Evolution-x-devices/device_xiaomi_sapphire
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_xiaomi_sapphire synced 2026-01-27 14:25:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

sm6225-common : Move to xiaomi common sepolicy rules

Browse Source
This commit is contained in:
itsnouralawad
2024-06-19 10:37:25 +03:00
parent ac19e710c3
commit 02982d2879
53 changed files with 42 additions and 669 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
BoardConfigCommon.mk
View File

@@ -174,8 +174,8 @@ VENDOR_SECURITY_PATCH := $(BOOT_SECURITY_PATCH)
# Sepolicy
include device/qcom/sepolicy_vndr/sm6225/SEPolicy.mk
include device/xiaomi/sepolicy/SEPolicy.mk
SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/private
SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/public
BOARD_VENDOR_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor
# Verified Boot

16
sepolicy/private/property_contexts
View File

@@ -1,27 +1,13 @@
# Camera
ro.camera. u:object_r:exported_default_prop:s0
# Fingerprint
gf.debug. u:object_r:vendor_fp_prop:s0
sys.fp.miui.token u:object_r:exported_system_prop:s0
# GLobal
ro.boot.hwc u:object_r:exported_default_prop:s0
ro.boot.hwname u:object_r:exported_default_prop:s0
ro.boot.hwversion u:object_r:exported_default_prop:s0
ro.build.flavor u:object_r:build_prop:s0
# Hardware
ro.hardware.chipname u:object_r:exported_default_prop:s0
# MIUI
ro.cust.test u:object_r:exported_system_prop:s0
ro.miui. u:object_r:exported_system_prop:s0
ro.fota.oem u:object_r:exported_system_prop:s0
ro.product.mod_device u:object_r:build_prop:s0
ro.product.marketname u:object_r:build_prop:s0
# WiFi
ro.wlan.bdf u:object_r:vendor_public_vendor_default_prop:s0
ro.wlan.chip u:object_r:vendor_public_vendor_default_prop:s0
ro.ril.oem.wifimac u:object_r:vendor_wifimac_prop:s0
ro.wlan.chip u:object_r:vendor_public_vendor_default_prop:s0

4
sepolicy/public/attributes
View File

@@ -1,4 +0,0 @@
# Touchfeature
attribute hal_touchfeature_xiaomi;
attribute hal_touchfeature_xiaomi_client;
attribute hal_touchfeature_xiaomi_server;

2
sepolicy/public/device.te
View File

@@ -1,2 +0,0 @@
# Touchfeature
type touchfeature_device, dev_type;

3
sepolicy/public/hal_touchfeature_xiaomi.te
View File

@@ -1,3 +0,0 @@
type hal_touchfeature_xiaomi_default, domain;
type hal_touchfeature_xiaomi_default_exec, exec_type, file_type, vendor_file_type;
type hal_touchfeature_xiaomi_hwservice, hwservice_manager_type;

9
sepolicy/vendor/attributes vendored
View File

@@ -1,9 +0,0 @@
# Mlipay
attribute hal_mlipay;
attribute hal_mlipay_client;
attribute hal_mlipay_server;
# Dolby
attribute hal_dms;
attribute hal_dms_client;
attribute hal_dms_server;

2
sepolicy/vendor/audioadsprpcd.te vendored
View File

@@ -1,2 +0,0 @@
allow vendor_audioadsprpcd vendor_audio_data_file:dir search;
allow vendor_audioadsprpcd vendor_audio_data_file:file { append create getattr open read setattr write };

8
sepolicy/vendor/audioserver.te vendored
View File

@@ -1,8 +0,0 @@
allow audioserver system_server:dir search;
allow audioserver mediaserver:dir search;
allow audioserver mediaserver:file { open read };
allow audioserver system_app:dir search;
allow audioserver hal_audio_default:process signal;
allow audioserver sound_device:chr_file rw_file_perms;
get_prop(audioserver, bootanim_system_prop)
set_prop(audioserver, audio_prop)

35
sepolicy/vendor/batterysecret.te vendored
View File

@@ -1,35 +0,0 @@
allow batterysecret rootfs:dir write;
allow batterysecret self:capability sys_tty_config;
allow batterysecret self:capability sys_boot;
allow batterysecret self:capability { chown fsetid };
allow batterysecret self:netlink_kobject_uevent_socket { bind create read setopt };
allow batterysecret self:capability2 block_suspend;
allow batterysecret self:cap2_userns block_suspend;
allow batterysecret sysfs_wake_lock:file rw_file_perms;
allow batterysecret vendor_sysfs_battery_supply:file rw_file_perms;
allow batterysecret vendor_sysfs_battery_supply:dir r_dir_perms;
allow batterysecret vendor_sysfs_qcom_battery:file rw_file_perms;
allow batterysecret vendor_sysfs_qcom_battery:file write;
allow batterysecret vendor_sysfs_qcom_battery:file { open read write };
allow batterysecret vendor_sysfs_qcom_battery:dir r_dir_perms;
allow batterysecret system_suspend_server:binder { call transfer };
allow batterysecret system_suspend_server:fd *;
allow batterysecret system_suspend_hwservice:hwservice_manager find;
allow batterysecret hidl_manager_hwservice:hwservice_manager find;
allow batterysecret sysfs:file write;
allow batterysecret sysfs_usb:file w_file_perms;
allow batterysecret vendor_sysfs_usb_supply:file write;
allow batterysecret sysfs_batteryinfo:file r_file_perms;
allow batterysecret kmsg_device:chr_file rw_file_perms;
allow batterysecret mnt_vendor_file:dir rw_dir_perms;
init_daemon_domain(batterysecret)
r_dir_file(batterysecret, sysfs_type)
r_dir_file(batterysecret, rootfs)
r_dir_file(batterysecret, cgroup)
r_dir_file(batterysecret, vendor_sysfs_usb_supply)
get_prop(batterysecret, hwservicemanager_prop)
get_prop(batterysecret, vendor_default_prop)
set_prop(batterysecret, vendor_system_prop)
hwbinder_use(batterysecret)
type batterysecret, domain;
type batterysecret_exec, exec_type, vendor_file_type, file_type;

1
sepolicy/vendor/charger.te vendored
View File

@@ -1 +0,0 @@
allow charger vendor_sysfs_graphics:file rw_file_perms;

1
sepolicy/vendor/charger_vendor.te vendored
View File

@@ -1 +0,0 @@
allow charger_vendor vendor_sysfs_graphics:file rw_file_perms;

6
sepolicy/vendor/device.te vendored
View File

@@ -1,4 +1,2 @@
type vendor_displayfeature_device, dev_type;
type sound_device, dev_type, mlstrustedobject;
type fingerprint_device, dev_type;
type lirc_device, dev_type;
# Fingerprint
type vendor_fingerprint_device, dev_type;

30
sepolicy/vendor/file.te vendored
View File

@@ -1,35 +1,9 @@
# Audio
type audio_socket, file_type;
# Battery
type vendor_sysfs_qcom_battery, fs_type, sysfs_type;
# Camera
type camera_persist_file, file_type, mlstrustedobject, vendor_persist_type;
# Display
type vendor_sysfs_displayfeature, fs_type, sysfs_type;
# Fingerprint
type goodix_fingerprint_data_file, data_file_type, file_type, core_data_file_type;
type vendor_fingerprint_data_file, data_file_type, file_type, vendor_persist_type;
type vendor_fingerprint_data_file_fpdump, data_file_type, file_type;
type sysfs_msm_subsys, fs_type, sysfs_type;
type sysfs_tp_fodstatus, fs_type, sysfs_type;
# Mac Address
type vendor_mac_vendor_data_file, data_file_type, file_type, mlstrustedobject;
# last_kmsg
type proc_last_kmsg, fs_type, proc_type;
# Thermal
type thermal_data_file, data_file_type, file_type;
# Touchfeature
type proc_tp_file, fs_type, proc_type;
type proc_tp_lockdown, fs_type, proc_type;
type sysfs_touch_hostprocess, fs_type, sysfs_type;
type sysfs_touch_suspend, fs_type, sysfs_type;
type sysfs_tp_fodstatus, fs_type, sysfs_type;
type sysfs_tp_virtual_prox, fs_type, sysfs_type;
type vendor_data_touchreport_file, data_file_type, file_type;
type touchreport_data_file, data_file_type, file_type;

78
sepolicy/vendor/file_contexts vendored
View File

@@ -1,39 +1,22 @@
# Audio
/dev/socket/audio_hw_socket u:object_r:audio_socket:s0
# Battery
/(vendor|system/vendor)/bin/batterysecret u:object_r:batterysecret_exec:s0
# Camera
/mnt/vendor/persist/camera(/.*)? u:object_r:camera_persist_file:s0
/(vendor|system/vendor)/lib(64)?/libipebpsstriping\.so u:object_r:same_process_hal_file:s0
# Display
/(vendor|system/vendor)/bin/displayfeature u:object_r:vendor_displayfeature_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.xiaomi\.hardware\.displayfeature@1\.0-service u:object_r:vendor_hal_displayfeature_xiaomi_default_exec:s0
/dev/mi_display/disp_feature u:object_r:vendor_displayfeature_device:s0
/sys/devices/virtual/mi_display/disp_feature/disp-DSI-+[0-1](/.*)? u:object_r:vendor_sysfs_displayfeature:s0
# Dolby
/data/vendor/dolby(/.*)? u:object_r:vendor_data_file:s0
/vendor/bin/hw/vendor\.dolby\.hardware\.dms@2\.0-service u:object_r:hal_dms_default_exec:s0
/vendor/bin/hw/vendor\.dolby\.media\.c2@1\.0-service u:object_r:mediacodec_exec:s0
# Fingerprint data
/data/gf_data(/.*)? u:object_r:goodix_fingerprint_data_file:s0
/data/vendor/goodix/gf_data(/.*)? u:object_r:vendor_fingerprint_data_file:s0
/data/vendor/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0
/data/vendor/fpc(/.*)? u:object_r:vendor_fingerprint_data_file:s0
/data/vendor/fpdump(/.*)? u:object_r:vendor_fingerprint_data_file:s0
/mnt/vendor/persist/fpc(/.*)? u:object_r:vendor_fingerprint_data_file:s0
/mnt/vendor/persist/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0
/data/gf_data(/.*)? u:object_r:goodix_fingerprint_data_file:s0
/data/vendor/goodix/gf_data(/.*)? u:object_r:vendor_fingerprint_data_file:s0
/data/vendor/fpc(/.*)? u:object_r:vendor_fingerprint_data_file:s0
/data/vendor/fpdump(/.*)? u:object_r:vendor_fingerprint_data_file_fpdump:s0
/data/vendor/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0
/mnt/vendor/persist/fpc(/.*)? u:object_r:vendor_fingerprint_data_file:s0
/mnt/vendor/persist/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0
/sys/devices/platform/soc/soc:fpc1020(/.*?) u:object_r:vendor_sysfs_fps_attr:s0
# Fingerprint devices
/dev/goodix_fp u:object_r:fingerprint_device:s0
# Fingerprint devices
/dev/goodix_fp u:object_r:vendor_fingerprint_device:s0
/dev/xiaomi-fp u:object_r:vendor_fingerprint_device:s0
# Fingerprint HAL
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.xiaomi u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.xiaomi u:object_r:hal_fingerprint_default_exec:s0
# Fix Goodix events
/vendor/bin/init.goodix.events.sh u:object_r:vendor_goodix_events_exec:s0
@@ -41,9 +24,6 @@
# Health
/vendor/bin/hw/android\.hardware\.health-service\.xiaomi u:object_r:hal_health_default_exec:s0
# IR
/dev/spidev0.1 u:object_r:lirc_device:s0
# Mac Address
/data/vendor/mac_addr(/.*)? u:object_r:vendor_mac_vendor_data_file:s0
/vendor/bin/nv_mac u:object_r:vendor_wcnss_service_exec:s0
@@ -61,38 +41,4 @@
# Sensors
/vendor/bin/hw/android\.hardware\.sensors@2.1-service\.xiaomi-multihal u:object_r:hal_sensors_default_exec:s0
# Thermal
/(vendor|system/vendor)/bin/mi_thermald u:object_r:mi_thermald_exec:s0
/data/vendor/thermal(/.*)? u:object_r:thermal_data_file:s0
# Touchfeature
/data/vendor/touch(/.*)? u:object_r:vendor_data_touchreport_file:s0
/dev/xiaomi-touch u:object_r:touchfeature_device:s0
/sys/devices/virtual/touch/touch_dev/abnormal_event u:object_r:sysfs_touch_hostprocess:s0
/sys/devices/virtual/touch/touch_dev/clicktouch_raw u:object_r:sysfs_touch_hostprocess:s0
/sys/devices/virtual/touch/touch_dev/ear_sensor u:object_r:sysfs_tp_virtual_prox:s0
/sys/devices/virtual/touch/touch_dev/ear_sensor_data u:object_r:sysfs_tp_virtual_prox:s0
/sys/devices/virtual/touch/touch_dev/enable_touch_delta u:object_r:sysfs_touch_hostprocess:s0
/sys/devices/virtual/touch/touch_dev/enable_touch_raw u:object_r:sysfs_touch_hostprocess:s0
/sys/devices/virtual/touch/touch_dev/force_calibration u:object_r:sysfs_touch_hostprocess:s0
/sys/devices/virtual/touch/touch_dev/hold_sensor u:object_r:sysfs_tp_virtual_prox:s0
/sys/devices/virtual/touch/touch_dev/palm_sensor u:object_r:sysfs_tp_virtual_prox:s0
/sys/devices/virtual/touch/touch_dev/rx_num u:object_r:sysfs_touch_hostprocess:s0
/sys/devices/virtual/touch/touch_dev/suspend_state u:object_r:sysfs_touch_suspend:s0
/sys/devices/virtual/touch/touch_dev/touch_doze_analysis u:object_r:sysfs_touch_hostprocess:s0
/sys/devices/virtual/touch/touch_dev/touch_ic_buffer u:object_r:sysfs_touch_hostprocess:s0
/sys/devices/virtual/touch/touch_dev/touch_sensor u:object_r:sysfs_touch_hostprocess:s0
/sys/devices/virtual/touch/touch_dev/touch_sensor_ctrl u:object_r:sysfs_touch_hostprocess:s0
/sys/devices/virtual/touch/touch_dev/touch_thp_(.*) u:object_r:sysfs_touch_hostprocess:s0
/sys/devices/virtual/touch/touch_dev/tx_num u:object_r:sysfs_touch_hostprocess:s0
/sys/devices/virtual/touch/touch_dev/update_rawdata u:object_r:sysfs_touch_hostprocess:s0
/sys/devices/virtual/touch/tp_dev/fod_status u:object_r:sysfs_tp_fodstatus:s0
/(vendor|odm)/etc/init.panel_info.sh u:object_r:vendor_touch_init_shell_exec:s0
/(vendor|system/vendor|odm|vendor/odm)/bin/ear_sensor u:object_r:touchreport_exec:s0
/(vendor|system/vendor|odm|vendor/odm)/bin/touch_delta u:object_r:touchreport_exec:s0
/(vendor|system/vendor|odm|vendor/odm)/bin/touch_raw u:object_r:touchreport_exec:s0
/(vendor|system/vendor|odm|vendor/odm)/bin/touch_report u:object_r:touchreport_exec:s0
/(vendor|system/vendor|odm|vendor/odm)/bin/toucheventcheck u:object_r:tpevent_exec:s0
/(vendor|system/vendor|odm|vendor/odm)/bin/touchsensor u:object_r:touchreport_exec:s0
/(vendor|system/vendor|odm|vendor/odm)/bin/hw/vendor\.xiaomi\.hw\.touchfeature@1\.0-service u:object_r:hal_touchfeature_xiaomi_default_exec:s0
/sys/devices/platform/soc/soc:qcom,dsi-display-primary/mi_display/disp-DSI-0/dynamic_fps u:object_r:vendor_sysfs_graphics:s0

49
sepolicy/vendor/genfs_contexts vendored
View File

@@ -16,6 +16,8 @@ genfscon sysfs /devices/platform/soc/soc:spf_core_platform/soc:spf_core_platform
genfscon sysfs /devices/platform/soc/soc:rt-pd-manager/extcon u:object_r:sysfs_extcon:s0
# Fingerprint
genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc u:object_r:vendor_sysfs_fingerprint:s0
genfscon sysfs /devices/virtual/touch/touch_dev/fod_press_status u:object_r:sysfs_tp_fodstatus:s0
genfscon sysfs /devices/platform/soc/soc:fpc1020/device_prepare u:object_r:vendor_sysfs_fingerprint:s0
genfscon sysfs /devices/platform/soc/soc:fpc1020/fingerdown_wait u:object_r:vendor_sysfs_fingerprint:s0
genfscon sysfs /devices/platform/soc/soc:fpc1020/irq u:object_r:vendor_sysfs_fingerprint:s0
@@ -32,57 +34,10 @@ genfscon sysfs /devices/platform/soc/soc:fingerprint_goodix/wakeup u
genfscon sysfs /devices/platform/soc/soc:goodix_fp/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/4ac0000.qcom,qupv3_0_geni_se/4a84000.i2c/i2c-0/0-006a/power_supply/bbc/wakeup18 u:object_r:sysfs_wakeup:s0
# last_kmsg
genfscon proc /last_kmsg u:object_r:proc_last_kmsg:s0
# Suspend
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,pm6125_rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup8 u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,pm6125_rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup8/event_count u:object_r:sysfs_wakeup:s0
# Touchfeature
genfscon proc "/tp_hal_version" u:object_r:proc_tp_file:s0
genfscon proc "/tp_lockdown_info" u:object_r:proc_tp_lockdown:s0
genfscon proc "/tp_lockdown_info_pri" u:object_r:proc_tp_lockdown:s0
genfscon proc "/tp_lockdown_info_sec" u:object_r:proc_tp_lockdown:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/abnormal_event" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/clicktouch_raw" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/ear_sensor" u:object_r:sysfs_tp_virtual_prox:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/ear_sensor_data" u:object_r:sysfs_tp_virtual_prox:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/enable_touch_delta" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/enable_touch_raw" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/fod_press_status" u:object_r:sysfs_tp_fodstatus:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/hold_sensor" u:object_r:sysfs_tp_virtual_prox:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/palm_sensor" u:object_r:sysfs_tp_virtual_prox:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/palm_sensor_data" u:object_r:sysfs_tp_virtual_prox:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/suspend_state" u:object_r:sysfs_touch_suspend:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_active_status" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_doze_analysis" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_finger_status" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_ic_buffer" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_irq_no" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_sensor_ctrl" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_breakline_mode" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_breakline_result" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_cmd" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_cmd_ready" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_downthd" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_dump" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_dump_data" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_islandthd" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_mem_notify" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_movethd" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_noisefilter" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_preset_point" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_rx_num" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_smooth" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_testmode" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_testresult" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_tx_num" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_upthd" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_x_resolution" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_y_resolution" u:object_r:sysfs_touch_hostprocess:s0
genfscon sysfs "/devices/virtual/touch/touch_dev/update_rawdata" u:object_r:sysfs_touch_hostprocess:s0
# Vibrator
genfscon sysfs /devices/platform/soc/[a-f0-9]+.qcom,spmi/spmi-0/spmi0-0[0-9]/[a-f0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,haptics@c000/leds/vibrator(/.*)? u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/soc/soc:vibrator_gpio/leds/vibrator u:object_r:sysfs_leds:s0

18
sepolicy/vendor/hal_audio_default.te vendored
View File

@@ -1,18 +0,0 @@
allow hal_audio_default vendor_persist_audio_file:file rw_file_perms;
allow hal_audio_default mnt_vendor_file:dir r_dir_perms;
allow hal_audio_default vendor_audio_prop:property_service set;
allow hal_audio_default audio_socket:sock_file rw_file_perms;
allow hal_audio_default sound_device:chr_file rw_file_perms;
allow hal_audio_default sysfs:file rw_file_perms;
allow hal_audio_default dmabuf_system_heap_device:chr_file { read open ioctl };
allow hal_audio_default debugfs:dir { open read };
allow hal_audio_default vendor_agm_device:chr_file { read write open ioctl };
allow hal_audio_default vendor_pd_locater_dbg_prop:file { map };
get_prop(hal_audio_default, vendor_pd_locater_dbg_prop)
unix_socket_connect(hal_audio_default, property, init)
unix_socket_connect(hal_audio_default, property, hal_sensors_default)
set_prop(hal_audio_default, vendor_audio_prop)
# Allow hal_audio_default to find and call hal_dms_default
allow hal_audio_default hal_dms_hwservice:hwservice_manager find;
binder_call(hal_audio_default, hal_dms_default)

9
sepolicy/vendor/hal_camera_default.te vendored
View File

@@ -1,9 +0,0 @@
allow hal_camera_default mnt_vendor_file:dir search;
allow hal_camera_default camera_persist_file:dir search;
allow hal_camera_default vendor_persist_sensors_file:dir search;
dontaudit hal_camera graphics_device:dir search;
dontaudit hal_camera_default default_prop:file read;
r_dir_file(hal_camera_default, mnt_vendor_file)
r_dir_file(hal_camera_default, camera_persist_file)
r_dir_file(hal_camera_default, vendor_persist_sensors_file)
set_prop(hal_camera_default, vendor_camera_sensor_prop)

1
sepolicy/vendor/hal_display_config.te vendored
View File

@@ -1 +0,0 @@
allow vendor_hal_display_config_hwservice vendor_hal_displayfeature_xiaomi_default:binder transfer;

69
sepolicy/vendor/hal_displayfeature_xiaomi.te vendored
View File

@@ -1,69 +0,0 @@
type vendor_hal_displayfeature_xiaomi_default, domain;
type vendor_hal_displayfeature_xiaomi_default_exec, exec_type, file_type, vendor_file_type;
type vendor_hal_displayfeature_xiaomi_hwservice, hwservice_manager_type;
type vendor_mistcdisplay_service, vndservice_manager_type;
type vendor_displayfeature, domain;
type vendor_displayfeature_exec, exec_type, file_type, vendor_file_type;
type vendor_DisplayFeatureControl_service, vndservice_manager_type;
allow vendor_hal_displayfeature_xiaomi vendor_sysfs_graphics:file rw_file_perms;
allow vendor_hal_displayfeature_xiaomi vendor_qdisplay_service:service_manager find;
allow vendor_hal_displayfeature_xiaomi hal_graphics_composer:binder { call transfer };
allow vendor_hal_displayfeature_xiaomi hal_graphics_composer:fd *;
allow vendor_hal_displayfeature_xiaomi graphics_device:chr_file rw_file_perms;
allow vendor_hal_displayfeature_xiaomi graphics_device:dir r_dir_perms;
allow vendor_hal_displayfeature_xiaomi_default sysfs:file { getattr open read write };
allow vendor_hal_displayfeature_xiaomi_default sensors_device:chr_file r_file_perms;
allow vendor_hal_displayfeature_xiaomi_default fwk_sensor_hwservice:hwservice_manager find;
allow vendor_hal_displayfeature_xiaomi_default system_server:binder { call transfer };
allow vendor_hal_displayfeature_xiaomi_default vendor_hal_display_config_hwservice:hwservice_manager find;
allow vendor_hal_displayfeature_xiaomi_default vendor_hal_display_config_hwservice:binder { call transfer };
allow vendor_hal_displayfeature_xiaomi_default vendor_hal_display_config_hwservice:fd *;
allow vendor_hal_displayfeature_xiaomi_default vendor_display_vendor_data_file:dir create_dir_perms;
allow vendor_hal_displayfeature_xiaomi_default vendor_display_vendor_data_file:file create_file_perms;
allow vendor_hal_displayfeature_xiaomi_default vendor_displayfeature_device:chr_file { ioctl open read write };
allow vendor_hal_displayfeature_xiaomi_default vendor_sysfs_displayfeature:dir r_dir_perms;
allow vendor_hal_displayfeature_xiaomi_default vendor_sysfs_displayfeature:file rw_file_perms;
allow vendor_hal_displayfeature_xiaomi_default vendor_mistcdisplay_service:service_manager find;
allow vendor_hal_displayfeature_xiaomi_default system_app:binder { call transfer };
allow vendor_hal_displayfeature_xiaomi_default system_app:fd *;
allow vendor_hal_displayfeature_xiaomi_default surfaceflinger:binder call;
allow vendor_hal_displayfeature_xiaomi_client vendor_hal_displayfeature_xiaomi_server:binder { call transfer };
allow vendor_hal_displayfeature_xiaomi_client vendor_hal_displayfeature_xiaomi_server:fd *;
allow vendor_hal_displayfeature_xiaomi_client vendor_hal_displayfeature_xiaomi_hwservice:hwservice_manager find;
allow vendor_hal_displayfeature_xiaomi_server vendor_hal_displayfeature_xiaomi_client:binder transfer;
attribute vendor_hal_displayfeature_xiaomi;
attribute vendor_hal_displayfeature_xiaomi_client;
attribute vendor_hal_displayfeature_xiaomi_server;
init_daemon_domain(vendor_hal_displayfeature_xiaomi_default)
r_dir_file(vendor_hal_displayfeature_xiaomi, vendor_sysfs_graphics)
unix_socket_connect(vendor_hal_displayfeature_xiaomi_default, property, vendor_sensors)
get_prop(vendor_hal_displayfeature_xiaomi_default, vendor_mpctl_prop)
set_prop(vendor_hal_displayfeature_xiaomi_default, vendor_displayfeature_prop)
vndbinder_use(vendor_hal_displayfeature_xiaomi)
hal_server_domain(vendor_hal_displayfeature_xiaomi_default, vendor_hal_displayfeature_xiaomi)
hal_client_domain(vendor_hal_displayfeature_xiaomi_default, vendor_hal_display_color)
hal_client_domain(vendor_hal_displayfeature_xiaomi_default, vendor_hal_display_postproc)
add_hwservice(vendor_hal_displayfeature_xiaomi_server, vendor_hal_displayfeature_xiaomi_hwservice)
allow vendor_displayfeature system_server:binder transfer;
allow vendor_displayfeature system_server:binder { call transfer };
allow vendor_displayfeature system_server:fd *;
allow vendor_displayfeature appdomain:binder { call transfer };
allow vendor_displayfeature appdomain:fd *;
allow vendor_displayfeature sysfs:file { getattr open read write };
allow vendor_displayfeature vendor_file:file r_file_perms;
allow vendor_displayfeature graphics_device:dir r_dir_perms;
allow vendor_displayfeature graphics_device:chr_file rw_file_perms;
init_daemon_domain(vendor_displayfeature)
get_prop(vendor_displayfeature, hwservicemanager_prop)
get_prop(vendor_displayfeature, vendor_displayfeature_prop)
hwbinder_use(vendor_displayfeature)
vndbinder_use(vendor_displayfeature)
hal_client_domain(vendor_displayfeature, hal_graphics_composer)
hal_client_domain(vendor_displayfeature, hal_light)
hal_client_domain(vendor_displayfeature, vendor_hal_display_color)
hal_client_domain(vendor_displayfeature, vendor_hal_display_postproc)
hal_client_domain(vendor_displayfeature, vendor_hal_displayfeature_xiaomi)
add_service(vendor_displayfeature, vendor_DisplayFeatureControl_service)

6
sepolicy/vendor/hal_dms.te vendored
View File

@@ -1,6 +0,0 @@
# HwBinder IPC from client to server, and callbacks
binder_call(hal_dms_client, hal_dms_server)
binder_call(hal_dms_server, hal_dms_client)
add_hwservice(hal_dms_server, hal_dms_hwservice)
allow hal_dms_client hal_dms_hwservice:hwservice_manager find;

10
sepolicy/vendor/hal_dms_default.te vendored
View File

@@ -1,10 +0,0 @@
type hal_dms_default, domain;
hal_server_domain(hal_dms_default, hal_dms)
type hal_dms_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_dms_default)
allow hal_dms_default vendor_data_file:file { rw_file_perms create unlink };
allow hal_dms_default vendor_data_file:dir { rw_file_perms add_name remove_name };
allow hal_dms_default mediacodec:binder call;
binder_call(hal_dms_default, hal_audio_default)
binder_call(hal_dms_default, platform_app)

15
sepolicy/vendor/hal_fingerprint_default.te vendored
View File

@@ -3,14 +3,14 @@ typeattribute hal_fingerprint_default data_between_core_and_vendor_violators;
allow hal_fingerprint_default goodix_fingerprint_data_file:dir create_dir_perms;
allow hal_fingerprint_default goodix_fingerprint_data_file:file create_file_perms;
allow hal_fingerprint_default fingerprint_device:chr_file rwx_file_perms;
allow hal_fingerprint_default fingerprint_device:chr_file ioctl;
allow hal_fingerprint_default vendor_fingerprint_device:chr_file ioctl;
allow hal_fingerprint_default firmware_file:dir r_dir_perms;
allow hal_fingerprint_default input_device:dir r_dir_perms;
allow hal_fingerprint_default input_device:chr_file rwx_file_perms;
allow hal_fingerprint_default mnt_vendor_file:dir search;
allow hal_fingerprint_default rootfs:dir r_dir_perms;
allow hal_fingerprint_default self:capability sys_nice;
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
allow hal_fingerprint_default sysfs:file rw_file_perms;
allow hal_fingerprint_default sysfs:dir r_dir_perms;
allow hal_fingerprint_default sysfs_leds:dir { search open };
@@ -21,6 +21,8 @@ allow hal_fingerprint_default sysfs_rtc:dir r_dir_perms;
allow hal_fingerprint_default sysfs_rtc:dir { search open };
allow hal_fingerprint_default sysfs_tp_fodstatus:chr_file r_file_perms;
allow hal_fingerprint_default sysfs_tp_fodstatus:file r_file_perms;
allow hal_fingerprint_default touchfeature_device:chr_file rw_file_perms;
allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
allow hal_fingerprint_default system_data_root_file:dir r_dir_perms;
allow hal_fingerprint_default sysfs_devices_system_cpu:file rw_file_perms;
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
@@ -30,12 +32,16 @@ allow hal_fingerprint_default sysfs_wakeup:file rw_file_perms;
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
allow hal_fingerprint_default tee_device:chr_file ioctl;
allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
allow hal_fingerprint_default vendor_displayfeature_device:chr_file { ioctl open read write };
allow hal_fingerprint_default vendor_dmabuf_qseecom_ta_heap_device:chr_file r_file_perms;
allow hal_fingerprint_default vendor_dmabuf_qseecom_heap_device:chr_file r_file_perms;
allow hal_fingerprint_default vendor_dmabuf_secure_cdsp_heap_device:chr_file { ioctl open read };
allow hal_fingerprint_default vendor_fingerprint_data_file:dir create_dir_perms;
allow hal_fingerprint_default vendor_fingerprint_data_file:dir rw_dir_perms;
allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perms;
allow hal_fingerprint_default vendor_fingerprint_data_file_fpdump:dir create_dir_perms;
allow hal_fingerprint_default vendor_fingerprint_data_file_fpdump:file create_file_perms;
allow hal_fingerprint_default vendor_fingerprint_device:chr_file rwx_file_perms;
allow hal_fingerprint_default vendor_hal_fingerprint_hwservice_xiaomi:hwservice_manager { add find };
allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find;
allow hal_fingerprint_default vendor_hal_perf_default:binder call;
@@ -43,6 +49,10 @@ allow hal_fingerprint_default vendor_sysfs_fingerprint:file rw_file_perms;
allow hal_fingerprint_default vendor_sysfs_fingerprint:dir r_dir_perms;
allow hal_fingerprint_default vendor_sysfs_fps_attr:dir r_dir_perms;
allow hal_fingerprint_default vendor_sysfs_fps_attr:file rw_file_perms;
allow hal_fingerprint_default vendor_sysfs_devicetree_soc:dir r_dir_perms;
allow hal_fingerprint_default vendor_sysfs_devicetree_soc:file rw_file_perms;
allow hal_fingerprint_default vendor_sysfs_displayfeature:dir search;
allow hal_fingerprint_default vendor_sysfs_displayfeature:file rw_file_perms;
allow hal_fingerprint_default vendor_sysfs_graphics:dir r_dir_perms;
allow hal_fingerprint_default vendor_sysfs_graphics:file rw_file_perms;
allow hal_fingerprint_default vendor_sysfs_spss:dir r_dir_perms;
@@ -53,6 +63,7 @@ allow hal_fingerprint_default vendor_xdsp_device:chr_file r_file_perms;
allow hal_fingerprint_default vendor_xdsp_device:file r_file_perms;
allow hal_fingerprint_default vendor_hal_fingerprint_hwservice_xiaomi:hwservice_manager { add find };
get_prop(hal_fingerprint_default, vendor_panel_info_prop)
set_prop(hal_fingerprint_default, vendor_fp_prop)
set_prop(hal_fingerprint_default, vendor_fp_info_prop)
set_prop(hal_fingerprint_default, vendor_system_prop)

10
sepolicy/vendor/hal_graphics_composer_default.te vendored
View File

@@ -1,10 +0,0 @@
allow hal_graphics_composer vendor_hal_displayfeature_xiaomi:binder transfer;
allow hal_graphics_composer_default vendor_displayfeature_device:chr_file { ioctl open read };
allow hal_graphics_composer_default vendor_sysfs_displayfeature:dir { open read search };
allow hal_graphics_composer_default vendor_sysfs_displayfeature:file { open read write };
get_prop(hal_graphics_composer, vendor_displayfeature_prop)
set_prop(hal_graphics_composer_default, vendor_ctl_vendor_display_prop)
set_prop(hal_graphics_composer_default, vendor_display_prop)
hal_client_domain(hal_graphics_composer_default, vendor_hal_displayfeature_xiaomi)
allow hal_graphics_composer_default vendor_mistcdisplay_service:service_manager find;
add_service(hal_graphics_composer_default, vendor_mistcdisplay_service)

2
sepolicy/vendor/hal_health_default.te vendored
View File

@@ -1,2 +0,0 @@
allow hal_health_default sysfs:file { getattr open read };
r_dir_file(hal_health_default, vendor_sysfs_battery_supply)

1
sepolicy/vendor/hal_ir_default.te vendored
View File

@@ -1 +0,0 @@
allow hal_ir_default lirc_device:chr_file rw_file_perms;

3
sepolicy/vendor/hal_light_default.te vendored
View File

@@ -1,3 +0,0 @@
allow hal_light_default vendor_displayfeature_device:chr_file { ioctl open read write };
allow hal_light_default vendor_sysfs_displayfeature:dir r_dir_perms;
allow hal_light_default vendor_sysfs_displayfeature:file rw_file_perms;

25
sepolicy/vendor/hal_mlipay_default.te vendored
View File

@@ -1,25 +0,0 @@
type hal_mlipay_default, domain;
type hal_mlipay_default_exec, exec_type, file_type, vendor_file_type;
type hal_mlipay_hwservice, hwservice_manager_type;
allow hal_mlipay_client hal_mlipay_server:binder { call transfer };
allow hal_mlipay_client hal_mlipay_server:binder transfer;
allow hal_mlipay_client hal_mlipay_server:fd *;
allow hal_mlipay_client hal_mlipay_hwservice:hwservice_manager { add find };
allow hal_mlipay_server hal_mlipay_client:binder transfer;
allow hal_mlipay_server hal_mlipay_client:binder { call transfer };
allow hal_mlipay_server hal_mlipay_client:fd *;
allow hal_mlipay_default hal_mlipay_hwservice:hwservice_manager { add find };
allow hal_mlipay_default tee_device:chr_file rw_file_perms;
allow hal_mlipay_default firmware_file:dir r_dir_perms;
allow hal_mlipay_default firmware_file:file r_file_perms;
allow hal_mlipay_default ion_device:chr_file rw_file_perms;
allow hal_mlipay_default rootfs:lnk_file r_file_perms;
allow hal_mlipay_default vendor_dmabuf_qseecom_heap_device:chr_file { ioctl open read };
allow hal_mlipay_default vendor_dmabuf_qseecom_ta_heap_device:chr_file { ioctl open read };
init_daemon_domain(hal_mlipay_default)
get_prop(hal_mlipay_default, vendor_fp_prop)
get_prop(hal_mlipay_default, vendor_system_prop)
set_prop(hal_mlipay_default, vendor_payment_security_prop)
hwbinder_use(hal_mlipay_default)
hal_server_domain(hal_mlipay_default, hal_mlipay)
add_hwservice(hal_mlipay_server, hal_mlipay_hwservice)

6
sepolicy/vendor/hal_nfc_default.te vendored
View File

@@ -1,6 +0,0 @@
allow hal_nfc_default vendor_nfc_vendor_data_file:dir create_dir_perms;
allow hal_nfc_default vendor_data_file:dir rw_dir_perms;
allow hal_nfc_default vendor_data_file:file { create rw_file_perms };
get_prop(hal_nfc_default, vendor_nfc_prop)
set_prop(hal_nfc_default, vendor_nfc_prop)

21
sepolicy/vendor/hal_perf_default.te vendored
View File

@@ -1,20 +1 @@
allow vendor_hal_perf_default hal_graphics_composer_default:process getpgid;
allow vendor_hal_perf_default hal_graphics_composer_default:dir r_dir_perms;
allow vendor_hal_perf_default hal_graphics_composer_default:file r_file_perms;
allow vendor_hal_perf_default hal_graphics_composer_default:file append;
allow vendor_hal_perf_default hal_graphics_composer:dir search;
allow vendor_hal_perf_default hal_camera_default:dir r_dir_perms;
allow vendor_hal_perf_default hal_camera_default:file r_file_perms;
allow vendor_hal_perf_default hal_fingerprint_default:dir r_dir_perms;
allow vendor_hal_perf_default hal_fingerprint_default:file r_file_perms;
allow vendor_hal_perf_default sysfs_thermal:file rw_file_perms;
allow vendor_hal_perf_default hal_audio_default:dir search;
allow vendor_hal_perf_default hal_audio_default:file { open read };
allow vendor_hal_perf_default thermal_data_file:dir { read search watch };
allow vendor_hal_perf_default thermal_data_file:file { getattr open read setattr unlink };
allow vendor_hal_perf_default vendor_hal_displayfeature_xiaomi_default:dir search;
allow vendor_hal_perf_default vendor_hal_displayfeature_xiaomi_default:file read;
allow vendor_hal_perf_default mi_thermald:dir r_dir_perms;
allow vendor_hal_perf_default mi_thermald:file r_file_perms;
set_prop(vendor_hal_perf_default, vendor_wlc_public_prop)
allow vendor_hal_perf_default vendor_sysfs_displayfeature:dir search;

9
sepolicy/vendor/hal_sensors_default.te vendored
View File

@@ -1,9 +0,0 @@
allow hal_sensors_default audio_socket:sock_file rw_file_perms;
allow hal_sensors_default hal_audio_default:unix_stream_socket connectto;
allow hal_sensors_default sound_device:chr_file rw_file_perms;
allow hal_sensors_default sysfs:file { read open write };
allow hal_sensors_default sysfs_tp_fodstatus:file r_file_perms;
allow hal_sensors_default sysfs_tp_virtual_prox:dir r_dir_perms;
allow hal_sensors_default sysfs_tp_virtual_prox:file rw_file_perms;
allow hal_sensors_default vendor_sysfs_graphics:dir r_dir_perms;
allow hal_sensors_default vendor_sysfs_graphics:file r_file_perms;

18
sepolicy/vendor/hal_touchfeature_xiaomi.te vendored
View File

@@ -1,18 +0,0 @@
allow hal_touchfeature_xiaomi_default sysfs:file { getattr open read write };
allow hal_touchfeature_xiaomi_default system_server:binder call;
allow hal_touchfeature_xiaomi_default vendor_touchfeature_prop:file { getattr open read };
allow hal_touchfeature_xiaomi_default surfaceflinger:binder transfer;
#allow hal_touchfeature_xiaomi_default vendor_mfp-daemon:binder transfer;
allow hal_touchfeature_xiaomi touchfeature_device:chr_file rw_file_perms;
allow hal_touchfeature_xiaomi_client hal_touchfeature_xiaomi_server:binder { call transfer };
allow hal_touchfeature_xiaomi_client hal_touchfeature_xiaomi_server:fd *;
allow hal_touchfeature_xiaomi_client hal_touchfeature_xiaomi_hwservice:hwservice_manager find;
allow hal_touchfeature_xiaomi_server hal_touchfeature_xiaomi_client:binder transfer;
init_daemon_domain(hal_touchfeature_xiaomi_default)
unix_socket_connect(hal_touchfeature_xiaomi_default, property, touchreport)
unix_socket_connect(hal_touchfeature_xiaomi_default, property, tpevent)
set_prop(hal_touchfeature_xiaomi_default, vendor_touchfeature_prop)
set_prop(hal_touchfeature_xiaomi_default, vendor_touch_hostprocess_prop)
vndbinder_use(hal_touchfeature_xiaomi)
hal_server_domain(hal_touchfeature_xiaomi_default, hal_touchfeature_xiaomi)
add_hwservice(hal_touchfeature_xiaomi_server, hal_touchfeature_xiaomi_hwservice)

1
sepolicy/vendor/hal_vibrator_default.te vendored
View File

@@ -1 +0,0 @@
allow hal_vibrator_default sysfs:file { open read write };

2
sepolicy/vendor/hwservice.te vendored
View File

@@ -1,2 +0,0 @@
# Dolby
type hal_dms_hwservice, hwservice_manager_type;

11
sepolicy/vendor/hwservice_contexts vendored
View File

@@ -1,9 +1,3 @@
# Displayfeature
vendor.xiaomi.hardware.displayfeature::IDisplayFeature u:object_r:vendor_hal_displayfeature_xiaomi_hwservice:s0
# Dolby
vendor.dolby.hardware.dms::IDms u:object_r:hal_dms_hwservice:s0
# Fingerprint
com.fingerprints.extension::IFingerprintNavigation u:object_r:hal_fingerprint_hwservice:s0
com.fingerprints.extension::IFingerprintSensorTest u:object_r:hal_fingerprint_hwservice:s0
@@ -16,7 +10,4 @@ vendor.xiaomi.hardware.fingerprintextension::IXiaomiFingerprint u:
vendor.xiaomi.hardware.fx.tunnel::IMiFxTunnel u:object_r:hal_fingerprint_hwservice:s0
# Mlipay
vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0
# Touchfeature
vendor.xiaomi.hw.touchfeature::ITouchFeature u:object_r:hal_touchfeature_xiaomi_hwservice:s0
vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0

13
sepolicy/vendor/init.te vendored
View File

@@ -1,14 +1,3 @@
allow init debugfs_tracing_debug:dir mounton;
allow init proc:file { setattr };
allow init hal_fingerprint_default:process ptrace;
# last_kmsg
allow init proc_last_kmsg:file r_file_perms;
allow init proc_last_kmsg:file setattr;
# Touchfeature
allow init tpevent_exec:file { execute getattr open read };
allow init tpevent:process { rlimitinh siginh transition };
allow init touchreport_exec:file { execute getattr open read };
allow init touchreport:process { rlimitinh siginh transition };
set_prop(vendor_init, vendor_touchfeature_prop)
allow init hal_fingerprint_default:process ptrace;

2
sepolicy/vendor/mediacodec.te vendored
View File

@@ -1,2 +0,0 @@
allow mediacodec hal_dms_hwservice:hwservice_manager find;
binder_call(mediacodec, hal_dms_default)

28
sepolicy/vendor/mi_thermald.te vendored
View File

@@ -1,28 +0,0 @@
type mi_thermald, domain, mlstrustedsubject;
type mi_thermald_exec, exec_type, vendor_file_type, file_type;
allow mi_thermald sysfs_devices_system_cpu:file rw_file_perms;
allow mi_thermald self:capability { fsetid sys_boot };
allow mi_thermald sysfs_thermal:file w_file_perms;
allow mi_thermald sysfs:file w_file_perms;
allow mi_thermald vendor_sysfs_kgsl:dir r_dir_perms;
allow mi_thermald vendor_sysfs_kgsl:file rw_file_perms;
allow mi_thermald vendor_sysfs_kgsl:lnk_file r_file_perms;
allow mi_thermald vendor_sysfs_battery_supply:dir r_dir_perms;
allow mi_thermald vendor_sysfs_battery_supply:file rw_file_perms;
allow mi_thermald vendor_sysfs_battery_supply:lnk_file r_file_perms;
allow mi_thermald vendor_sysfs_qcom_battery:file rw_file_perms;
allow mi_thermald vendor_sysfs_graphics:dir r_dir_perms;
allow mi_thermald vendor_sysfs_graphics:file rw_file_perms;
allow mi_thermald vendor_sysfs_graphics:lnk_file r_file_perms;
allow mi_thermald thermal_data_file:dir { add_name read remove_name search watch write };
allow mi_thermald thermal_data_file:file { create getattr open read rename setattr unlink write };
allow mi_thermald mi_thermald:capability { chown fowner };
allow mi_thermald mi_thermald:capability2 { block_suspend wake_alarm };
allow mi_thermald vendor_data_file:dir { add_name read remove_name watch write };
allow mi_thermald vendor_data_file:file { create getattr open read rename setattr unlink write };
init_daemon_domain(mi_thermald)
r_dir_file(mi_thermald, sysfs_thermal)
r_dir_file(mi_thermald, sysfs)
r_dir_file(mi_thermald, sysfs_leds)
r_dir_file(mi_thermald, vendor_sysfs_qcom_battery)
set_prop(mi_thermald, vendor_thermal_normal_prop)

5
sepolicy/vendor/platform_app.te vendored
View File

@@ -1,5 +1,2 @@
allow platform_app hal_dms_hwservice:hwservice_manager find;
binder_call(platform_app, hal_dms_default)
# Touchfeature
allow platform_app hal_touchfeature_xiaomi_hwservice:hwservice_manager find;
binder_call(platform_app, hal_dms_default)

15
sepolicy/vendor/property.te vendored
View File

@@ -1,29 +1,14 @@
# Camera
vendor_public_prop(vendor_camera_sensor_prop)
# Device ID
vendor_public_prop(vendor_deviceid_prop)
vendor_public_prop(vendor_sno_prop)
vendor_public_prop(vendor_cpuid_prop)
# Display
vendor_public_prop(vendor_displayfeature_prop)
vendor_internal_prop(vendor_ctl_vendor_display_prop)
# Fingerprint
vendor_restricted_prop(vendor_fp_info_prop)
vendor_public_prop(vendor_fp_prop)
# Mlipay
vendor_public_prop(vendor_payment_security_prop)
# Thermal
vendor_public_prop(vendor_thermal_normal_prop)
# Touchfeature
vendor_public_prop(vendor_panel_info_prop)
vendor_restricted_prop(vendor_touchfeature_prop)
vendor_restricted_prop(vendor_touch_hostprocess_prop)
# WiFi
vendor_public_prop(vendor_wifimac_prop)

50
sepolicy/vendor/property_contexts vendored
View File

@@ -1,39 +1,5 @@
# Camera
vendor.camera.sensor. u:object_r:vendor_camera_sensor_prop:s0
# Device ID
persist.vendor.radio.imei u:object_r:vendor_deviceid_prop:s0
persist.vendor.radio.meid u:object_r:vendor_deviceid_prop:s0
ro.vendor.oem.imei u:object_r:vendor_deviceid_prop:s0
ro.vendor.oem.meid u:object_r:vendor_deviceid_prop:s0
ro.vendor.oem.psno u:object_r:vendor_sno_prop:s0
ro.vendor.oem.sno u:object_r:vendor_sno_prop:s0
# Display
ro.vendor.eyecare.threshold u:object_r:vendor_displayfeature_prop:s0
ro.vendor.eyecare.level u:object_r:vendor_displayfeature_prop:s0
ro.vendor.hist.threshold u:object_r:vendor_displayfeature_prop:s0
ro.vendor.histogram.enable u:object_r:vendor_displayfeature_prop:s0
ro.vendor.whitepoint_calibration_enable u:object_r:vendor_displayfeature_prop:s0
ro.vendor.df.effect.conflict u:object_r:vendor_displayfeature_prop:s0
persist.vendor.df.extcolor.proc u:object_r:vendor_displayfeature_prop:s0
vendor.displayfeature.entry.enable u:object_r:vendor_displayfeature_prop:s0
persist.vendor.df.color.temp u:object_r:vendor_displayfeature_prop:s0
ro.vendor.colorpick_adjust u:object_r:vendor_displayfeature_prop:s0
ro.vendor.all_modes.colorpick_adjust u:object_r:vendor_displayfeature_prop:s0
ro.vendor.display.type u:object_r:vendor_displayfeature_prop:s0
ro.vendor.xiaomi.bl.poll u:object_r:vendor_displayfeature_prop:s0
persist.vendor.dc_backlight.threshold u:object_r:vendor_displayfeature_prop:s0
persist.vendor.dc_backlight.enable u:object_r:vendor_displayfeature_prop:s0
persist.vendor.dfps.level u:object_r:vendor_displayfeature_prop:s0
persist.vendor.power.dfps.level u:object_r:vendor_displayfeature_prop:s0
ro.vendor.cabc.enable u:object_r:vendor_displayfeature_prop:s0
ro.vendor.bcbc.enable u:object_r:vendor_displayfeature_prop:s0
ro.vendor.dfps.enable u:object_r:vendor_displayfeature_prop:s0
ro.vendor.smart_dfps.enable u:object_r:vendor_displayfeature_prop:s0
ro.vendor.display.default_fps u:object_r:vendor_displayfeature_prop:s0
vendor.hbm.enable u:object_r:vendor_displayfeature_prop:s0
persist.vendor.max.brightness u:object_r:vendor_displayfeature_prop:s0
# Fingerprint
persist.vendor.fpc. u:object_r:vendor_fp_prop:s0
@@ -48,24 +14,10 @@ vendor.panel.display. u:object_r:vendor_fp_prop:s0
vendor.sys.fp. u:object_r:vendor_fp_prop:s0
# Mlipay
persist.vendor.sys.pay. u:object_r:vendor_payment_security_prop:s0
persist.vendor.sys.provision.status u:object_r:vendor_payment_security_prop:s0
vendor.sys.feature_state u:object_r:vendor_payment_security_prop:s0
vendor.sys.rpmb_state u:object_r:vendor_payment_security_prop:s0
# NFC
persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0
# Radio
ro.vendor.ril.svlte1x u:object_r:vendor_radio_prop:s0
ro.vendor.ril.svdo u:object_r:vendor_radio_prop:s0
# Thermal
vendor.sys.thermal.data.path u:object_r:vendor_thermal_normal_prop:s0
# Touchfeature
persist.vendor.hostprocess.waterproof u:object_r:vendor_touch_hostprocess_prop:s0
persist.vendor.touchfeature. u:object_r:vendor_touchfeature_prop:s0
ro.vendor.touchfeature.type u:object_r:vendor_touchfeature_prop:s0
vendor.panel. u:object_r:vendor_panel_info_prop:s0
vendor.touchfeature. u:object_r:vendor_touchfeature_prop:s0
ro.vendor.ril.svdo u:object_r:vendor_radio_prop:s0

10
sepolicy/vendor/stflashtool.te vendored
View File

@@ -1,10 +0,0 @@
type stflashtool, domain;
type stflashtool_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(stflashtool)
allow stflashtool nfc_device:chr_file {ioctl read write getattr lock append map open watch watch_reads};
get_prop(stflashtool, vendor_radio_prop)
get_prop(stflashtool, vendor_nfc_prop)
set_prop(stflashtool, vendor_nfc_prop)

9
sepolicy/vendor/surfaceflinger.te vendored
View File

@@ -1,9 +0,0 @@
allow surfaceflinger sysfs_touch_hostprocess:dir r_dir_perms;
allow surfaceflinger sysfs_touch_hostprocess:file rw_file_perms;
allow surfaceflinger hal_touchfeature_xiaomi_hwservice:hwservice_manager find;
allow surfaceflinger hal_touchfeature_xiaomi_default:binder { call transfer };
allow surfaceflinger hal_touchfeature_xiaomi_default:fd *;
allow surfaceflinger vendor_sysfs_displayfeature:dir r_dir_perms;
allow surfaceflinger vendor_sysfs_displayfeature:file rw_file_perms;
allow surfaceflinger vendor_displayfeature_device:chr_file { ioctl open read write };
allow surfaceflinger vendor_sysfs_graphics:dir { open read search };

6
sepolicy/vendor/system_app.te vendored
View File

@@ -2,12 +2,6 @@ allow system_app proc_pagetypeinfo:file { read open getattr };
allow system_app sysfs_zram:dir r_dir_perms;
allow system_app sysfs_zram:file r_file_perms;
# Touchfeature
allow system_app touchfeature_device:chr_file rw_file_perms;
allow system_app touchfeature_device:file { getattr map read };
get_prop(system_app, vendor_touchfeature_prop)
hal_client_domain(system_app, hal_touchfeature_xiaomi)
binder_call(system_app, hal_audio_default)
binder_call(system_app, hal_health_default)
binder_call(system_app, hal_ir_default)

14
sepolicy/vendor/system_server.te vendored
View File

@@ -1,17 +1,5 @@
# Displayfeature
allow system_server vendor_hal_displayfeature_xiaomi_default:binder { call transfer };
# last_kmsg
allow system_server proc_last_kmsg:file r_file_perms;
# OEM Fastcharge
allow system_server sysfs_wakeup:file r_file_perms;
allow system_server vendor_sysfs_battery_supply:file r_file_perms;
# Touchfeature
allow system_server hal_touchfeature_xiaomi_default:process signal;
allow system_server sysfs_touch_hostprocess:file rw_file_perms;
allow system_server touchfeature_device:chr_file rw_file_perms;
allow system_server touchfeature_device:file { getattr map read };
get_prop(system_server, vendor_touchfeature_prop)
hal_client_domain(system_server, hal_touchfeature_xiaomi)
allow system_server vendor_sysfs_battery_supply:file r_file_perms;

10
sepolicy/vendor/touch_init_shell.te vendored
View File

@@ -1,10 +0,0 @@
type vendor_touch_init_shell, domain;
type vendor_touch_init_shell_exec, exec_type, file_type, vendor_file_type;
allow vendor_touch_init_shell vendor_touch_init_shell_exec:file { entrypoint rx_file_perms };
allow vendor_touch_init_shell vendor_shell_exec:file { entrypoint rx_file_perms };
allow vendor_touch_init_shell vendor_toolbox_exec:file rx_file_perms;
allow vendor_touch_init_shell sysfs:file r_file_perms;
init_daemon_domain(vendor_touch_init_shell)
set_prop(vendor_touch_init_shell, vendor_panel_info_prop)
set_prop(vendor_touch_init_shell, vendor_touchfeature_prop)

28
sepolicy/vendor/touchreport.te vendored
View File

@@ -1,28 +0,0 @@
allow touchreport touchreport_exec:file entrypoint;
allow touchreport touchfeature_device:chr_file rw_file_perms;
allow touchreport touchfeature_device:file { getattr map read };
allow touchreport uhid_device:chr_file rw_file_perms;
allow touchreport sysfs_touch_hostprocess:file { open read write };
allow touchreport sysfs_touch_hostprocess:file rw_file_perms;
allow touchreport sysfs_tp_virtual_prox:file { open read write };
allow touchreport sysfs_tp_virtual_prox:file rw_file_perms;
allow touchreport sysfs_touch_suspend:file { open read write };
allow touchreport sysfs_touch_suspend:file rw_file_perms;
allow touchreport input_device:chr_file rw_file_perms;
allow touchreport input_device:dir r_dir_perms;
allow touchreport proc_tp_file:file { open read write };
allow touchreport proc_tp_lockdown:file { open read write };
allow touchreport touchreport_data_file:file { open read };
allow touchreport touchreport_data_file:dir rw_dir_perms;
allow touchreport vendor_data_touchreport_file:dir { add_name read remove_name search watch write };
allow touchreport vendor_data_touchreport_file:file { create getattr open read rename setattr unlink write };
#allow touchreport vendor_bsp_data_log_file:file create_file_perms;
#allow touchreport vendor_bsp_data_log_file:dir create_dir_perms;
allow touchreport self:capability sys_nice;
allow touchreport self:cap_userns sys_nice;
allow touchreport self:tcp_socket { create getattr getopt read setopt write };
allow touchreport self:udp_socket { create getattr getopt read setopt write };
init_daemon_domain(touchreport)
set_prop(touchreport, vendor_touch_hostprocess_prop)
type touchreport, domain;
type touchreport_exec, exec_type, file_type, vendor_file_type;

10
sepolicy/vendor/tpevent.te vendored
View File

@@ -1,10 +0,0 @@
allow tpevent tpevent_exec:file entrypoint;
allow tpevent input_device:chr_file rw_file_perms;
allow tpevent input_device:dir r_dir_perms;
allow tpevent sysfs_touch_suspend:file rw_file_perms;
allow tpevent sysfs_touch_hostprocess:file rw_file_perms;
allow tpevent proc_interrupts:file r_file_perms;
allow tpevent proc_tp_lockdown:file r_file_perms;
init_daemon_domain(tpevent)
type tpevent, domain;
type tpevent_exec, exec_type, file_type, vendor_file_type;

14
sepolicy/vendor/vendor_hal_perf_default.te vendored
View File

@@ -1,14 +0,0 @@
allow vendor_hal_perf_default hal_audio_default:dir r_dir_perms;
allow vendor_hal_perf_default hal_audio_default:file r_file_perms;
allow vendor_hal_perf_default hal_fingerprint_default:dir r_dir_perms;
allow vendor_hal_perf_default hal_fingerprint_default:file r_file_perms;
allow vendor_hal_perf_default hal_camera_default:dir r_dir_perms;
allow vendor_hal_perf_default hal_camera_default:file { read open };
allow vendor_hal_perf_default hal_graphics_composer_default:dir r_dir_perms;
allow vendor_hal_perf_default hal_graphics_composer_default:file r_file_perms;
allow vendor_hal_perf_default surfaceflinger:dir r_dir_perms;
allow vendor_hal_perf_default surfaceflinger:file r_file_perms;
allow vendor_hal_perf_default surfaceflinger:process setsched;
allow vendor_hal_perf_default sysfs:file r_file_perms;
r_dir_file(vendor_hal_perf_default, system_server)

5
sepolicy/vendor/hvdcp.te → sepolicy/vendor/vendor_hvdcp.te vendored
View File

@@ -1,4 +1,5 @@
r_dir_file(vendor_hvdcp, vendor_sysfs_battery_supply)
rw_dir_file(vendor_hvdcp, sysfs)
allow vendor_hvdcp sysfs_batteryinfo:dir search;
r_dir_file(vendor_hvdcp, vendor_sysfs_battery_supply)
r_dir_file(vendor_hvdcp, vendor_sysfs_iio)
rw_dir_file(vendor_hvdcp, sysfs)
set_prop(vendor_hvdcp, ctl_stop_prop)

4
sepolicy/vendor/vendor_init.te vendored
View File

@@ -1,4 +1,3 @@
allow vendor_init block_device:lnk_file { setattr };
allow vendor_init cgroup:file getattr;
allow vendor_init hwservicemanager:binder { transfer };
allow vendor_init tee_device:chr_file { ioctl };
@@ -13,6 +12,3 @@ allow vendor_init vendor_qce_device:chr_file rw_file_perms;
set_prop(vendor_init, vendor_fp_prop)
set_prop(vendor_init, vendor_fp_info_prop)
set_prop(vendor_init, vendor_nfc_prop)
set_prop(vendor_init, vendor_thermal_normal_prop)
set_prop(vendor_init, vendor_displayfeature_prop)

1
sepolicy/vendor/vendor_modprobe.te vendored
View File

@@ -1,4 +1,3 @@
allow vendor_modprobe block_device:dir search;
allow vendor_modprobe self:capability sys_module;
allow vendor_modprobe self:cap_userns sys_module;
allow vendor_modprobe vendor_file:system module_load;

2
sepolicy/vendor/vendor_qti_init_shell.te vendored
View File

@@ -4,8 +4,6 @@ allow vendor_qti_init_shell configfs:dir setattr;
# END
allow vendor_qti_init_shell device:dir r_dir_perms;
allow vendor_qti_init_shell sysfs:file { write };
allow vendor_qti_init_shell sysfs_dm:file rw_file_perms;
allow vendor_qti_init_shell sysfs_dm:dir r_dir_perms;
allow vendor_qti_init_shell vendor_sysfs_msm_perf:file w_file_perms;
allow vendor_qti_init_shell vendor_qti_init_shell:lockdown { integrity };
allow vendor_qti_init_shell vendor_sysfs_qdss_dev:file { setattr write };

2
sepolicy/vendor/vndservice_contexts vendored
View File

@@ -1,2 +0,0 @@
display.mistcservice u:object_r:vendor_mistcdisplay_service:s0
DisplayFeatureControl u:object_r:vendor_DisplayFeatureControl_service:s0