicy_vndr-legacy-um/SEPolicy.mk
		BOARD_VENDOR_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/vendor

		# Verified Boot
		BOARD_AVB_ENABLE := true
		ifneq (,$(wildcard $(KEYS_DIR)/avb_murena_rsa4096.pem))

0 → 100644

+3 −0

Original line number	Diff line number	Diff line
		attribute hal_display_iris;
		attribute hal_display_iris_client;
		attribute hal_display_iris_server;

0 → 100644

+10 −0

Original line number	Diff line number	Diff line
		type bt_mac, domain;
		type bt_mac_exec, exec_type, vendor_file_type, file_type;
		init_daemon_domain(bt_mac);

		allow bt_mac vendor_toolbox_exec:file rx_file_perms;

		allow bt_mac mnt_vendor_file:dir search;
		r_dir_file(bt_mac, persist_t2m_param_file)

		set_prop(bt_mac, vendor_bluetooth_prop)

0 → 100644

+2 −0

Original line number	Diff line number	Diff line
		type fingerprint_device, dev_type;
		type vl53l1_device, dev_type;

0 → 100644

+3 −0

Original line number	Diff line number	Diff line
		type fingerprint_data_file, file_type, data_file_type;
		type persist_t2m_param_file, file_type, vendor_persist_type;
		type vendor_sysfs_emkit, fs_type, sysfs_type;