Skip to content

GitLab

Commit 973e9db1 authored by Bernhard Thoben's avatar Bernhard Thoben
Browse files

kitakami-common: sepolicy: Labeled some more HALs and addressed them. General clean up. 

Change-Id: I2bc5d3a4e90fcb4be3ae6374663be296368b3dfc
parent e14474c4
Hide whitespace changes
Inline Side-by-side
sepolicy/vendor/hal_cas_default.te deleted 100644 → 0
View file @ e14474c4
allow hal_cas_default secd_exec:file { getattr read };
sepolicy/vendor/hal_configstore_default.te deleted 100644 → 0
View file @ e14474c4
allow hal_configstore_default secd_exec:file { getattr read };
sepolicy/vendor/hal_drm_clearkey.te 0 → 100644
View file @ 973e9db1
type hal_drm_clearkey, domain;
type hal_drm_clearkey_exec, exec_type, file_type;
# Started by init
init_daemon_domain(hal_drm_clearkey)
allow hal_drm_clearkey hal_drm_hwservice:hwservice_manager { add find };
allow hal_drm_clearkey hidl_base_hwservice:hwservice_manager add;
allow hal_drm_clearkey hwservicemanager:binder { call transfer };
allow hal_drm_clearkey hwservicemanager_prop:file r_file_perms;
sepolicy/vendor/hal_drm_default.te deleted 100644 → 0
View file @ e14474c4
allow hal_drm_default secd_exec:file { getattr read };
sepolicy/vendor/hal_fingerprint_default.te
View file @ 973e9db1
allow hal_fingerprint_default tee_device:chr_file ioctl;
allow hal_fingerprint_default firmware_file:dir search;
allow hal_fingerprint_default sysfs:file write;
allow hal_fingerprint_default tee_device:chr_file { open read write };
allow hal_fingerprint_default firmware_file:file { getattr open read };
allow hal_fingerprint_default input_device:chr_file { ioctl open read };
allow hal_fingerprint_default input_device:dir { open read };
allow hal_fingerprint_default system_data_file:dir { add_name remove_name write };
allow hal_fingerprint_default system_data_file:sock_file { create unlink };
allow hal_fingerprint_default diag_data_file:dir search;
allow hal_fingerprint_default diag_data_file:sock_file write;
allow hal_fingerprint_default fpc_data_file:dir { add_name remove_name write };
allow hal_fingerprint_default fpc_data_file:sock_file { create unlink };
allow hal_fingerprint_default init:unix_dgram_socket sendto;
allow hal_fingerprint_default iddd:unix_dgram_socket sendto;
allow hal_fingerprint_default fingerprintd_data_file:dir create_dir_perms;
allow hal_fingerprint_default fingerprintd_data_file:file create_file_perms;
allow hal_fingerprint_default firmware_file:dir search;
allow hal_fingerprint_default firmware_file:file r_file_perms;
allow hal_fingerprint_default firmware_file:lnk_file read;
allow hal_fingerprint_default fpc_data_file:dir search;
allow hal_fingerprint_default input_device:dir search;
allow hal_fingerprint_default diag_data_file:dir search;
allow hal_fingerprint_default fpc_data_file:dir create_dir_perms;
allow hal_fingerprint_default fpc_data_file:sock_file create_file_perms;
allow hal_fingerprint_default iddd:unix_dgram_socket sendto;
allow hal_fingerprint_default init:unix_dgram_socket sendto;
allow hal_fingerprint_default input_device:chr_file r_file_perms;
allow hal_fingerprint_default input_device:dir r_dir_perms;
allow hal_fingerprint_default sysfs:file write;
allow hal_fingerprint_default sysfs_battery_supply:dir search;
allow hal_fingerprint_default sysfs_battery_supply:file r_file_perms;
allow hal_fingerprint_default system_data_file:dir create_dir_perms;
allow hal_fingerprint_default system_data_file:sock_file create_file_perms;
allow hal_fingerprint_default tee_device:chr_file ioctl;
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
sepolicy/vendor/hal_graphics_allocator_default.te
View file @ 973e9db1
allow hal_graphics_allocator_default sysfs_graphics:file { getattr open read };
allow hal_graphics_allocator_default secd_exec:file { getattr read };
allow hal_graphics_allocator_default sysfs_graphics:file r_file_perms;
sepolicy/vendor/hal_keymaster_qti.te deleted 100644 → 0
View file @ e14474c4
allow hal_keymaster_qti secd_exec:file { getattr read };
sepolicy/vendor/hal_light_default.te
View file @ 973e9db1
allow hal_light_default secd_exec:file { getattr read };
allow hal_light_default sysfs:file { open read write };
allow hal_light_default sysfs:file rw_file_perms;
sepolicy/vendor/hal_lineage_livedisplay_qti.te
View file @ 973e9db1
allow hal_lineage_livedisplay_qti ppd:unix_stream_socket connectto;
allow hal_lineage_livedisplay_qti secd_exec:file { getattr read };
sepolicy/vendor/hal_lineage_livedisplay_sysfs.te
View file @ 973e9db1
allow hal_lineage_livedisplay_sysfs ppd:unix_stream_socket connectto;
allow hal_lineage_livedisplay_sysfs secd_exec:file { getattr read };
sepolicy/vendor/hal_lineage_trust_default.te deleted 100644 → 0
View file @ e14474c4
allow hal_lineage_trust_default secd_exec:file { getattr read };
sepolicy/vendor/hal_memtrack_default.te deleted 100644 → 0
View file @ e14474c4
allow hal_memtrack_default secd_exec:file { getattr read };
sepolicy/vendor/hal_power_default.te
View file @ 973e9db1
allow hal_power_default sysfs:file { open write };
allow hal_power_default secd_exec:file { getattr read };
allow hal_power_default sysfs:file rw_file_perms;
sepolicy/vendor/hal_usb_default.te deleted 100644 → 0
View file @ e14474c4
allow hal_usb_default secd_exec:file { getattr read };
sepolicy/vendor/hal_wifi_default.te
View file @ 973e9db1
allow hal_wifi_default firmware_file:file { open read };
allow hal_wifi_default firmware_file:dir search;
allow hal_wifi_default firmware_file:file r_file_perms;
allow hal_wifi_default sysfs:file write;
allow hal_wifi_default system_data_file:file { open read };
allow hal_wifi_default system_data_file:file r_file_perms;
allow hal_wifi_default ta_data_file:dir search;
allow hal_wifi_default ta_data_file:file { open read };
allow hal_wifi_default firmware_file:dir search;
allow hal_wifi_default secd_exec:file { getattr read };
allow hal_wifi_default ta_data_file:file r_file_perms;
sepolicy/vendor/hal_wifi_supplicant_default.te deleted 100644 → 0
View file @ e14474c4
allow hal_wifi_supplicant_default secd_exec:file { getattr read };
sepolicy/vendor/healthd.te
View file @ 973e9db1
allow healthd sysfs:file { getattr open read };
allow healthd secd_exec:file { getattr read };
allow healthd sysfs:file r_file_perms;
sepolicy/vendor/hwservicemanager.te
View file @ 973e9db1
allow hwservicemanager hal_drm_clearkey:dir search;
allow hwservicemanager hal_drm_clearkey:file r_file_perms;
allow hwservicemanager hal_drm_clearkey:process getattr;
allow hwservicemanager init:dir search;
allow hwservicemanager init:file { open read };
allow hwservicemanager init:file r_file_perms;
allow hwservicemanager init:process getattr;
allow hwservicemanager secd_exec:file { getattr read };
sepolicy/vendor/iddd.te
View file @ 973e9db1
......@@ -5,16 +5,10 @@ type iddd_exec, exec_type, file_type;
# Started by init
init_daemon_domain(iddd)
allow iddd diag_data_file:dir { add_name search write };
allow iddd diag_data_file:file { create lock open read write };
allow iddd diag_data_file:dir { getattr open read remove_name };
allow iddd diag_data_file:file { getattr rename unlink };
allow iddd diag_data_file:sock_file { create setattr };
allow iddd diag_data_file:dir create_dir_perms;
allow iddd diag_data_file:file create_file_perms;
allow iddd diag_data_file:sock_file create_file_perms;
allow iddd firmware_file:dir search;
allow iddd socket_device:sock_file write;
allow iddd diag_data_file:sock_file unlink;
allow iddd tad:unix_stream_socket connectto;
allow iddd tad_socket:sock_file write;
allow iddd diag_data_file:dir { create rmdir };
allow iddd diag_data_file:sock_file write;
allow iddd firmware_file:dir search;
allow iddd secd_exec:file { getattr read };
sepolicy/vendor/idmap.te deleted 100644 → 0
View file @ e14474c4
allow idmap secd_exec:file { getattr read };
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment