From ee2157a8e796f8202a5df40e652fcb29858a010b Mon Sep 17 00:00:00 2001 From: Jackeagle Date: Fri, 14 Jul 2023 03:35:56 -0400 Subject: [PATCH] GS290: Update sepolicy for Android 12 Change-Id: Ic467c3483226032a21583a6aea3851e96d8463d1 Signed-off-by: Jackeagle --- sepolicy/vendor/cameraserver.te | 4 +--- sepolicy/vendor/file.te | 2 +- sepolicy/vendor/genfs_contexts | 1 + sepolicy/vendor/hal_fingerprint_default.te | 4 ++-- sepolicy/vendor/hal_wifi_default.te | 2 +- sepolicy/vendor/mediacodec.te | 2 +- sepolicy/vendor/mtk_hal_audio.te | 2 +- sepolicy/vendor/mtk_hal_camera.te | 1 - sepolicy/vendor/property.te | 1 + sepolicy/vendor/property_contexts | 3 +++ sepolicy/vendor/radio.te | 2 +- sepolicy/vendor/rild.te | 2 +- sepolicy/vendor/system_app.te | 1 + sepolicy/vendor/thermal.te | 2 +- 14 files changed, 16 insertions(+), 13 deletions(-) delete mode 100644 sepolicy/vendor/mtk_hal_camera.te create mode 100644 sepolicy/vendor/property.te create mode 100644 sepolicy/vendor/property_contexts diff --git a/sepolicy/vendor/cameraserver.te b/sepolicy/vendor/cameraserver.te index 688515b..29816e3 100644 --- a/sepolicy/vendor/cameraserver.te +++ b/sepolicy/vendor/cameraserver.te @@ -1,9 +1,7 @@ allow cameraserver init:unix_stream_socket connectto; allow cameraserver property_socket:sock_file write; -# Prop policies -get_prop(cameraserver, mtk_camera_prop) +get_prop(cameraserver, vendor_mtk_camera_prop) get_prop(cameraserver, exported_default_prop) get_prop(cameraserver, vendor_audio_prop) -get_prop(cameraserver, vendor_default_prop) set_prop(cameraserver, system_prop) diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index fa6454a..96836f8 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -1,3 +1,3 @@ -type cmd_charge_disable, sysfs_type, fs_type, mlstrustedobject; type sysfs_light, fs_type, sysfs_type, mlstrustedobject; type sysfs_graphics, sysfs_type, fs_type, mlstrustedobject; +type cmd_charge_disable, sysfs_type, fs_type, mlstrustedobject; diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index ff862e4..c40f58a 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -1 +1,2 @@ +# label for charge disabler genfscon sysfs /devices/platform/charger/cmd_charge_disable u:object_r:cmd_charge_disable:s0 diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te index 33ffeb5..cf56e55 100644 --- a/sepolicy/vendor/hal_fingerprint_default.te +++ b/sepolicy/vendor/hal_fingerprint_default.te @@ -1,9 +1,9 @@ add_service(hal_fingerprint_default, hal_fingerprint_vndservice); vndbinder_use(hal_fingerprint_default); +allow hal_fingerprint_default self:netlink_kobject_uevent_socket { bind create read setopt }; allow hal_fingerprint_default fp_device:chr_file rw_file_perms; +allow hal_fingerprint_default tee_device:chr_file rw_file_perms; allow hal_fingerprint_default input_device:dir r_dir_perms; allow hal_fingerprint_default input_device:chr_file rw_file_perms; -allow hal_fingerprint_default self:netlink_kobject_uevent_socket { bind create read setopt }; -allow hal_fingerprint_default tee_device:chr_file rw_file_perms; allow hal_fingerprint_default uhid_device:chr_file rw_file_perms; diff --git a/sepolicy/vendor/hal_wifi_default.te b/sepolicy/vendor/hal_wifi_default.te index 28b1c99..bf6aab9 100644 --- a/sepolicy/vendor/hal_wifi_default.te +++ b/sepolicy/vendor/hal_wifi_default.te @@ -1 +1 @@ -set_prop(hal_wifi_default, wlan_fw_prop) +set_prop(hal_wifi_default, vendor_wlan_fw_prop) diff --git a/sepolicy/vendor/mediacodec.te b/sepolicy/vendor/mediacodec.te index e55b769..c1f26bc 100644 --- a/sepolicy/vendor/mediacodec.te +++ b/sepolicy/vendor/mediacodec.te @@ -1 +1 @@ -get_prop(mediacodec, mtk_vdec_log_prop) +get_prop(mediacodec, vendor_mtk_vdec_log_prop) diff --git a/sepolicy/vendor/mtk_hal_audio.te b/sepolicy/vendor/mtk_hal_audio.te index 21604b9..e337e5b 100644 --- a/sepolicy/vendor/mtk_hal_audio.te +++ b/sepolicy/vendor/mtk_hal_audio.te @@ -1 +1 @@ -get_prop(mtk_hal_audio, service_nvram_init_prop) +get_prop(mtk_hal_audio, vendor_mtk_service_nvram_init_prop) diff --git a/sepolicy/vendor/mtk_hal_camera.te b/sepolicy/vendor/mtk_hal_camera.te deleted file mode 100644 index 0556d91..0000000 --- a/sepolicy/vendor/mtk_hal_camera.te +++ /dev/null @@ -1 +0,0 @@ -allow mtk_hal_camera vendor_debug_prop:property_service set; diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te new file mode 100644 index 0000000..35794ca --- /dev/null +++ b/sepolicy/vendor/property.te @@ -0,0 +1 @@ +system_public_prop(vendor_fm_prop) diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts new file mode 100644 index 0000000..e0359ad --- /dev/null +++ b/sepolicy/vendor/property_contexts @@ -0,0 +1,3 @@ +persist.vendor.connsys.fm_chipid u:object_r:vendor_fm_prop:s0 +persist.vendor.connsys.fm_50khz_support u:object_r:vendor_fm_prop:s0 +persist.vendor.connsys.fm_short_antenna_support u:object_r:vendor_fm_prop:s0 diff --git a/sepolicy/vendor/radio.te b/sepolicy/vendor/radio.te index 3580a9b..8e7e8de 100644 --- a/sepolicy/vendor/radio.te +++ b/sepolicy/vendor/radio.te @@ -1 +1 @@ -get_prop(radio, mtk_default_prop) +get_prop(radio, vendor_mtk_default_prop) diff --git a/sepolicy/vendor/rild.te b/sepolicy/vendor/rild.te index 8e6e772..8d337e5 100644 --- a/sepolicy/vendor/rild.te +++ b/sepolicy/vendor/rild.te @@ -1 +1 @@ -get_prop(rild, mtk_simswitch_emmode_prop) +get_prop(rild, vendor_mtk_simswitch_emmode_prop) diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te index cb648ba..5b89b1b 100644 --- a/sepolicy/vendor/system_app.te +++ b/sepolicy/vendor/system_app.te @@ -1,2 +1,3 @@ allow system_app sysfs_zram:dir search; allow system_app sysfs_zram:file r_file_perms; +get_prop(system_app, vendor_fm_prop) diff --git a/sepolicy/vendor/thermal.te b/sepolicy/vendor/thermal.te index 7c3770e..20def67 100644 --- a/sepolicy/vendor/thermal.te +++ b/sepolicy/vendor/thermal.te @@ -1 +1 @@ -get_prop(thermal, tel_switch_prop) +get_prop(thermal, vendor_mtk_tel_switch_prop) -- GitLab