Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
e
devices
android_device_sony_kitakami-common
Commits
973e9db1
Commit
973e9db1
authored
Nov 21, 2020
by
Bernhard Thoben
Browse files
kitakami-common: sepolicy: Labeled some more HALs and addressed them. General clean up.
Change-Id: I2bc5d3a4e90fcb4be3ae6374663be296368b3dfc
parent
e14474c4
Changes
101
Hide whitespace changes
Inline
Side-by-side
sepolicy/vendor/system_app.te
View file @
973e9db1
allow system_app time_data_file:dir search;
allow system_app timekeep_data_file:file { getattr open write };
allow system_app timekeep_prop:file { getattr open };
allow system_app timekeep_prop:property_service set;
allow system_app timekeep_prop:file read;
allow system_app sysfs_rtc:dir search;
allow system_app time_data_file:file { getattr open write };
allow system_app vendor_default_prop:property_service set;
allow system_app apex_service:service_manager find;
allow system_app proc_pagetypeinfo:file read;
allow system_app sysfs_rtc:dir search;
allow system_app sysfs_zram:dir search;
allow system_app system_suspend_control_service:service_manager find;
allow system_app time_data_file:dir search;
allow system_app time_data_file:file rw_file_perms;
allow system_app timekeep_data_file:file rw_file_perms;
allow system_app timekeep_prop:file r_file_perms;
allow system_app timekeep_prop:property_service set;
allow system_app vendor_default_prop:property_service set;
sepolicy/vendor/system_server.te
View file @
973e9db1
allow system_server default_android_service:service_manager find;
allow system_server exfat:dir rw_dir_perms;
allow system_server init:binder { call transfer };
allow system_server perfd:unix_stream_socket connectto;
allow system_server persist_file:dir rw_file_perms;
allow system_server ppd:unix_stream_socket connectto;
allow system_server pps_socket:sock_file write;
allow system_server self:capability sys_module;
allow system_server sensors_device:chr_file getattr;
allow system_server sensors_socket:sock_file write;
allow system_server sensors:unix_stream_socket connectto;
allow system_server socket_device:sock_file write;
allow system_server system_app_data_file:dir r_dir_perms;
allow system_server ta_data_file:dir search;
allow system_server ta_data_file:file r_file_perms;
allow system_server persist_file:dir rw_file_perms;
allow system_server perfd:unix_stream_socket connectto;
allow system_server socket_device:sock_file write;
allow system_server sensors:unix_stream_socket connectto;
allow system_server sensors_device:chr_file getattr;
allow system_server sensors_socket:sock_file write;
allow system_server unlabeled:file unlink;
allow system_server default_android_service:service_manager find;
allow system_server init:binder { call transfer };
allow system_server exfat:dir rw_dir_perms;
sepolicy/vendor/ta_qmi_service.te
View file @
973e9db1
...
...
@@ -13,12 +13,10 @@ allow ta_qmi_service self:capability { net_raw setgid setuid };
# Allow ta_qmi_service to create self:socket
allow ta_qmi_service self:socket create_socket_perms;
allow ta_qmi_service self:socket { create read write };
allowxperm ta_qmi_service self:socket ioctl msm_sock_ipc_ioctls;
allow ta_qmi_service self:capability2 block_suspend;
allow ta_qmi_service socket_device:sock_file write;
allow ta_qmi_service sysfs_wake_lock:file
{ append open }
;
allow ta_qmi_service sysfs_wake_lock:file
w_file_perms
;
allow ta_qmi_service tad:unix_stream_socket connectto;
allow ta_qmi_service tad_socket:sock_file write;
allow ta_qmi_service secd_exec:file { getattr read };
sepolicy/vendor/tad.te
View file @
973e9db1
...
...
@@ -9,6 +9,6 @@ init_daemon_domain(tad)
allow tad proc:file r_file_perms;
# Allow tad to work it's magic
allow tad trim_area_partition_device:blk_file { ioctl rw_file_perms };
allow tad block_device:dir search;
allow tad tmpfs:file rw_file_perms;
allow tad trim_area_partition_device:blk_file rw_file_perms;
sepolicy/vendor/taimport.te
View file @
973e9db1
...
...
@@ -5,11 +5,10 @@ type taimport_exec, exec_type, file_type;
# Started by init
init_daemon_domain(taimport)
allow taimport tad_socket:sock_file { write };
allow taimport ta_data_file:dir { read search write add_name create remove_name };
allow taimport ta_data_file:file { read write create getattr open unlink};
allow taimport init:unix_stream_socket connectto;
allow taimport self:capability { dac_override setgid };
allow taimport socket_device:sock_file write;
allow taimport system_data_file:dir { add_name remove_name write };
allow taimport init:unix_stream_socket connectto;
allow taimport secd_exec:file { getattr read };
allow taimport system_data_file:dir w_dir_perms;
allow taimport ta_data_file:dir create_dir_perms;
allow taimport ta_data_file:file create_file_perms;
allow taimport tad_socket:sock_file write;
sepolicy/vendor/tee.te
View file @
973e9db1
...
...
@@ -23,6 +23,5 @@ allow tee rpmb_device:blk_file rw_file_perms;
allow tee ssd_device:blk_file rw_file_perms;
allow tee system_data_file:dir r_dir_perms;
allow tee vfat:file { getattr open read };
allow tee vfat:dir search;
allow tee
secd_exec:file { getattr read }
;
allow tee
vfat:file r_file_perms
;
sepolicy/vendor/thermal-engine.te
View file @
973e9db1
allow thermal-engine ta_data_file:dir search;
allow thermal-engine ta_data_file:file r_file_perms;
allow thermal-engine diag_partition_device:dir search;
allow thermal-engine diag_data_file:dir search;
allow thermal-engine diag_data_file:sock_file write;
allow thermal-engine socket_device:sock_file { create setattr };
allow thermal-engine init:unix_dgram_socket sendto;
allow thermal-engine diag_partition_device:dir search;
allow thermal-engine iddd:unix_dgram_socket sendto;
allow thermal-engine secd_exec:file { getattr read };
allow thermal-engine init:unix_dgram_socket sendto;
allow thermal-engine socket_device:sock_file create_file_perms;
allow thermal-engine ta_data_file:dir search;
allow thermal-engine ta_data_file:file r_file_perms;
sepolicy/vendor/timekeep.te
View file @
973e9db1
...
...
@@ -17,9 +17,8 @@ allow timekeep self:capability {
dac_read_search
};
allow timekeep timekeep_data_file:file create_file_perms;
allow timekeep timekeep_data_file:dir
{
create_dir_perms
search }
;
allow timekeep time_data_file:dir
{
create_dir_perms
search }
;
allow timekeep time_data_file:file
{ write open getattr setattr }
;
allow timekeep sysfs:file
{read open }
;
allow timekeep timekeep_data_file:dir create_dir_perms;
allow timekeep time_data_file:dir create_dir_perms;
allow timekeep time_data_file:file
create_file_perms
;
allow timekeep sysfs:file
r_file_perms
;
allow timekeep sysfs_rtc:dir search;
allow timekeep secd_exec:file { getattr read };
sepolicy/vendor/tombstoned.te
deleted
100644 → 0
View file @
e14474c4
allow tombstoned secd_exec:file { getattr read };
sepolicy/vendor/toolbox.te
View file @
973e9db1
allow toolbox diag_data_file:dir { getattr open read remove_name rmdir write };
allow toolbox diag_data_file:dir create_dir_perms;
allow toolbox firmware_file:dir create_dir_perms;
allow toolbox self:capability dac_override;
allow toolbox diag_data_file:dir search;
allow toolbox firmware_file:dir { open read rmdir write };
allow toolbox firmware_file:dir search;
allow toolbox secd_exec:file { getattr read };
sepolicy/vendor/tzdatacheck.te
deleted
100644 → 0
View file @
e14474c4
allow tzdatacheck secd_exec:file { getattr read };
sepolicy/vendor/ueventd.te
View file @
973e9db1
...
...
@@ -2,8 +2,7 @@
r_dir_file(ueventd, firmware_file)
allow ueventd device:file relabelfrom;
allow ueventd sysfs_camera_torch:file { open write };
allow ueventd vfat:dir search;
allow ueventd vfat:file { getattr open read };
allow ueventd self:capability sys_nice;
allow ueventd secd_exec:file { getattr read };
allow ueventd sysfs_camera_torch:file rw_file_perms;
allow ueventd vfat:dir search;
allow ueventd vfat:file r_file_perms;
sepolicy/vendor/updatemiscta.te
View file @
973e9db1
...
...
@@ -9,6 +9,5 @@ unix_socket_connect(taimport, tad, tad)
allow updatemiscta socket_device:sock_file write;
allow updatemiscta tad:unix_stream_socket connectto;
allow updatemiscta ta_prop:file { getattr open read };
allow updatemiscta tad_socket:sock_file write;
allow updatemiscta
secd_exec:file { getattr read }
;
allow updatemiscta
ta_prop:file r_file_perms
;
sepolicy/vendor/usbd.te
deleted
100644 → 0
View file @
e14474c4
allow usbd secd_exec:file { getattr read };
sepolicy/vendor/vdc.te
deleted
100644 → 0
View file @
e14474c4
allow vdc secd_exec:file { getattr read };
sepolicy/vendor/vendor_init.te
deleted
100644 → 0
View file @
e14474c4
allow vendor_init secd_exec:file { getattr read };
sepolicy/vendor/vndservicemanager.te
deleted
100644 → 0
View file @
e14474c4
allow vndservicemanager secd_exec:file { getattr read };
sepolicy/vendor/vold.te
View file @
973e9db1
allow vold diag_data_file:dir
{ read open ioctl }
;
allow vold diag_data_file:dir
r_dir_perms
;
allow vold firmware_file:dir search;
allow vold firmware_file:file { getattr open read };
allow vold secd_exec:file { getattr read };
allow vold tee_prop:file { r_file_perms };
allow vold firmware_file:file r_file_perms;
allow vold tee_prop:file r_file_perms;
sepolicy/vendor/vold_prepare_subdirs.te
deleted
100644 → 0
View file @
e14474c4
allow vold_prepare_subdirs secd_exec:file { getattr read };
sepolicy/vendor/wificond.te
deleted
100644 → 0
View file @
e14474c4
allow wificond secd_exec:file { getattr read };
Prev
1
2
3
4
5
6
Next
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment