From b8421e0fe77c3ce889ac46efa02ade5a6653100a Mon Sep 17 00:00:00 2001
From: html6405 <peter.schelchshorn@mhs-solutions.at>
Date: Thu, 18 Mar 2021 18:32:39 +0100
Subject: [PATCH 1/3] selinux: Fixed plenty selinux denials, squashed commits.

---
 selinux/private/blank_screen.te      |  1 +
 selinux/private/bluetooth.te         |  2 ++
 selinux/vendor/charger.te            |  3 +++
 selinux/vendor/dumpstate.te          | 23 +++++++++++++++++++++++
 selinux/vendor/hal_health_default.te |  2 ++
 selinux/vendor/hal_wifi_default.te   |  1 +
 selinux/vendor/hwservicemanager.te   |  1 +
 selinux/vendor/param.te              | 12 ++++++++++++
 selinux/vendor/radio.te              |  1 +
 selinux/vendor/secure_element.te     |  1 +
 selinux/vendor/shell.te              |  1 +
 11 files changed, 48 insertions(+)
 create mode 100644 selinux/private/blank_screen.te
 create mode 100644 selinux/private/bluetooth.te
 create mode 100644 selinux/vendor/dumpstate.te
 create mode 100644 selinux/vendor/param.te

diff --git a/selinux/private/blank_screen.te b/selinux/private/blank_screen.te
new file mode 100644
index 0000000..8c445c1
--- /dev/null
+++ b/selinux/private/blank_screen.te
@@ -0,0 +1 @@
+allow blank_screen sysfs_cpuinfo:dir search;
\ No newline at end of file
diff --git a/selinux/private/bluetooth.te b/selinux/private/bluetooth.te
new file mode 100644
index 0000000..a84d5b4
--- /dev/null
+++ b/selinux/private/bluetooth.te
@@ -0,0 +1,2 @@
+allow bluetooth firmware_exynos:dir rw_dir_perms;
+allow bluetooth firmware_exynos:file r_file_perms;
\ No newline at end of file
diff --git a/selinux/vendor/charger.te b/selinux/vendor/charger.te
index 81cc272..cbd630c 100644
--- a/selinux/vendor/charger.te
+++ b/selinux/vendor/charger.te
@@ -1 +1,4 @@
 allow charger sysfs:file rw_file_perms;
+allow charger device:dir { read open };
+allow charger proc_last_kmsg:file { read open };
+allow charger sysfs_cpuinfo:file read;
\ No newline at end of file
diff --git a/selinux/vendor/dumpstate.te b/selinux/vendor/dumpstate.te
new file mode 100644
index 0000000..bf17001
--- /dev/null
+++ b/selinux/vendor/dumpstate.te
@@ -0,0 +1,23 @@
+allow dumpstate efs_device_file:dir getattr;
+allow dumpstate fwk_display_hwservice:hwservice_manager find;
+allow dumpstate fwk_scheduler_hwservice:hwservice_manager find;
+allow dumpstate fwk_sensor_hwservice:hwservice_manager find;
+allow dumpstate hal_cas_hwservice:hwservice_manager find;
+allow dumpstate hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
+allow dumpstate hal_drm_hwservice:hwservice_manager find;
+allow dumpstate hal_health_hwservice:hwservice_manager find;
+allow dumpstate hal_ir_hwservice:hwservice_manager find;
+allow dumpstate hal_light_hwservice:hwservice_manager find;
+allow dumpstate hal_lineage_livedisplay_hwservice:hwservice_manager find;
+allow dumpstate hal_lineage_touch_hwservice:hwservice_manager find;
+allow dumpstate hal_omx_hwservice:hwservice_manager find;
+allow dumpstate hal_power_hwservice:hwservice_manager find;
+allow dumpstate hal_usb_hwservice:hwservice_manager find;
+allow dumpstate hal_wifi_hwservice:hwservice_manager find;
+allow dumpstate hal_wifi_supplicant_hwservice:hwservice_manager find;
+allow dumpstate hidl_allocator_hwservice:hwservice_manager find;
+allow dumpstate hidl_token_hwservice:hwservice_manager find;
+allow dumpstate mnt_media_rw_file:dir getattr;
+allow dumpstate sysfs_cpuinfo:file read;
+allow dumpstate system_net_netd_hwservice:hwservice_manager find;
+allow dumpstate system_wifi_keystore_hwservice:hwservice_manager find;
diff --git a/selinux/vendor/hal_health_default.te b/selinux/vendor/hal_health_default.te
index 607c405..fc49e89 100644
--- a/selinux/vendor/hal_health_default.te
+++ b/selinux/vendor/hal_health_default.te
@@ -1 +1,3 @@
 allow hal_health_default sysfs:file rw_file_perms;
+allow hal_health_default sysfs_cpuinfo:dir search;
+allow hal_health_default sysfs_cpuinfo:file read;
\ No newline at end of file
diff --git a/selinux/vendor/hal_wifi_default.te b/selinux/vendor/hal_wifi_default.te
index 1472fec..5522cbf 100644
--- a/selinux/vendor/hal_wifi_default.te
+++ b/selinux/vendor/hal_wifi_default.te
@@ -17,3 +17,4 @@ allow hal_wifi_default wifi_data_file:dir { search add_name write remove_name };
 allow hal_wifi_default self:udp_socket ioctl;
 allow hal_wifi_default efs_device_file:dir search;
 allow hal_wifi_default wifi_efs_file:dir search;
+allow hal_wifi_default proc_net:file rw_file_perms;
diff --git a/selinux/vendor/hwservicemanager.te b/selinux/vendor/hwservicemanager.te
index 4be6f26..c696f97 100644
--- a/selinux/vendor/hwservicemanager.te
+++ b/selinux/vendor/hwservicemanager.te
@@ -3,3 +3,4 @@ allow hwservicemanager init:file { open read };
 allow hwservicemanager init:process getattr;
 allow hwservicemanager sysfs_cpuinfo:dir search;
 allow hwservicemanager sysfs_cpuinfo:file { getattr open read };
+allow hwservicemanager dumpstate:fd use;
diff --git a/selinux/vendor/param.te b/selinux/vendor/param.te
new file mode 100644
index 0000000..aa1ed60
--- /dev/null
+++ b/selinux/vendor/param.te
@@ -0,0 +1,12 @@
+type param, domain;
+type param_exec, exec_type, file_type;
+
+permissive param;
+init_daemon_domain(param);
+
+allow param sysfs_cpuinfo:dir search;
+allow param toolbox_exec:file { execute execute_no_trans getattr open read };
+allow param block_device:dir search;
+allow param shell_exec:file { getattr read };
+allow param sysfs_cpuinfo:file { getattr open read };
+allow param system_data_file:dir write;
diff --git a/selinux/vendor/radio.te b/selinux/vendor/radio.te
index 2dc4581..ff212ee 100644
--- a/selinux/vendor/radio.te
+++ b/selinux/vendor/radio.te
@@ -1 +1,2 @@
 allow radio method_trace_data_file:file { read unlink };
+allow radio sysfs_cpuinfo:dir read;
diff --git a/selinux/vendor/secure_element.te b/selinux/vendor/secure_element.te
index 33ac335..1c81ea4 100644
--- a/selinux/vendor/secure_element.te
+++ b/selinux/vendor/secure_element.te
@@ -1 +1,2 @@
 allow secure_element method_trace_data_file:file { execute read unlink };
+allow secure_element sysfs_cpuinfo:dir read;
diff --git a/selinux/vendor/shell.te b/selinux/vendor/shell.te
index 37854d0..2c6eff6 100644
--- a/selinux/vendor/shell.te
+++ b/selinux/vendor/shell.te
@@ -3,3 +3,4 @@ allow shell sysfs_cpuinfo:file { getattr open read };
 allow shell sysfs_display:dir { open read search };
 allow shell sysfs_display:file getattr;
 allow shell sysfs_display:lnk_file { getattr read };
+allow shell sysfs_cpuinfo:dir read;
-- 
GitLab


From e67bfa2f440ae1b3371ef786bd2fda09fa70c06a Mon Sep 17 00:00:00 2001
From: html6405 <peter.schelchshorn@mhs-solutions.at>
Date: Tue, 10 Aug 2021 12:46:01 +0200
Subject: [PATCH 2/3] Fix misc partition path for a working factory reset
 function.

---
 rootdir/fstab.n80xx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rootdir/fstab.n80xx b/rootdir/fstab.n80xx
index 40dbeef..daa7848 100644
--- a/rootdir/fstab.n80xx
+++ b/rootdir/fstab.n80xx
@@ -9,7 +9,7 @@
 /dev/block/mmcblk0p10		/preload		ext4		noatime,nosuid,nodev,journal_async_commit		wait
 /dev/block/mmcblk0p12		/data			f2fs		noatime,discard,inline_xattr,inline_data,nosuid,nodev		wait,check,encryptable=footer
 /dev/block/mmcblk0p12		/data			ext4		noatime,nosuid,nodev,noauto_da_alloc,journal_async_commit,errors=panic		wait,check,encryptable=footer
-/dev/block/platform/dw_mmc/by-name/OTA /misc emmc		defaults										defaults
+/dev/block/mmcblk0p11       /misc           emmc		defaults										defaults
 
 # vold-managed volumes ("block device" is actually a sysfs devpath)
 /devices/platform/s3c-sdhci.2/mmc_host/mmc1*/mmcblk1		auto		auto		defaults		voldmanaged=sdcard1:auto,encryptable=userdata
-- 
GitLab


From ad4eeca33735e6ccf08417a5c1b9527658984c68 Mon Sep 17 00:00:00 2001
From: html6405 <peter.schelchshorn@mhs-solutions.at>
Date: Thu, 7 Oct 2021 15:58:01 +0200
Subject: [PATCH 3/3] n80xx-common: move init.target.usb.rc to n80xx-common.

---
 n80xx-common.mk            |  1 +
 rootdir/init.target.usb.rc | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 rootdir/init.target.usb.rc

diff --git a/n80xx-common.mk b/n80xx-common.mk
index 2171f03..400afd9 100644
--- a/n80xx-common.mk
+++ b/n80xx-common.mk
@@ -29,6 +29,7 @@ PRODUCT_COPY_FILES += \
 	$(LOCAL_PATH)/rootdir/fstab.n80xx:root/fstab.smdk4x12 \
     $(LOCAL_PATH)/rootdir/ueventd.smdk4x12.rc:root/ueventd.smdk4x12.rc \
     $(LOCAL_PATH)/rootdir/ueventd.smdk4x12.rc:recovery/root/ueventd.smdk4x12.rc \
+    $(LOCAL_PATH)/rootdir/init.target.usb.rc:root/init.target.usb.rc
 
 # Audio
 PRODUCT_COPY_FILES += \
diff --git a/rootdir/init.target.usb.rc b/rootdir/init.target.usb.rc
new file mode 100644
index 0000000..5b48ff1
--- /dev/null
+++ b/rootdir/init.target.usb.rc
@@ -0,0 +1,17 @@
+on property:sys.usb.config=mtp
+    write /sys/class/android_usb/android0/enable 0
+    write /sys/class/android_usb/android0/idVendor 04E8
+    write /sys/class/android_usb/android0/idProduct 685E
+    write /sys/class/android_usb/android0/functions ${sys.usb.config}
+    write /sys/class/android_usb/android0/enable 1
+    setprop sys.usb.state ${sys.usb.config}
+
+on property:sys.usb.config=mtp,adb
+    write /sys/class/android_usb/android0/enable 0
+    write /sys/class/android_usb/android0/idVendor 04E8
+    write /sys/class/android_usb/android0/idProduct 6860
+    write /sys/class/android_usb/android0/functions ${sys.usb.config}
+    write /sys/class/android_usb/android0/enable 1
+    start adbd
+    start umsservice
+    setprop sys.usb.state ${sys.usb.config}
-- 
GitLab