kitakami-common: sepolicy: Added some more properties.

Change-Id: I1600bc595e55e6b3347ce3a3f70b2171e58e9e89

kitakami-common: sepolicy: Added some more properties.
Change-Id: I1600bc595e55e6b3347ce3a3f70b2171e58e9e89
8958eac2 · Bernhard Thoben · 3a803fcf · 8958eac2 · 8958eac2 · 8958eac2
Commit 8958eac2 authored Nov 14, 2020 by Bernhard Thoben
--- a/sepolicy/vendor/cameraserver.te
+++ b/sepolicy/vendor/cameraserver.te
@@ -2,5 +2,10 @@ allow cameraserver hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find
 allow cameraserver init:unix_dgram_socket sendto;
 allow cameraserver qcamerasvr:unix_dgram_socket sendto;
 allow cameraserver qcamerasvr:unix_stream_socket connectto;
-allow cameraserver sysfs_graphics:file { getattr open read };
+allow cameraserver sysfs_battery_supply:dir search;
+allow cameraserver sysfs_battery_supply:file r_file_perms;
+allow cameraserver sysfs_camera_torch:dir search;
+allow cameraserver sysfs_camera_torch:file rw_file_perms;
+allow cameraserver sysfs_camera_torch:lnk_file read;
+allow cameraserver sysfs_graphics:file r_file_perms;
 allow cameraserver ta_data_file:dir search;
--- a/sepolicy/vendor/crash_dump.te
+++ b/sepolicy/vendor/crash_dump.te
 allow crash_dump camera_prop:file { getattr open };
 allow crash_dump init:process ptrace;
+allow crash_dump keystore:process ptrace;
--- a/sepolicy/vendor/fsck.te
+++ b/sepolicy/vendor/fsck.te
 allow fsck block_device:blk_file { read write };
+allow fsck diag_partition_device:blk_file rw_file_perms;
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -28,6 +28,7 @@ allow init sysfs_msm_perf:file { open write };
 allow init sysfs_thermal:file write;
 allow init sysfs_wake_lock:file { append open };
 allow init system_data_file:file { ioctl lock };
+allow init system_file:dir relabelfrom;
 allow init system_file:file execute_no_trans;
 allow init tee_device:chr_file { ioctl open read write };
 allow init trim_area_partition_device:blk_file setattr;

--- a/sepolicy/vendor/qcamerasvr.te
+++ b/sepolicy/vendor/qcamerasvr.te
@@ -8,9 +8,11 @@ init_daemon_domain(qcamerasvr)
 allow qcamerasvr camera_data_file:dir { add_name remove_name search write };
 allow qcamerasvr camera_data_file:sock_file { create unlink };
 allow qcamerasvr camera_prop:file { getattr open read };
+allow qcamerasvr camera_socket:sock_file unlink;
 allow qcamerasvr cameraserver:fd use;
-allow qcamerasvr ion_device:chr_file { open read };
-allow qcamerasvr sysfs:file { open read };
+allow qcamerasvr hal_graphics_allocator_default:fd use;
+allow qcamerasvr ion_device:chr_file r_file_perms;
+allow qcamerasvr sysfs:file rw_file_perms;
 allow qcamerasvr sysfs_graphics:file { open read };
 allow qcamerasvr ta_data_file:dir search;
 allow qcamerasvr video_device:chr_file { ioctl open read write };
--- a/sepolicy/vendor/vendor.te
+++ b/sepolicy/vendor/vendor.te
+type vendor, domain;
+type vendor_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(vendor)
+