Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
e
devices
android_device_sony_kitakami-common
Commits
973e9db1
Commit
973e9db1
authored
Nov 21, 2020
by
Bernhard Thoben
Browse files
kitakami-common: sepolicy: Labeled some more HALs and addressed them. General clean up.
Change-Id: I2bc5d3a4e90fcb4be3ae6374663be296368b3dfc
parent
e14474c4
Changes
101
Hide whitespace changes
Inline
Side-by-side
sepolicy/vendor/hal_cas_default.te
deleted
100644 → 0
View file @
e14474c4
allow hal_cas_default secd_exec:file { getattr read };
sepolicy/vendor/hal_configstore_default.te
deleted
100644 → 0
View file @
e14474c4
allow hal_configstore_default secd_exec:file { getattr read };
sepolicy/vendor/hal_drm_clearkey.te
0 → 100644
View file @
973e9db1
type hal_drm_clearkey, domain;
type hal_drm_clearkey_exec, exec_type, file_type;
# Started by init
init_daemon_domain(hal_drm_clearkey)
allow hal_drm_clearkey hal_drm_hwservice:hwservice_manager { add find };
allow hal_drm_clearkey hidl_base_hwservice:hwservice_manager add;
allow hal_drm_clearkey hwservicemanager:binder { call transfer };
allow hal_drm_clearkey hwservicemanager_prop:file r_file_perms;
sepolicy/vendor/hal_drm_default.te
deleted
100644 → 0
View file @
e14474c4
allow hal_drm_default secd_exec:file { getattr read };
sepolicy/vendor/hal_fingerprint_default.te
View file @
973e9db1
allow hal_fingerprint_default tee_device:chr_file ioctl;
allow hal_fingerprint_default firmware_file:dir search;
allow hal_fingerprint_default sysfs:file write;
allow hal_fingerprint_default tee_device:chr_file { open read write };
allow hal_fingerprint_default firmware_file:file { getattr open read };
allow hal_fingerprint_default input_device:chr_file { ioctl open read };
allow hal_fingerprint_default input_device:dir { open read };
allow hal_fingerprint_default system_data_file:dir { add_name remove_name write };
allow hal_fingerprint_default system_data_file:sock_file { create unlink };
allow hal_fingerprint_default diag_data_file:dir search;
allow hal_fingerprint_default diag_data_file:sock_file write;
allow hal_fingerprint_default f
pc
_data_file:dir
{ add_name remove_name write }
;
allow hal_fingerprint_default f
pc
_data_file:
sock_
file
{
create
unlink }
;
allow hal_fingerprint_default
init:unix_dgram_socket sendto
;
allow hal_fingerprint_default
iddd:unix_dgram_socket sendto
;
allow hal_fingerprint_default f
ingerprintd
_data_file:dir
create_dir_perms
;
allow hal_fingerprint_default f
ingerprintd
_data_file:file create
_file_perms
;
allow hal_fingerprint_default
firmware_file:dir search
;
allow hal_fingerprint_default
firmware_file:file r_file_perms
;
allow hal_fingerprint_default firmware_file:lnk_file read;
allow hal_fingerprint_default fpc_data_file:dir search;
allow hal_fingerprint_default input_device:dir search;
allow hal_fingerprint_default diag_data_file:dir search;
allow hal_fingerprint_default fpc_data_file:dir create_dir_perms;
allow hal_fingerprint_default fpc_data_file:sock_file create_file_perms;
allow hal_fingerprint_default iddd:unix_dgram_socket sendto;
allow hal_fingerprint_default init:unix_dgram_socket sendto;
allow hal_fingerprint_default input_device:chr_file r_file_perms;
allow hal_fingerprint_default input_device:dir r_dir_perms;
allow hal_fingerprint_default sysfs:file write;
allow hal_fingerprint_default sysfs_battery_supply:dir search;
allow hal_fingerprint_default sysfs_battery_supply:file r_file_perms;
allow hal_fingerprint_default system_data_file:dir create_dir_perms;
allow hal_fingerprint_default system_data_file:sock_file create_file_perms;
allow hal_fingerprint_default tee_device:chr_file ioctl;
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
sepolicy/vendor/hal_graphics_allocator_default.te
View file @
973e9db1
allow hal_graphics_allocator_default sysfs_graphics:file { getattr open read };
allow hal_graphics_allocator_default secd_exec:file { getattr read };
allow hal_graphics_allocator_default sysfs_graphics:file r_file_perms;
sepolicy/vendor/hal_keymaster_qti.te
deleted
100644 → 0
View file @
e14474c4
allow hal_keymaster_qti secd_exec:file { getattr read };
sepolicy/vendor/hal_light_default.te
View file @
973e9db1
allow hal_light_default secd_exec:file { getattr read };
allow hal_light_default sysfs:file { open read write };
allow hal_light_default sysfs:file rw_file_perms;
sepolicy/vendor/hal_lineage_livedisplay_qti.te
View file @
973e9db1
allow hal_lineage_livedisplay_qti ppd:unix_stream_socket connectto;
allow hal_lineage_livedisplay_qti secd_exec:file { getattr read };
sepolicy/vendor/hal_lineage_livedisplay_sysfs.te
View file @
973e9db1
allow hal_lineage_livedisplay_sysfs ppd:unix_stream_socket connectto;
allow hal_lineage_livedisplay_sysfs secd_exec:file { getattr read };
sepolicy/vendor/hal_lineage_trust_default.te
deleted
100644 → 0
View file @
e14474c4
allow hal_lineage_trust_default secd_exec:file { getattr read };
sepolicy/vendor/hal_memtrack_default.te
deleted
100644 → 0
View file @
e14474c4
allow hal_memtrack_default secd_exec:file { getattr read };
sepolicy/vendor/hal_power_default.te
View file @
973e9db1
allow hal_power_default sysfs:file { open write };
allow hal_power_default secd_exec:file { getattr read };
allow hal_power_default sysfs:file rw_file_perms;
sepolicy/vendor/hal_usb_default.te
deleted
100644 → 0
View file @
e14474c4
allow hal_usb_default secd_exec:file { getattr read };
sepolicy/vendor/hal_wifi_default.te
View file @
973e9db1
allow hal_wifi_default firmware_file:file { open read };
allow hal_wifi_default firmware_file:dir search;
allow hal_wifi_default firmware_file:file r_file_perms;
allow hal_wifi_default sysfs:file write;
allow hal_wifi_default system_data_file:file
{ open read }
;
allow hal_wifi_default system_data_file:file
r_file_perms
;
allow hal_wifi_default ta_data_file:dir search;
allow hal_wifi_default ta_data_file:file { open read };
allow hal_wifi_default firmware_file:dir search;
allow hal_wifi_default secd_exec:file { getattr read };
allow hal_wifi_default ta_data_file:file r_file_perms;
sepolicy/vendor/hal_wifi_supplicant_default.te
deleted
100644 → 0
View file @
e14474c4
allow hal_wifi_supplicant_default secd_exec:file { getattr read };
sepolicy/vendor/healthd.te
View file @
973e9db1
allow healthd sysfs:file { getattr open read };
allow healthd secd_exec:file { getattr read };
allow healthd sysfs:file r_file_perms;
sepolicy/vendor/hwservicemanager.te
View file @
973e9db1
allow hwservicemanager hal_drm_clearkey:dir search;
allow hwservicemanager hal_drm_clearkey:file r_file_perms;
allow hwservicemanager hal_drm_clearkey:process getattr;
allow hwservicemanager init:dir search;
allow hwservicemanager init:file
{ open read }
;
allow hwservicemanager init:file
r_file_perms
;
allow hwservicemanager init:process getattr;
allow hwservicemanager secd_exec:file { getattr read };
sepolicy/vendor/iddd.te
View file @
973e9db1
...
...
@@ -5,16 +5,10 @@ type iddd_exec, exec_type, file_type;
# Started by init
init_daemon_domain(iddd)
allow iddd diag_data_file:dir { add_name search write };
allow iddd diag_data_file:file { create lock open read write };
allow iddd diag_data_file:dir { getattr open read remove_name };
allow iddd diag_data_file:file { getattr rename unlink };
allow iddd diag_data_file:sock_file { create setattr };
allow iddd diag_data_file:dir create_dir_perms;
allow iddd diag_data_file:file create_file_perms;
allow iddd diag_data_file:sock_file create_file_perms;
allow iddd firmware_file:dir search;
allow iddd socket_device:sock_file write;
allow iddd diag_data_file:sock_file unlink;
allow iddd tad:unix_stream_socket connectto;
allow iddd tad_socket:sock_file write;
allow iddd diag_data_file:dir { create rmdir };
allow iddd diag_data_file:sock_file write;
allow iddd firmware_file:dir search;
allow iddd secd_exec:file { getattr read };
sepolicy/vendor/idmap.te
deleted
100644 → 0
View file @
e14474c4
allow idmap secd_exec:file { getattr read };
Prev
1
2
3
4
5
6
Next
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment