Commit 13ba4b7a authored by Bernhard Thoben's avatar Bernhard Thoben
Browse files

kitakami-common: sepolicy: Completely rewritten due to several error messages!

Change-Id: Ie0c3192939e38e56e247b4b9b14b9d24e8ff21fa
parent 2ba45871
allow adbd secd_exec:file { getattr read };
allow adsprpcd secd_exec:file { getattr read };
allow apexd secd_exec:file { getattr read };
allow audioserver tad_socket:sock_file write;
allow audioserver perfd:unix_stream_socket connectto;
allow audioserver socket_device:sock_file write;
allow audioserver secd_exec:file { getattr read };
allow bootanim secd_exec:file { getattr read };
allow bootanim userspace_reboot_exported_prop:file { getattr open read };
allow bootstat secd_exec:file { getattr read };
allow cameraserver camera_data_file:sock_file write;
allow cameraserver gpu_device:chr_file rw_file_perms;
allow cameraserver perfd:unix_stream_socket connectto;
allow cameraserver rootfs:lnk_file getattr;
allow cameraserver sysfs_camera_torch:file rw_file_perms;
allow cameraserver sysfs_camera_torch:dir search;
allow cameraserver sysfs_camera_torch:lnk_file read;
allow cameraserver ta_data_file:dir search;
allow cameraserver secd_socket:sock_file write;
allow cameraserver hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
allow cameraserver hal_configstore_default:binder call;
allow cameraserver socket_device:sock_file write;
allow cameraserver sysfs_graphics:file { getattr open read };
allow cameraserver init:unix_dgram_socket sendto;
allow cameraserver qcamerasvr:unix_dgram_socket sendto;
allow cameraserver qcamerasvr:unix_stream_socket connectto;
allow cameraserver secd:unix_stream_socket connectto;
allow cameraserver secd_exec:file { getattr read };
allow cameraserver sysfs_battery_supply:dir search;
allow cameraserver sysfs_battery_supply:file { getattr open read }
allow cameraserver sysfs_graphics:file { getattr open read };
allow cameraserver ta_data_file:dir search;
allow charger self:capability { dac_override dac_read_search };
allow charger sysfs:file { open read getattr };
allow charger sysfs_usb_supply:file { open read getattr };
allow charger sysfs_battery_supply:file { open read getattr };
allow charger device:dir { open read };
allow charger persist_block_device:file { create rw_file_perms };
allow charger system_file:file { entrypoint read execute getattr };
allow crash_dump camera_prop:file { getattr open };
allow crash_dump init:process ptrace;
allow credstore secd_exec:file { getattr read };
type trim_area_partition_device, dev_type;
type diag_partition_device, dev_type;
type subsys_modem_device, dev_type;
type trim_area_partition_device, dev_type;
allow drmserver secd_exec:file { getattr read };
# TAD
type tad_socket, file_type;
type ta_data_file, file_type;
type secd_socket, file_type;
type diag_partition_device, file_type;
type fpc_data_file, file_type;
type secd_data_file, file_type;
# Timekeep
type timekeep_data_file, file_type, data_file_type;
type sysfs_timekeep, fs_type, sysfs_type;
# Macaddr
type secd_socket, file_type;
type sysfs_addrsetup, fs_type, sysfs_type;
type proc_kernel_sched, fs_type;
type sysfs_camera_torch, sysfs_type, file_type;
type sysfs_performance, sysfs_type, fs_type;
type sysfs_msm_subsys, sysfs_type, fs_type;
# Fingerprint
type fpc_data_file, file_type;
# Camera
type sysfs_camera, sysfs_type, fs_type;
type sysfs_performance, sysfs_type, file_type;
type sysfs_timekeep, fs_type, sysfs_type;
type tad_socket, file_type;
type ta_data_file, file_type;
type timekeep_data_file, file_type, data_file_type;
......@@ -19,16 +19,13 @@
/sys/devices/platform/bcmdhd_wlan/macaddr u:object_r:sysfs_addrsetup:s0
/sys/devices(/soc\.0)?/bcmdhd_wlan.83/macaddr u:object_r:sysfs_addrsetup:s0
# Camera
/sys/devices(/soc\.0)?/pmi8994-flash-27(/.*)? u:object_r:sysfs_camera_torch:s0
# Dumpstate HAL
/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.1-service-kitakami u:object_r:hal_dumpstate_impl_exec:s0
# DRM
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.3-service.clearkey u:object_r:hal_drm_clearkey_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.3-service.widevine u:object_r:hal_drm_widevine_exec:s0
# Camera
/sys/devices(/soc\.0)?/pmi8994-flash-27(/.*)? u:object_r:sysfs_camera_torch:s0
# HCI
/dev/ttyHS0 u:object_r:hci_attach_dev:s0
/dev/brcm_bt_drv u:object_r:hci_attach_dev:s0
......@@ -39,13 +36,13 @@
/data/etc u:object_r:ta_data_file:s0
/data/etc(/.*) u:object_r:ta_data_file:s0
# Fingerprint
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service.kitakami u:object_r:hal_fingerprint_default_exec:s0
# Fingerprint sensor SPI device
/data/fpc(/.*)? u:object_r:fpc_data_file:s0
/data/fpcd(/.*)? u:object_r:fpc_data_file:s0
# Fingerprint
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service.kitakami u:object_r:hal_fingerprint_default_exec:s0
# TA
/dev/socket/tad u:object_r:tad_socket:s0
/dev/socket/secd_credmgr_sock u:object_r:secd_socket:s0
......@@ -57,12 +54,12 @@
/idd(/.*)? u:object_r:diag_data_file:s0
/rca(/.*)? u:object_r:firmware_file:s0
# Power Stats
/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service\.mock u:object_r:hal_power_stats_default_exec:s0
# TimeKeep
/data/time(/.*) u:object_r:timekeep_data_file:s0
# Power Stats
/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service\.mock u:object_r:hal_power_stats_default_exec:s0
# Misc
/system/bin/adsprpcd u:object_r:adsprpcd_exec:s0
/system/bin/iddd u:object_r:iddd_exec:s0
......@@ -89,5 +86,3 @@
/system/vendor/bin/perfd u:object_r:perfd_exec:s0
/system/vendor/bin/timekeep u:object_r:timekeep_exec:s0
/system/vendor/(lib|lib64)/libril-wrapper\.so u:object_r:hal_ril_wrapper_exec:s0
allow flags_health_check adbd_prop:file { getattr open };
allow flags_health_check alarm_boot_prop:file { getattr open };
allow flags_health_check alarm_handled_prop:file { getattr open };
allow flags_health_check alarm_instance_prop:file { getattr open };
allow flags_health_check apexd_prop:file { getattr open };
allow flags_health_check apk_verity_prop:file { getattr open };
allow flags_health_check bg_boot_complete_prop:file { getattr open };
allow flags_health_check bg_daemon_prop:file { getattr open };
allow flags_health_check bluetooth_a2dp_offload_prop:file { getattr open };
allow flags_health_check bluetooth_audio_hal_prop:file { getattr open };
allow flags_health_check bluetooth_prop:file { getattr open };
allow flags_health_check boot_animation_prop:file { getattr open };
allow flags_health_check boot_mode_prop:file { getattr open };
allow flags_health_check bootloader_boot_reason_prop:file { getattr open };
allow flags_health_check boottime_prop:file { getattr open };
allow flags_health_check boottime_public_prop:file { getattr open };
allow flags_health_check bpf_progs_loaded_prop:file { getattr open };
allow flags_health_check bservice_prop:file { getattr open };
allow flags_health_check camera_prop:file { getattr open };
allow flags_health_check charger_prop:file { getattr open };
allow flags_health_check cold_boot_done_prop:file { getattr open };
allow flags_health_check coresight_prop:file { getattr open };
allow flags_health_check cpu_variant_prop:file { getattr open };
allow flags_health_check crash_prop:file { getattr open };
allow flags_health_check ctl_LKCore_prop:file { getattr open };
allow flags_health_check ctl_adbd_prop:file { getattr open };
allow flags_health_check ctl_apexd_prop:file { getattr open };
allow flags_health_check ctl_bootanim_prop:file { getattr open };
allow flags_health_check ctl_bugreport_prop:file { getattr open };
allow flags_health_check ctl_console_prop:file { getattr open };
allow flags_health_check ctl_default_prop:file { getattr open };
allow flags_health_check ctl_dumpstate_prop:file { getattr open };
allow flags_health_check ctl_fuse_prop:file { getattr open read };
allow flags_health_check ctl_gsid_prop:file { getattr open };
allow flags_health_check ctl_hbtp_prop:file { getattr open };
allow flags_health_check ctl_interface_restart_prop:file { getattr open };
allow flags_health_check ctl_interface_start_prop:file { getattr open };
allow flags_health_check ctl_interface_stop_prop:file open;
allow flags_health_check ctl_vendor_wigigsvc_prop:file open;
allow flags_health_check qemu_gles_prop:file getattr;
allow flags_health_check qti_prop:file open;
allow flags_health_check scr_enabled_prop:file getattr;
allow flags_health_check ctl_interface_stop_prop:file { getattr open };
allow flags_health_check ctl_mdnsd_prop:file { getattr open };
allow flags_health_check ctl_netmgrd_prop:file { getattr open };
allow flags_health_check ctl_port-bridge_prop:file { getattr open };
allow flags_health_check ctl_qmuxd_prop:file { getattr open };
allow flags_health_check ctl_restart_prop:file { getattr open };
allow flags_health_check ctl_rildaemon_prop:file { getattr open };
allow flags_health_check ctl_sigstop_prop:file { getattr open };
allow flags_health_check ctl_start_prop:file { getattr open };
allow flags_health_check ctl_stop_prop:file { getattr open };
allow flags_health_check ctl_vendor_imsrcsservice_prop:file { getattr open };
allow flags_health_check ctl_vendor_wigigsvc_prop:file { getattr open };
allow flags_health_check device_logging_prop:file { getattr open };
allow flags_health_check diag_mdlog_prop:file { getattr open };
allow flags_health_check dolby_prop:file { getattr open };
allow flags_health_check dumpstate_options_prop:file { getattr open };
allow flags_health_check dynamic_system_prop:file { getattr open };
allow flags_health_check exported_audio_prop:file { getattr open };
allow flags_health_check exported_bluetooth_prop:file { getattr open };
allow flags_health_check exported_camera_prop:file { getattr open };
allow flags_health_check exported_overlay_prop:file { getattr open };
allow flags_health_check exported_wifi_prop:file { getattr open };
allow flags_health_check fastbootd_protocol_prop:file { getattr open };
allow flags_health_check firstboot_prop:file { getattr open };
allow flags_health_check fm_prop:file { getattr open };
allow flags_health_check freq_prop:file { getattr open };
allow flags_health_check fst_prop:file { getattr open };
allow flags_health_check gamed_prop:file { getattr open };
allow flags_health_check graphics_config_prop:file { getattr open };
allow flags_health_check graphics_vulkan_prop:file { getattr open };
allow flags_health_check gsid_prop:file { getattr open };
allow flags_health_check heapprofd_enabled_prop:file { getattr open };
allow flags_health_check hwservicemanager_prop:file { getattr open };
allow flags_health_check hwui_prop:file { getattr open };
allow flags_health_check incremental_prop:file { getattr open };
allow flags_health_check init_perf_lsm_hooks_prop:file { getattr open };
allow flags_health_check init_svc_debug_prop:file { getattr open };
allow flags_health_check ipacm-diag_prop:file { getattr open };
allow flags_health_check ipacm_prop:file { getattr open };
allow flags_health_check last_boot_reason_prop:file { getattr open };
allow flags_health_check llkd_prop:file { getattr open };
allow flags_health_check lmkd_prop:file { getattr open };
allow flags_health_check location_prop:file { getattr open };
allow flags_health_check logpersistd_logging_prop:file { getattr open };
allow flags_health_check lowpan_prop:file { getattr open };
allow flags_health_check lpdumpd_prop:file { getattr open };
allow flags_health_check mdm_helper_prop:file { getattr open };
allow flags_health_check media_variant_prop:file { getattr open };
allow flags_health_check mmc_prop:file { getattr open };
allow flags_health_check mmi_prop:file { getattr open };
allow flags_health_check mock_ota_prop:file { getattr open };
allow flags_health_check mpdecision_prop:file { getattr open };
allow flags_health_check msm_irqbalance_prop:file { getattr open };
allow flags_health_check msm_irqbl_sdm630_prop:file { getattr open };
allow flags_health_check net_dns_prop:file { getattr open };
allow flags_health_check netd_prop:file { getattr open };
allow flags_health_check netd_stable_secret_prop:file { getattr open };
allow flags_health_check nfc_nq_prop:file { getattr open };
allow flags_health_check nnapi_ext_deny_product_prop:file { getattr open };
allow flags_health_check opengles_prop:file { getattr open };
allow flags_health_check overlay_prop:file { getattr open };
allow flags_health_check per_mgr_state_prop:file { getattr open };
allow flags_health_check perfd_prop:file { getattr open };
allow flags_health_check persistent_properties_ready_prop:file { getattr open };
allow flags_health_check postprocessing_prop:file { getattr open };
allow flags_health_check ppd_prop:file { getattr open };
allow flags_health_check qcom_ims_prop:file { getattr open };
allow flags_health_check qdma_prop:file { getattr open };
allow flags_health_check qemu_gles_prop:file { getattr open };
allow flags_health_check qti_prop:file { getattr open };
allow flags_health_check rebootescrow_hal_prop:file { getattr open };
allow flags_health_check reschedule_service_prop:file { getattr open };
allow flags_health_check rmnet_mux_prop:file { getattr open };
allow flags_health_check safemode_prop:file { getattr open };
allow flags_health_check scr_enabled_prop:file { getattr open };
allow flags_health_check sdm_idle_time_prop:file { getattr open };
allow flags_health_check sensors_prop:file { getattr open };
allow flags_health_check serialno_prop:file { getattr open };
allow flags_health_check spcomlib_prop:file { getattr open };
allow flags_health_check storage_config_prop:file { getattr open };
allow flags_health_check surfaceflinger_display_prop:file { getattr open };
allow flags_health_check sys_usb_configfs_prop:file { getattr open };
allow flags_health_check sys_usb_controller_prop:file { getattr open };
allow flags_health_check sys_usb_tethering_prop:file { getattr open };
allow flags_health_check system_adbd_prop:file { getattr open };
allow flags_health_check system_boot_reason_prop:file { getattr open };
allow flags_health_check system_jvmti_agent_prop:file { getattr open read };
allow flags_health_check system_lmk_prop:file { getattr open };
allow flags_health_check system_trace_prop:file { getattr open };
allow flags_health_check test_boot_reason_prop:file { getattr open };
allow flags_health_check alarm_instance_prop:file { getattr open };
allow flags_health_check apexd_prop:file { getattr open };
allow flags_health_check bg_boot_complete_prop:file { getattr open };
allow flags_health_check secd_exec:file { getattr read };
allow flags_health_check test_harness_prop:file { getattr open };
allow flags_health_check theme_prop:file { getattr open };
allow flags_health_check time_prop:file { getattr open };
allow flags_health_check traced_enabled_prop:file { getattr open };
allow flags_health_check traced_lazy_prop:file { getattr open };
allow flags_health_check traced_perf_enabled_prop:file { getattr open };
allow flags_health_check uicc_prop:file { getattr open };
allow flags_health_check userspace_reboot_config_prop:file { getattr open };
allow flags_health_check userspace_reboot_exported_prop:file { getattr open };
allow flags_health_check userspace_reboot_log_prop:file { getattr open };
allow flags_health_check userspace_reboot_test_prop:file { getattr open };
allow flags_health_check usf_prop:file { getattr open };
allow flags_health_check vehicle_hal_prop:file { getattr open };
allow flags_health_check vendor_mpctl_prop:file { getattr open };
allow flags_health_check vendor_rild_libpath_prop:file { getattr open };
allow flags_health_check vendor_security_patch_level_prop:file { getattr open };
allow flags_health_check vendor_system_prop:file { getattr open };
allow flags_health_check vendor_wifi_prop:file { getattr open };
allow flags_health_check vendor_wifi_version:file { getattr open };
allow flags_health_check virtual_ab_prop:file { getattr open };
allow flags_health_check vm_bms_prop:file { getattr open };
allow flags_health_check wifi_prop:file { getattr open };
allow flags_health_check wififtmd_prop:file { getattr open };
allow flags_health_check wigig_prop:file { getattr open };
allow flags_health_check xlat_prop:file { getattr open };
allow fsck diag_partition_device:blk_file { read write };
allow fsck self:capability { dac_override dac_read_search };
allow fsck secd_exec:file { getattr read };
allow fsck persist_file:dir getattr;
allow fsck persist_file:dir rw_dir_perms;
allow fsck tmpfs:blk_file rw_file_perms;
allow fsck block_device:blk_file { read write };
allow fsck_untrusted vold_device:blk_file ioctl;
allow gatekeeperd tee_prop:file { getattr open read };
allow gatekeeperd secd_exec:file { getattr read };
allow gpuservice secd_exec:file { getattr read };
allow hal_audio_default tad_socket:sock_file { create_file_perms write };
allow hal_audio_default secd_exec:file { getattr read };
allow hal_audio_default tad:unix_stream_socket connectto;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment