Commit 973e9db1 authored by Bernhard Thoben's avatar Bernhard Thoben
Browse files

kitakami-common: sepolicy: Labeled some more HALs and addressed them. General clean up.

Change-Id: I2bc5d3a4e90fcb4be3ae6374663be296368b3dfc
parent e14474c4
allow hal_cas_default secd_exec:file { getattr read };
allow hal_configstore_default secd_exec:file { getattr read };
type hal_drm_clearkey, domain;
type hal_drm_clearkey_exec, exec_type, file_type;
# Started by init
init_daemon_domain(hal_drm_clearkey)
allow hal_drm_clearkey hal_drm_hwservice:hwservice_manager { add find };
allow hal_drm_clearkey hidl_base_hwservice:hwservice_manager add;
allow hal_drm_clearkey hwservicemanager:binder { call transfer };
allow hal_drm_clearkey hwservicemanager_prop:file r_file_perms;
allow hal_drm_default secd_exec:file { getattr read };
allow hal_fingerprint_default tee_device:chr_file ioctl; allow hal_fingerprint_default diag_data_file:dir search;
allow hal_fingerprint_default firmware_file:dir search;
allow hal_fingerprint_default sysfs:file write;
allow hal_fingerprint_default tee_device:chr_file { open read write };
allow hal_fingerprint_default firmware_file:file { getattr open read };
allow hal_fingerprint_default input_device:chr_file { ioctl open read };
allow hal_fingerprint_default input_device:dir { open read };
allow hal_fingerprint_default system_data_file:dir { add_name remove_name write };
allow hal_fingerprint_default system_data_file:sock_file { create unlink };
allow hal_fingerprint_default diag_data_file:sock_file write; allow hal_fingerprint_default diag_data_file:sock_file write;
allow hal_fingerprint_default fpc_data_file:dir { add_name remove_name write }; allow hal_fingerprint_default fingerprintd_data_file:dir create_dir_perms;
allow hal_fingerprint_default fpc_data_file:sock_file { create unlink }; allow hal_fingerprint_default fingerprintd_data_file:file create_file_perms;
allow hal_fingerprint_default init:unix_dgram_socket sendto; allow hal_fingerprint_default firmware_file:dir search;
allow hal_fingerprint_default iddd:unix_dgram_socket sendto; allow hal_fingerprint_default firmware_file:file r_file_perms;
allow hal_fingerprint_default firmware_file:lnk_file read; allow hal_fingerprint_default firmware_file:lnk_file read;
allow hal_fingerprint_default fpc_data_file:dir search; allow hal_fingerprint_default fpc_data_file:dir create_dir_perms;
allow hal_fingerprint_default input_device:dir search; allow hal_fingerprint_default fpc_data_file:sock_file create_file_perms;
allow hal_fingerprint_default diag_data_file:dir search; allow hal_fingerprint_default iddd:unix_dgram_socket sendto;
allow hal_fingerprint_default init:unix_dgram_socket sendto;
allow hal_fingerprint_default input_device:chr_file r_file_perms;
allow hal_fingerprint_default input_device:dir r_dir_perms;
allow hal_fingerprint_default sysfs:file write;
allow hal_fingerprint_default sysfs_battery_supply:dir search;
allow hal_fingerprint_default sysfs_battery_supply:file r_file_perms;
allow hal_fingerprint_default system_data_file:dir create_dir_perms;
allow hal_fingerprint_default system_data_file:sock_file create_file_perms;
allow hal_fingerprint_default tee_device:chr_file ioctl;
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
allow hal_graphics_allocator_default sysfs_graphics:file { getattr open read }; allow hal_graphics_allocator_default sysfs_graphics:file r_file_perms;
allow hal_graphics_allocator_default secd_exec:file { getattr read };
allow hal_keymaster_qti secd_exec:file { getattr read };
allow hal_light_default secd_exec:file { getattr read }; allow hal_light_default sysfs:file rw_file_perms;
allow hal_light_default sysfs:file { open read write };
allow hal_lineage_livedisplay_qti ppd:unix_stream_socket connectto; allow hal_lineage_livedisplay_qti ppd:unix_stream_socket connectto;
allow hal_lineage_livedisplay_qti secd_exec:file { getattr read };
allow hal_lineage_livedisplay_sysfs ppd:unix_stream_socket connectto; allow hal_lineage_livedisplay_sysfs ppd:unix_stream_socket connectto;
allow hal_lineage_livedisplay_sysfs secd_exec:file { getattr read };
allow hal_lineage_trust_default secd_exec:file { getattr read };
allow hal_memtrack_default secd_exec:file { getattr read };
allow hal_power_default sysfs:file { open write }; allow hal_power_default sysfs:file rw_file_perms;
allow hal_power_default secd_exec:file { getattr read };
allow hal_usb_default secd_exec:file { getattr read };
allow hal_wifi_default firmware_file:file { open read }; allow hal_wifi_default firmware_file:dir search;
allow hal_wifi_default firmware_file:file r_file_perms;
allow hal_wifi_default sysfs:file write; allow hal_wifi_default sysfs:file write;
allow hal_wifi_default system_data_file:file { open read }; allow hal_wifi_default system_data_file:file r_file_perms;
allow hal_wifi_default ta_data_file:dir search; allow hal_wifi_default ta_data_file:dir search;
allow hal_wifi_default ta_data_file:file { open read }; allow hal_wifi_default ta_data_file:file r_file_perms;
allow hal_wifi_default firmware_file:dir search;
allow hal_wifi_default secd_exec:file { getattr read };
allow hal_wifi_supplicant_default secd_exec:file { getattr read };
allow healthd sysfs:file { getattr open read }; allow healthd sysfs:file r_file_perms;
allow healthd secd_exec:file { getattr read };
allow hwservicemanager hal_drm_clearkey:dir search;
allow hwservicemanager hal_drm_clearkey:file r_file_perms;
allow hwservicemanager hal_drm_clearkey:process getattr;
allow hwservicemanager init:dir search; allow hwservicemanager init:dir search;
allow hwservicemanager init:file { open read }; allow hwservicemanager init:file r_file_perms;
allow hwservicemanager init:process getattr; allow hwservicemanager init:process getattr;
allow hwservicemanager secd_exec:file { getattr read };
...@@ -5,16 +5,10 @@ type iddd_exec, exec_type, file_type; ...@@ -5,16 +5,10 @@ type iddd_exec, exec_type, file_type;
# Started by init # Started by init
init_daemon_domain(iddd) init_daemon_domain(iddd)
allow iddd diag_data_file:dir { add_name search write }; allow iddd diag_data_file:dir create_dir_perms;
allow iddd diag_data_file:file { create lock open read write }; allow iddd diag_data_file:file create_file_perms;
allow iddd diag_data_file:dir { getattr open read remove_name }; allow iddd diag_data_file:sock_file create_file_perms;
allow iddd diag_data_file:file { getattr rename unlink }; allow iddd firmware_file:dir search;
allow iddd diag_data_file:sock_file { create setattr };
allow iddd socket_device:sock_file write; allow iddd socket_device:sock_file write;
allow iddd diag_data_file:sock_file unlink;
allow iddd tad:unix_stream_socket connectto; allow iddd tad:unix_stream_socket connectto;
allow iddd tad_socket:sock_file write; allow iddd tad_socket:sock_file write;
allow iddd diag_data_file:dir { create rmdir };
allow iddd diag_data_file:sock_file write;
allow iddd firmware_file:dir search;
allow iddd secd_exec:file { getattr read };
allow idmap secd_exec:file { getattr read };
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment