Verified Commit 44fdb056 authored by steadfasterX's avatar steadfasterX 😁
Browse files

universal7870:selinux: split by private/pub/vendor


Signed-off-by: steadfasterX's avatarsteadfasterX <steadfasterX@gmail.com>
parent d7b4cdb9
......@@ -168,8 +168,11 @@ VENDOR_SECURITY_PATCH := 2019-10-05
BOARD_SECCOMP_POLICY := $(LOCAL_PATH)/seccomp
# SELinux
BOARD_SEPOLICY_DIRS := $(LOCAL_PATH)/sepolicy
BOARD_SEPOLICY_VERS := $(PLATFORM_SDK_VERSION).0
BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(LOCAL_PATH)/sepolicy/private
BOARD_PLAT_PUBLIC_SEPOLICY_DIR += $(LOCAL_PATH)/sepolicy/public
BOARD_SEPOLICY_DIRS := $(LOCAL_PATH)/sepolicy/vendor
# Shim
TARGET_LD_SHIM_LIBS += \
......
......@@ -48,6 +48,7 @@ type sysfs_block, sysfs_type, fs_type, mlstrustedobject;
type sysfs_jack, sysfs_type, fs_type, mlstrustedobject;
type sysfs_v4l, sysfs_type, fs_type, mlstrustedobject;
type sysfs_sswap, sysfs_type, fs_type, mlstrustedobject;
type sysfs_kgsl, sysfs_type, fs_type;
### data types
type biometrics_vendor_data_file, file_type, data_file_type;
......
allow hal_memtrack_default debugfs:dir { open read };
r_dir_file(hal_memtrack_default, sysfs_kgsl)
#allow hal_memtrack_default debugfs:file { getattr open read };
### efs types
type app_efs_file, file_type;
type battery_efs_file, file_type;
type baro_delta_factoryapp_efs_file, file_type;
type bin_nv_data_efs_file, file_type;
type sec_efs_file, file_type;
# widewine, drm
type cpk_efs_file, file_type;
type drm_efs_file, file_type;
type factorymode_factoryapp_efs_file, file_type;
type imei_efs_file, file_type;
type prov_efs_file, file_type;
type radio_factoryapp_efs_file, file_type;
type sensor_efs_file, file_type;
type sensor_factoryapp_efs_file, file_type;
type wifi_efs_file, file_type;
# gps
type gps_data_file, file_type, data_file_type, core_data_file_type;
type gps_socket, file_type;
# proc
type proc_vm, fs_type, proc_type;
type proc_dt_firmware, fs_type, proc_type;
type proc_reset_reason, fs_type, proc_type;
type proc_simslot_count, fs_type, proc_type;
type proc_input_devices, fs_type, proc_type;
type proc_sec, fs_type, proc_type;
### sysfs types
#type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_mdnie, fs_type, sysfs_type, mlstrustedobject;
type sysfs_mipi, fs_type, sysfs_type, mlstrustedobject;
type sysfs_multipdp, fs_type, sysfs_type, mlstrustedobject;
type sysfs_sec, fs_type, sysfs_type, fs_type, mlstrustedobject;
type sysfs_sensors, fs_type, sysfs_type, fs_type, mlstrustedobject;
type sysfs_input, fs_type, sysfs_type, fs_type, mlstrustedobject;
type sysfs_camera, fs_type, sysfs_type, mlstrustedobject;
type sysfs_gps, fs_type, sysfs_type, mlstrustedobject;
type sysfs_light, fs_type, sysfs_type, mlstrustedobject;
type sysfs_wifi, fs_type, sysfs_type, mlstrustedobject;
type sysfs_usb_supply, sysfs_type, fs_type, mlstrustedobject;
type sysfs_mmc, sysfs_type, fs_type, mlstrustedobject;
type sysfs_graphics, sysfs_type, fs_type, mlstrustedobject;
type sysfs_ion, sysfs_type, fs_type, mlstrustedobject;
type sysfs_block, sysfs_type, fs_type, mlstrustedobject;
type sysfs_jack, sysfs_type, fs_type, mlstrustedobject;
type sysfs_v4l, sysfs_type, fs_type, mlstrustedobject;
type sysfs_sswap, sysfs_type, fs_type, mlstrustedobject;
type sysfs_kgsl, sysfs_type, fs_type;
### data types
type biometrics_vendor_data_file, file_type, data_file_type;
type camera_vendor_data_file, file_type, data_file_type;
type conn_vendor_data_file, file_type, data_file_type;
type display_vendor_data_file, file_type, data_file_type;
type gk_vendor_data_file, file_type, data_file_type;
type gps_vendor_data_file, file_type, data_file_type;
type log_vendor_data_file, file_type, data_file_type;
type log_cbd_vendor_data_file, file_type, data_file_type;
type media_vendor_data_file, file_type, data_file_type;
type mediadrm_vendor_data_file, file_type, data_file_type;
type radio_vendor_data_file, file_type, data_file_type;
type sswap_vendor_data_file, file_type, data_file_type;
type wifi_vendor_data_file, file_type, data_file_type;
# sfX debug
type boot_log_file, file_type, data_file_type, core_data_file_type;
##########################
# Devices
#
/dev/mali[0-9]* u:object_r:gpu_device:s0
/dev/bcm2079x u:object_r:nfc_device:s0
/dev/sec-nfc u:object_r:nfc_device:s0
/dev/ttySAC3 u:object_r:bluetooth_device:s0
/dev/s5p-smem u:object_r:secmem_device:s0
/dev/mobicore u:object_r:tee_device:s0
/dev/mobicore-user u:object_r:tee_device:s0
/dev/v4l-subdev[0-9]* u:object_r:video_device:s0
/dev/m2m1shot_scaler[0-9]* u:object_r:video_device:s0
/dev/media[0-3]* u:object_r:camera_device:s0
/dev/m2m1shot_jpeg u:object_r:camera_device:s0
/dev/__cbd_msg_ u:object_r:mif_device:s0
/dev/umts.* u:object_r:mif_device:s0
/dev/ehci_power u:object_r:mif_device:s0
/dev/mipi-lli/lli_control u:object_r:mif_device:s0
/dev/ttyBCM[0-9]* u:object_r:bbd_device:s0
/dev/ttySAC[0-9]* u:object_r:bluetooth_device:s0
#/dev/ttySAC0 u:object_r:hci_attach_dev:s0
/dev/block/vnswap0 u:object_r:sswap_device:s0
/dev/block/mmcblk0p[0-9]* u:object_r:emmcblk_device:s0
#/dev/block/platform/13540000.dwmmc0/by-name/EFS u:object_r:efs_block_device:s0
#/dev/block/platform/13540000.dwmmc0/by-name/CPEFS u:object_r:sec_efs_file:s0
#/dev/block/platform/13540000.dwmmc0/by-name/RADIO u:object_r:radio_block_device:s0
/dev/rfkill u:object_r:rfkill_device:s0
/dev/bbd_control u:object_r:bbd_device:s0
/dev/bbd_packet u:object_r:bbd_device:s0
/dev/bbd_patch u:object_r:bbd_device:s0
/dev/bbd_reliable u:object_r:bbd_device:s0
/dev/bbd_sensor u:object_r:bbd_device:s0
/dev/bbd_sio u:object_r:bbd_device:s0
#/dev/ttyBCM[0-9]* u:object_r:bbd_device:s0
/dev/esfp0 u:object_r:fingerprint_device:s0
/dev/vfsspi u:object_r:fingerprint_device:s0
/dev/batch_io u:object_r:sensor_device:s0
/dev/ssp_sensorhub u:object_r:sensor_device:s0
# TFA98xx amplifier
/dev/i2c-0 u:object_r:amplifier_device:s0
# Knox status
/dev/knox_kap u:object_r:knox_device:s0
# gnss
/dev/gnss_ipc u:object_r:gps_device:s0
# audio hal
/dev/i2c-20 u:object_r:audio_device:s0
####################################
# efs files
/efs/FactoryApp(/.*)? u:object_r:app_efs_file:s0
/efs/FactoryApp/baro_delta u:object_r:baro_delta_factoryapp_efs_file:s0
/efs/FactoryApp/factorymode u:object_r:factorymode_factoryapp_efs_file:s0
/efs/FactoryApp/fdata u:object_r:radio_factoryapp_efs_file:s0
/efs/FactoryApp/hist_nv u:object_r:radio_factoryapp_efs_file:s0
/efs/FactoryApp/prox_cal u:object_r:sensor_factoryapp_efs_file:s0
/efs/FactoryApp/test_nv u:object_r:radio_factoryapp_efs_file:s0
/efs/Battery(/.*)? u:object_r:battery_efs_file:s0
/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
/efs/drm(/.*)? u:object_r:drm_efs_file:s0
/efs/gyro_cal_data u:object_r:sensor_efs_file:s0
/efs/h2k\.dat u:object_r:cpk_efs_file:s0
/efs/imei(/.*)? u:object_r:imei_efs_file:s0
/efs/nv_data.bin(.*) u:object_r:bin_nv_data_efs_file:s0
/efs/nv.log u:object_r:bin_nv_data_efs_file:s0
/efs/\.nv_core\.bak(.*) u:object_r:bin_nv_data_efs_file:s0
/efs/prov(/.*)? u:object_r:prov_efs_file:s0
/efs/prov_data(/.*)? u:object_r:prov_efs_file:s0
/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
/efs/wv\.keys u:object_r:cpk_efs_file:s0
/cpefs(/.*)? u:object_r:sec_efs_file:s0
####################################
# data files
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
/data/\.cid\.info u:object_r:wifi_data_file:s0
/data/misc/conn/\.wifiver\.info u:object_r:wifi_data_file:s0
/data/misc/radio(/.*)? u:object_r:radio_data_file:s0
# gps
/data/system/gps(/.*)? u:object_r:gps_data_file:s0
/data/gps/ctrlpipe u:object_r:gps_data_file:s0
/data/gps/\.gpslogd\.pipe u:object_r:gps_data_file:s0
/data/gps/nmeapipe u:object_r:gps_data_file:s0
/data/biometrics(/.*)? u:object_r:fingerprintd_data_file:s0
# camera
/data/camera/ISP_CV u:object_r:camera_data_file:s0
# vendor
/data/vendor/biometrics(/.*)? u:object_r:biometrics_vendor_data_file:s0
/data/vendor/conn(/.*)? u:object_r:conn_vendor_data_file:s0
/data/vendor/gps(/.*)? u:object_r:gps_vendor_data_file:s0
/data/vendor/wifi(/.*)? u:object_r:wifi_vendor_data_file:s0
/data/vendor/log(/.*)? u:object_r:log_vendor_data_file:s0
/data/vendor/log/cbd(/.*)? u:object_r:log_cbd_vendor_data_file:s0
/data/vendor/secradio(/.*)? u:object_r:radio_vendor_data_file:s0
/data/vendor/camera(/.*)? u:object_r:camera_vendor_data_file:s0
/data/vendor/display(/.*)? u:object_r:display_vendor_data_file:s0
/data/vendor/media(/.*)? u:object_r:media_vendor_data_file:s0
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
/data/vendor/gk(/.*)? u:object_r:gk_vendor_data_file:s0
/data/camera(/.*)? u:object_r:camera_data_file:s0
####################################
# sysfs files
#/sys/class/power_supply/battery/music -- u:object_r:sysfs_writable:s0
#/sys/class/devfreq/exynos5-busfreq-mif(/.*)? -- u:object_r:sysfs_writable:s0
#/sys/class/lcd(/.*)? -- u:object_r:sysfs_writable:s0
# bluetooth
/sys/devices/bluetooth.[0-9]*/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
/sys/devices/bluetooth.[0-9]*/rfkill/rfkill0/type u:object_r:sysfs_bluetooth_writable:s0
/sys/class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
/sys/class/rfkill/rfkill0/type u:object_r:sysfs_bluetooth_writable:s0
# CP device
/dev/spi_boot_link u:object_r:radio_device:s0
# cbd
/sys/devices/10f24000.mipi-lli/lli_control u:object_r:sysfs_mipi:s0
# efs
#/cpefs(/.*)? u:object_r:sec_efs_file:s0
#/efs/Battery(/.*)? u:object_r:battery_efs_file:s0
#/efs/DAK(/.*)? u:object_r:prov_efs_file:s0
#/efs/afc(/.*)? u:object_r:sec_efs_file:s0
#/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
#/efs/cpk(/.*)? u:object_r:cpk_efs_file:s0
#/efs/imei(/.*)? u:object_r:imei_efs_file:s0
#/efs/nfc(/.*)? u:object_r:nfc_efs_file:s0
#/efs/nv_data\.bin(.*) u:object_r:bin_nv_data_efs_file:s0
#/efs/pfw_data(/.*)? u:object_r:pfw_efs_file:s0
#/efs/prov(/.*)? u:object_r:prov_efs_file:s0
#/efs/prov_data(/.*)? u:object_r:prov_efs_file:s0
#/efs/root(/.*)? u:object_r:app_efs_file:s0
#/efs/tee(/.*)? u:object_r:tee_efs_file:s0
#/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
/mnt/vendor/efs(/.*)? u:object_r:efs_file:s0
/mnt/vendor/efs/DAK(/.*)? u:object_r:prov_efs_file:s0
/mnt/vendor/efs/afc(/.*)? u:object_r:sec_efs_file:s0
/mnt/vendor/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
/mnt/vendor/efs/cpk(/.*)? u:object_r:cpk_efs_file:s0
/mnt/vendor/efs/imei(/.*)? u:object_r:imei_efs_file:s0
/mnt/vendor/efs/nv_data\.bin(.*) u:object_r:bin_nv_data_efs_file:s0
#/mnt/vendor/efs/pfw_data(/.*)? u:object_r:pfw_efs_file:s0
/mnt/vendor/efs/prov(/.*)? u:object_r:prov_efs_file:s0
/mnt/vendor/efs/prov_data(/.*)? u:object_r:prov_efs_file:s0
/mnt/vendor/efs/root(/.*)? u:object_r:app_efs_file:s0
#/mnt/vendor/efs/tee(/.*)? u:object_r:tee_efs_file:s0
/mnt/vendor/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
# gps
/sys/class/sec/gps u:object_r:sysfs_gps:s0
/sys/devices/soc0/machine u:object_r:sysfs_gps:s0
/sys/devices/soc0/revision u:object_r:sysfs_gps:s0
/sys/devices/139c0000.pinctrl/gpio/gpio137/value u:object_r:sysfs_gps:s0
# rild
/sys/devices/virtual/misc/multipdp(/.*) u:object_r:sysfs_multipdp:s0
/dev/socket/rild2 u:object_r:rild_socket:s0
/dev/socket/rild-debug2 u:object_r:rild_debug_socket:s0
# mDNIe
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/accessibility u:object_r:sysfs_mdnie:s0
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/mode u:object_r:sysfs_mdnie:s0
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/scenario u:object_r:sysfs_mdnie:s0
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/lux u:object_r:sysfs_mdnie:s0
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/sensorRGB u:object_r:sysfs_mdnie:s0
# Lights
/sys/devices/virtual/sec/sec_touchkey/brightness u:object_r:sysfs_light:s0
/sys/devices/14800000.dsim/backlight/panel(/.*)? u:object_r:sysfs_light:s0
/sys/class/leds(/.*)? u:object_r:sysfs_light:s0
/sys/devices/virtual/sec/led(/.*)? u:object_r:sysfs_light:s0
/sys/class/lcd/panel/power_reduce u:object_r:sysfs_light:s0
/sys/devices/i2c.24/i2c-6/6-0030/leds(/.*)? u:object_r:sysfs_light:s0
# Wifi
/sys/module/dhd/parameters/firmware_path u:object_r:sysfs_wifi:s0
####################################
# deamons
#
/(vendor|system/vendor)/bin/mcDriverDaemon u:object_r:tee_exec:s0
/(vendor|system/vendor)/bin/modemloader u:object_r:modemloader_exec:s0
/(vendor|system/vendor)/bin/wifiloader u:object_r:wifiloader_exec:s0
/(vendor|system/vendor)/bin/hw/macloader u:object_r:macloader_exec:s0
/(vendor|system/vendor)/bin/cbd u:object_r:cpboot-daemon_exec:s0
/(vendor|system/vendor)/bin/hw/gpsd u:object_r:gpsd_exec:s0
/(vendor|system/vendor)/bin/sswap u:object_r:sswap_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service\.samsung-exynos u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.samsung u:object_r:hal_lineage_touch_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.widevine u:object_r:hal_drm_widevine_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.samsung u:object_r:hal_light_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.samsung u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service\.exynos u:object_r:hal_power_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@2\.0-service\.samsung u:object_r:hal_thermal_default_exec:s0
# Samsung proprietaries
/(vendor|system/vendor)/bin/hw/sec\.android\.hardware\.nfc@1\.2-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.samsung\.hardware\.gnss@2\.0-service u:object_r:hal_gnss_default_exec:s0
# sfX debug
/data/debug u:object_r:boot_log_file:s0
### efs types
type app_efs_file, file_type;
type battery_efs_file, file_type;
type baro_delta_factoryapp_efs_file, file_type;
type bin_nv_data_efs_file, file_type;
type sec_efs_file, file_type;
# widewine, drm
type cpk_efs_file, file_type;
type drm_efs_file, file_type;
type factorymode_factoryapp_efs_file, file_type;
type imei_efs_file, file_type;
type prov_efs_file, file_type;
type radio_factoryapp_efs_file, file_type;
type sensor_efs_file, file_type;
type sensor_factoryapp_efs_file, file_type;
type wifi_efs_file, file_type;
# gps
type gps_data_file, file_type, data_file_type, core_data_file_type;
type gps_socket, file_type;
# proc
type proc_vm, fs_type, proc_type;
type proc_dt_firmware, fs_type, proc_type;
type proc_reset_reason, fs_type, proc_type;
type proc_simslot_count, fs_type, proc_type;
type proc_input_devices, fs_type, proc_type;
type proc_sec, fs_type, proc_type;
### sysfs types
#type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_mdnie, fs_type, sysfs_type, mlstrustedobject;
type sysfs_mipi, fs_type, sysfs_type, mlstrustedobject;
type sysfs_multipdp, fs_type, sysfs_type, mlstrustedobject;
type sysfs_sec, fs_type, sysfs_type, fs_type, mlstrustedobject;
type sysfs_sensors, fs_type, sysfs_type, fs_type, mlstrustedobject;
type sysfs_input, fs_type, sysfs_type, fs_type, mlstrustedobject;
type sysfs_camera, fs_type, sysfs_type, mlstrustedobject;
type sysfs_gps, fs_type, sysfs_type, mlstrustedobject;
type sysfs_light, fs_type, sysfs_type, mlstrustedobject;
type sysfs_wifi, fs_type, sysfs_type, mlstrustedobject;
type sysfs_usb_supply, sysfs_type, fs_type, mlstrustedobject;
type sysfs_mmc, sysfs_type, fs_type, mlstrustedobject;
type sysfs_graphics, sysfs_type, fs_type, mlstrustedobject;
type sysfs_ion, sysfs_type, fs_type, mlstrustedobject;
type sysfs_block, sysfs_type, fs_type, mlstrustedobject;
type sysfs_jack, sysfs_type, fs_type, mlstrustedobject;
type sysfs_v4l, sysfs_type, fs_type, mlstrustedobject;
type sysfs_sswap, sysfs_type, fs_type, mlstrustedobject;
type sysfs_kgsl, sysfs_type, fs_type;
### data types
type biometrics_vendor_data_file, file_type, data_file_type;
type camera_vendor_data_file, file_type, data_file_type;
type conn_vendor_data_file, file_type, data_file_type;
type display_vendor_data_file, file_type, data_file_type;
type gk_vendor_data_file, file_type, data_file_type;
type gps_vendor_data_file, file_type, data_file_type;
type log_vendor_data_file, file_type, data_file_type;
type log_cbd_vendor_data_file, file_type, data_file_type;
type media_vendor_data_file, file_type, data_file_type;
type mediadrm_vendor_data_file, file_type, data_file_type;
type radio_vendor_data_file, file_type, data_file_type;
type sswap_vendor_data_file, file_type, data_file_type;
type wifi_vendor_data_file, file_type, data_file_type;
# sfX debug
type boot_log_file, file_type, data_file_type, core_data_file_type;
##########################
# Devices
#
/dev/mali[0-9]* u:object_r:gpu_device:s0
/dev/bcm2079x u:object_r:nfc_device:s0
/dev/sec-nfc u:object_r:nfc_device:s0
/dev/ttySAC3 u:object_r:bluetooth_device:s0
/dev/s5p-smem u:object_r:secmem_device:s0
/dev/mobicore u:object_r:tee_device:s0
/dev/mobicore-user u:object_r:tee_device:s0
/dev/v4l-subdev[0-9]* u:object_r:video_device:s0
/dev/m2m1shot_scaler[0-9]* u:object_r:video_device:s0
/dev/media[0-3]* u:object_r:camera_device:s0
/dev/m2m1shot_jpeg u:object_r:camera_device:s0
/dev/__cbd_msg_ u:object_r:mif_device:s0
/dev/umts.* u:object_r:mif_device:s0
/dev/ehci_power u:object_r:mif_device:s0
/dev/mipi-lli/lli_control u:object_r:mif_device:s0
/dev/ttyBCM[0-9]* u:object_r:bbd_device:s0
/dev/ttySAC[0-9]* u:object_r:bluetooth_device:s0
#/dev/ttySAC0 u:object_r:hci_attach_dev:s0
/dev/block/vnswap0 u:object_r:sswap_device:s0
/dev/block/mmcblk0p[0-9]* u:object_r:emmcblk_device:s0
#/dev/block/platform/13540000.dwmmc0/by-name/EFS u:object_r:efs_block_device:s0
#/dev/block/platform/13540000.dwmmc0/by-name/CPEFS u:object_r:sec_efs_file:s0
#/dev/block/platform/13540000.dwmmc0/by-name/RADIO u:object_r:radio_block_device:s0
/dev/rfkill u:object_r:rfkill_device:s0
/dev/bbd_control u:object_r:bbd_device:s0
/dev/bbd_packet u:object_r:bbd_device:s0
/dev/bbd_patch u:object_r:bbd_device:s0
/dev/bbd_reliable u:object_r:bbd_device:s0
/dev/bbd_sensor u:object_r:bbd_device:s0
/dev/bbd_sio u:object_r:bbd_device:s0
#/dev/ttyBCM[0-9]* u:object_r:bbd_device:s0
/dev/esfp0 u:object_r:fingerprint_device:s0
/dev/vfsspi u:object_r:fingerprint_device:s0
/dev/batch_io u:object_r:sensor_device:s0
/dev/ssp_sensorhub u:object_r:sensor_device:s0
# TFA98xx amplifier
/dev/i2c-0 u:object_r:amplifier_device:s0
# Knox status
/dev/knox_kap u:object_r:knox_device:s0
# gnss
/dev/gnss_ipc u:object_r:gps_device:s0
# audio hal
/dev/i2c-20 u:object_r:audio_device:s0
####################################
# efs files
/efs/FactoryApp(/.*)? u:object_r:app_efs_file:s0
/efs/FactoryApp/baro_delta u:object_r:baro_delta_factoryapp_efs_file:s0
/efs/FactoryApp/factorymode u:object_r:factorymode_factoryapp_efs_file:s0
/efs/FactoryApp/fdata u:object_r:radio_factoryapp_efs_file:s0
/efs/FactoryApp/hist_nv u:object_r:radio_factoryapp_efs_file:s0
/efs/FactoryApp/prox_cal u:object_r:sensor_factoryapp_efs_file:s0
/efs/FactoryApp/test_nv u:object_r:radio_factoryapp_efs_file:s0
/efs/Battery(/.*)? u:object_r:battery_efs_file:s0
/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
/efs/drm(/.*)? u:object_r:drm_efs_file:s0
/efs/gyro_cal_data u:object_r:sensor_efs_file:s0
/efs/h2k\.dat u:object_r:cpk_efs_file:s0
/efs/imei(/.*)? u:object_r:imei_efs_file:s0
/efs/nv_data.bin(.*) u:object_r:bin_nv_data_efs_file:s0
/efs/nv.log u:object_r:bin_nv_data_efs_file:s0
/efs/\.nv_core\.bak(.*) u:object_r:bin_nv_data_efs_file:s0
/efs/prov(/.*)? u:object_r:prov_efs_file:s0
/efs/prov_data(/.*)? u:object_r:prov_efs_file:s0
/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
/efs/wv\.keys u:object_r:cpk_efs_file:s0
/cpefs(/.*)? u:object_r:sec_efs_file:s0
####################################
# data files
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
/data/\.cid\.info u:object_r:wifi_data_file:s0
/data/misc/conn/\.wifiver\.info u:object_r:wifi_data_file:s0
/data/misc/radio(/.*)? u:object_r:radio_data_file:s0
# gps
/data/system/gps(/.*)? u:object_r:gps_data_file:s0
/data/gps/ctrlpipe u:object_r:gps_data_file:s0
/data/gps/\.gpslogd\.pipe u:object_r:gps_data_file:s0
/data/gps/nmeapipe u:object_r:gps_data_file:s0
/data/biometrics(/.*)? u:object_r:fingerprintd_data_file:s0
# camera
/data/camera/ISP_CV u:object_r:camera_data_file:s0
# vendor
/data/vendor/biometrics(/.*)? u:object_r:biometrics_vendor_data_file:s0
/data/vendor/conn(/.*)? u:object_r:conn_vendor_data_file:s0
/data/vendor/gps(/.*)? u:object_r:gps_vendor_data_file:s0
/data/vendor/wifi(/.*)? u:object_r:wifi_vendor_data_file:s0
/data/vendor/log(/.*)? u:object_r:log_vendor_data_file:s0
/data/vendor/log/cbd(/.*)? u:object_r:log_cbd_vendor_data_file:s0
/data/vendor/secradio(/.*)? u:object_r:radio_vendor_data_file:s0
/data/vendor/camera(/.*)? u:object_r:camera_vendor_data_file:s0
/data/vendor/display(/.*)? u:object_r:display_vendor_data_file:s0
/data/vendor/media(/.*)? u:object_r:media_vendor_data_file:s0
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
/data/vendor/gk(/.*)? u:object_r:gk_vendor_data_file:s0
/data/camera(/.*)? u:object_r:camera_data_file:s0
####################################
# sysfs files
#/sys/class/power_supply/battery/music -- u:object_r:sysfs_writable:s0
#/sys/class/devfreq/exynos5-busfreq-mif(/.*)? -- u:object_r:sysfs_writable:s0
#/sys/class/lcd(/.*)? -- u:object_r:sysfs_writable:s0
# bluetooth
/sys/devices/bluetooth.[0-9]*/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
/sys/devices/bluetooth.[0-9]*/rfkill/rfkill0/type u:object_r:sysfs_bluetooth_writable:s0
/sys/class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
/sys/class/rfkill/rfkill0/type u:object_r:sysfs_bluetooth_writable:s0
# CP device
/dev/spi_boot_link u:object_r:radio_device:s0
# cbd
/sys/devices/10f24000.mipi-lli/lli_control u:object_r:sysfs_mipi:s0
# efs
#/cpefs(/.*)? u:object_r:sec_efs_file:s0
#/efs/Battery(/.*)? u:object_r:battery_efs_file:s0
#/efs/DAK(/.*)? u:object_r:prov_efs_file:s0
#/efs/afc(/.*)? u:object_r:sec_efs_file:s0
#/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
#/efs/cpk(/.*)? u:object_r:cpk_efs_file:s0
#/efs/imei(/.*)? u:object_r:imei_efs_file:s0
#/efs/nfc(/.*)? u:object_r:nfc_efs_file:s0
#/efs/nv_data\.bin(.*) u:object_r:bin_nv_data_efs_file:s0
#/efs/pfw_data(/.*)? u:object_r:pfw_efs_file:s0
#/efs/prov(/.*)? u:object_r:prov_efs_file:s0
#/efs/prov_data(/.*)? u:object_r:prov_efs_file:s0
#/efs/root(/.*)? u:object_r:app_efs_file:s0
#/efs/tee(/.*)? u:object_r:tee_efs_file:s0
#/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
/mnt/vendor/efs(/.*)? u:object_r:efs_file:s0
/mnt/vendor/efs/DAK(/.*)? u:object_r:prov_efs_file:s0
/mnt/vendor/efs/afc(/.*)? u:object_r:sec_efs_file:s0
/mnt/vendor/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
/mnt/vendor/efs/cpk(/.*)? u:object_r:cpk_efs_file:s0
/mnt/vendor/efs/imei(/.*)? u:object_r:imei_efs_file:s0
/mnt/vendor/efs/nv_data\.bin(.*) u:object_r:bin_nv_data_efs_file:s0
#/mnt/vendor/efs/pfw_data(/.*)? u:object_r:pfw_efs_file:s0
/mnt/vendor/efs/prov(/.*)? u:object_r:prov_efs_file:s0
/mnt/vendor/efs/prov_data(/.*)? u:object_r:prov_efs_file:s0
/mnt/vendor/efs/root(/.*)? u:object_r:app_efs_file:s0
#/mnt/vendor/efs/tee(/.*)? u:object_r:tee_efs_file:s0
/mnt/vendor/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
# gps
/sys/class/sec/gps u:object_r:sysfs_gps:s0
/sys/devices/soc0/machine u:object_r:sysfs_gps:s0
/sys/devices/soc0/revision u:object_r:sysfs_gps:s0
/sys/devices/139c0000.pinctrl/gpio/gpio137/value u:object_r:sysfs_gps:s0
# rild
/sys/devices/virtual/misc/multipdp(/.*) u:object_r:sysfs_multipdp:s0
/dev/socket/rild2 u:object_r:rild_socket:s0
/dev/socket/rild-debug2 u:object_r:rild_debug_socket:s0
# mDNIe
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/accessibility u:object_r:sysfs_mdnie:s0
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/mode u:object_r:sysfs_mdnie:s0
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/scenario u:object_r:sysfs_mdnie:s0
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/lux u:object_r:sysfs_mdnie:s0
/sys/devices/[0-9]*\.dsim/lcd/panel/mdnie/sensorRGB u:object_r:sysfs_mdnie:s0
# Lights
/sys/devices/virtual/sec/sec_touchkey/brightness u:object_r:sysfs_light:s0
/sys/devices/14800000.dsim/backlight/panel(/.*)? u:object_r:sysfs_light:s0
/sys/class/leds(/.*)? u:object_r:sysfs_light:s0
/sys/devices/virtual/sec/led(/.*)? u:object_r:sysfs_light:s0
/sys/class/lcd/panel/power_reduce u:object_r:sysfs_light:s0
/sys/devices/i2c.24/i2c-6/6-0030/leds(/.*)? u:object_r:sysfs_light:s0
# Wifi
/sys/module/dhd/parameters/firmware_path u:object_r:sysfs_wifi:s0
####################################
# deamons
#
/(vendor|system/vendor)/bin/mcDriverDaemon u:object_r:tee_exec:s0
/(vendor|system/vendor)/bin/modemloader u:object_r:modemloader_exec:s0
/(vendor|system/vendor)/bin/wifiloader u:object_r:wifiloader_exec:s0
/(vendor|system/vendor)/bin/hw/macloader u:object_r:macloader_exec:s0
/(vendor|system/vendor)/bin/cbd u:object_r:cpboot-daemon_exec:s0
/(vendor|system/vendor)/bin/hw/gpsd u:object_r:gpsd_exec:s0
/(vendor|system/vendor)/bin/sswap u:object_r:sswap_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service\.samsung-exynos u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.samsung u:object_r:hal_lineage_touch_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.widevine u:object_r:hal_drm_widevine_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.samsung u:object_r:hal_light_default_exec:s0