From 02982d287999820bddd7a42bfd7ffa0d08a335f0 Mon Sep 17 00:00:00 2001 From: itsnouralawad Date: Wed, 19 Jun 2024 10:37:25 +0300 Subject: [PATCH] sm6225-common : Move to xiaomi common sepolicy rules --- BoardConfigCommon.mk | 2 +- sepolicy/private/property_contexts | 16 +--- sepolicy/public/attributes | 4 - sepolicy/public/device.te | 2 - sepolicy/public/hal_touchfeature_xiaomi.te | 3 - sepolicy/vendor/attributes | 9 --- sepolicy/vendor/audioadsprpcd.te | 2 - sepolicy/vendor/audioserver.te | 8 -- sepolicy/vendor/batterysecret.te | 35 --------- sepolicy/vendor/charger.te | 1 - sepolicy/vendor/charger_vendor.te | 1 - sepolicy/vendor/device.te | 6 +- sepolicy/vendor/file.te | 30 +------ sepolicy/vendor/file_contexts | 78 +++---------------- sepolicy/vendor/genfs_contexts | 49 +----------- sepolicy/vendor/hal_audio_default.te | 18 ----- sepolicy/vendor/hal_camera_default.te | 9 --- sepolicy/vendor/hal_display_config.te | 1 - sepolicy/vendor/hal_displayfeature_xiaomi.te | 69 ---------------- sepolicy/vendor/hal_dms.te | 6 -- sepolicy/vendor/hal_dms_default.te | 10 --- sepolicy/vendor/hal_fingerprint_default.te | 15 +++- .../vendor/hal_graphics_composer_default.te | 10 --- sepolicy/vendor/hal_health_default.te | 2 - sepolicy/vendor/hal_ir_default.te | 1 - sepolicy/vendor/hal_light_default.te | 3 - sepolicy/vendor/hal_mlipay_default.te | 25 ------ sepolicy/vendor/hal_nfc_default.te | 6 -- sepolicy/vendor/hal_perf_default.te | 21 +---- sepolicy/vendor/hal_sensors_default.te | 9 --- sepolicy/vendor/hal_touchfeature_xiaomi.te | 18 ----- sepolicy/vendor/hal_vibrator_default.te | 1 - sepolicy/vendor/hwservice.te | 2 - sepolicy/vendor/hwservice_contexts | 11 +-- sepolicy/vendor/init.te | 13 +--- sepolicy/vendor/mediacodec.te | 2 - sepolicy/vendor/mi_thermald.te | 28 ------- sepolicy/vendor/platform_app.te | 5 +- sepolicy/vendor/property.te | 15 ---- sepolicy/vendor/property_contexts | 50 +----------- sepolicy/vendor/stflashtool.te | 10 --- sepolicy/vendor/surfaceflinger.te | 9 --- sepolicy/vendor/system_app.te | 6 -- sepolicy/vendor/system_server.te | 14 +--- sepolicy/vendor/touch_init_shell.te | 10 --- sepolicy/vendor/touchreport.te | 28 ------- sepolicy/vendor/tpevent.te | 10 --- sepolicy/vendor/vendor_hal_perf_default.te | 14 ---- sepolicy/vendor/{hvdcp.te => vendor_hvdcp.te} | 5 +- sepolicy/vendor/vendor_init.te | 4 - sepolicy/vendor/vendor_modprobe.te | 1 - sepolicy/vendor/vendor_qti_init_shell.te | 2 - sepolicy/vendor/vndservice_contexts | 2 - 53 files changed, 42 insertions(+), 669 deletions(-) delete mode 100644 sepolicy/public/attributes delete mode 100644 sepolicy/public/device.te delete mode 100644 sepolicy/public/hal_touchfeature_xiaomi.te delete mode 100755 sepolicy/vendor/attributes delete mode 100644 sepolicy/vendor/audioadsprpcd.te delete mode 100644 sepolicy/vendor/audioserver.te delete mode 100644 sepolicy/vendor/batterysecret.te delete mode 100644 sepolicy/vendor/charger.te delete mode 100644 sepolicy/vendor/charger_vendor.te delete mode 100644 sepolicy/vendor/hal_audio_default.te delete mode 100644 sepolicy/vendor/hal_camera_default.te delete mode 100644 sepolicy/vendor/hal_display_config.te delete mode 100644 sepolicy/vendor/hal_displayfeature_xiaomi.te delete mode 100644 sepolicy/vendor/hal_dms.te delete mode 100644 sepolicy/vendor/hal_dms_default.te delete mode 100644 sepolicy/vendor/hal_graphics_composer_default.te delete mode 100644 sepolicy/vendor/hal_health_default.te delete mode 100644 sepolicy/vendor/hal_ir_default.te delete mode 100644 sepolicy/vendor/hal_light_default.te delete mode 100644 sepolicy/vendor/hal_mlipay_default.te delete mode 100644 sepolicy/vendor/hal_nfc_default.te delete mode 100644 sepolicy/vendor/hal_sensors_default.te delete mode 100644 sepolicy/vendor/hal_touchfeature_xiaomi.te delete mode 100644 sepolicy/vendor/hal_vibrator_default.te delete mode 100644 sepolicy/vendor/hwservice.te delete mode 100644 sepolicy/vendor/mediacodec.te delete mode 100644 sepolicy/vendor/mi_thermald.te delete mode 100644 sepolicy/vendor/stflashtool.te delete mode 100644 sepolicy/vendor/surfaceflinger.te delete mode 100644 sepolicy/vendor/touch_init_shell.te delete mode 100644 sepolicy/vendor/touchreport.te delete mode 100644 sepolicy/vendor/tpevent.te delete mode 100644 sepolicy/vendor/vendor_hal_perf_default.te rename sepolicy/vendor/{hvdcp.te => vendor_hvdcp.te} (80%) delete mode 100644 sepolicy/vendor/vndservice_contexts diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index 05677ad..0a577ed 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -174,8 +174,8 @@ VENDOR_SECURITY_PATCH := $(BOOT_SECURITY_PATCH) # Sepolicy include device/qcom/sepolicy_vndr/sm6225/SEPolicy.mk +include device/xiaomi/sepolicy/SEPolicy.mk SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/private -SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/public BOARD_VENDOR_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor # Verified Boot diff --git a/sepolicy/private/property_contexts b/sepolicy/private/property_contexts index 842603b..33333e3 100644 --- a/sepolicy/private/property_contexts +++ b/sepolicy/private/property_contexts @@ -1,27 +1,13 @@ -# Camera -ro.camera. u:object_r:exported_default_prop:s0 - # Fingerprint gf.debug. u:object_r:vendor_fp_prop:s0 -sys.fp.miui.token u:object_r:exported_system_prop:s0 # GLobal -ro.boot.hwc u:object_r:exported_default_prop:s0 -ro.boot.hwname u:object_r:exported_default_prop:s0 -ro.boot.hwversion u:object_r:exported_default_prop:s0 ro.build.flavor u:object_r:build_prop:s0 -# Hardware -ro.hardware.chipname u:object_r:exported_default_prop:s0 - # MIUI ro.cust.test u:object_r:exported_system_prop:s0 -ro.miui. u:object_r:exported_system_prop:s0 ro.fota.oem u:object_r:exported_system_prop:s0 -ro.product.mod_device u:object_r:build_prop:s0 -ro.product.marketname u:object_r:build_prop:s0 # WiFi ro.wlan.bdf u:object_r:vendor_public_vendor_default_prop:s0 -ro.wlan.chip u:object_r:vendor_public_vendor_default_prop:s0 -ro.ril.oem.wifimac u:object_r:vendor_wifimac_prop:s0 +ro.wlan.chip u:object_r:vendor_public_vendor_default_prop:s0 \ No newline at end of file diff --git a/sepolicy/public/attributes b/sepolicy/public/attributes deleted file mode 100644 index 82711c8..0000000 --- a/sepolicy/public/attributes +++ /dev/null @@ -1,4 +0,0 @@ -# Touchfeature -attribute hal_touchfeature_xiaomi; -attribute hal_touchfeature_xiaomi_client; -attribute hal_touchfeature_xiaomi_server; diff --git a/sepolicy/public/device.te b/sepolicy/public/device.te deleted file mode 100644 index 497ccee..0000000 --- a/sepolicy/public/device.te +++ /dev/null @@ -1,2 +0,0 @@ -# Touchfeature -type touchfeature_device, dev_type; diff --git a/sepolicy/public/hal_touchfeature_xiaomi.te b/sepolicy/public/hal_touchfeature_xiaomi.te deleted file mode 100644 index f3cc65a..0000000 --- a/sepolicy/public/hal_touchfeature_xiaomi.te +++ /dev/null @@ -1,3 +0,0 @@ -type hal_touchfeature_xiaomi_default, domain; -type hal_touchfeature_xiaomi_default_exec, exec_type, file_type, vendor_file_type; -type hal_touchfeature_xiaomi_hwservice, hwservice_manager_type; diff --git a/sepolicy/vendor/attributes b/sepolicy/vendor/attributes deleted file mode 100755 index f8daa4b..0000000 --- a/sepolicy/vendor/attributes +++ /dev/null @@ -1,9 +0,0 @@ -# Mlipay -attribute hal_mlipay; -attribute hal_mlipay_client; -attribute hal_mlipay_server; - -# Dolby -attribute hal_dms; -attribute hal_dms_client; -attribute hal_dms_server; diff --git a/sepolicy/vendor/audioadsprpcd.te b/sepolicy/vendor/audioadsprpcd.te deleted file mode 100644 index 3d09e8c..0000000 --- a/sepolicy/vendor/audioadsprpcd.te +++ /dev/null @@ -1,2 +0,0 @@ -allow vendor_audioadsprpcd vendor_audio_data_file:dir search; -allow vendor_audioadsprpcd vendor_audio_data_file:file { append create getattr open read setattr write }; diff --git a/sepolicy/vendor/audioserver.te b/sepolicy/vendor/audioserver.te deleted file mode 100644 index 66e8b39..0000000 --- a/sepolicy/vendor/audioserver.te +++ /dev/null @@ -1,8 +0,0 @@ -allow audioserver system_server:dir search; -allow audioserver mediaserver:dir search; -allow audioserver mediaserver:file { open read }; -allow audioserver system_app:dir search; -allow audioserver hal_audio_default:process signal; -allow audioserver sound_device:chr_file rw_file_perms; -get_prop(audioserver, bootanim_system_prop) -set_prop(audioserver, audio_prop) diff --git a/sepolicy/vendor/batterysecret.te b/sepolicy/vendor/batterysecret.te deleted file mode 100644 index aeaf192..0000000 --- a/sepolicy/vendor/batterysecret.te +++ /dev/null @@ -1,35 +0,0 @@ -allow batterysecret rootfs:dir write; -allow batterysecret self:capability sys_tty_config; -allow batterysecret self:capability sys_boot; -allow batterysecret self:capability { chown fsetid }; -allow batterysecret self:netlink_kobject_uevent_socket { bind create read setopt }; -allow batterysecret self:capability2 block_suspend; -allow batterysecret self:cap2_userns block_suspend; -allow batterysecret sysfs_wake_lock:file rw_file_perms; -allow batterysecret vendor_sysfs_battery_supply:file rw_file_perms; -allow batterysecret vendor_sysfs_battery_supply:dir r_dir_perms; -allow batterysecret vendor_sysfs_qcom_battery:file rw_file_perms; -allow batterysecret vendor_sysfs_qcom_battery:file write; -allow batterysecret vendor_sysfs_qcom_battery:file { open read write }; -allow batterysecret vendor_sysfs_qcom_battery:dir r_dir_perms; -allow batterysecret system_suspend_server:binder { call transfer }; -allow batterysecret system_suspend_server:fd *; -allow batterysecret system_suspend_hwservice:hwservice_manager find; -allow batterysecret hidl_manager_hwservice:hwservice_manager find; -allow batterysecret sysfs:file write; -allow batterysecret sysfs_usb:file w_file_perms; -allow batterysecret vendor_sysfs_usb_supply:file write; -allow batterysecret sysfs_batteryinfo:file r_file_perms; -allow batterysecret kmsg_device:chr_file rw_file_perms; -allow batterysecret mnt_vendor_file:dir rw_dir_perms; -init_daemon_domain(batterysecret) -r_dir_file(batterysecret, sysfs_type) -r_dir_file(batterysecret, rootfs) -r_dir_file(batterysecret, cgroup) -r_dir_file(batterysecret, vendor_sysfs_usb_supply) -get_prop(batterysecret, hwservicemanager_prop) -get_prop(batterysecret, vendor_default_prop) -set_prop(batterysecret, vendor_system_prop) -hwbinder_use(batterysecret) -type batterysecret, domain; -type batterysecret_exec, exec_type, vendor_file_type, file_type; diff --git a/sepolicy/vendor/charger.te b/sepolicy/vendor/charger.te deleted file mode 100644 index c0b91c8..0000000 --- a/sepolicy/vendor/charger.te +++ /dev/null @@ -1 +0,0 @@ -allow charger vendor_sysfs_graphics:file rw_file_perms; diff --git a/sepolicy/vendor/charger_vendor.te b/sepolicy/vendor/charger_vendor.te deleted file mode 100644 index 90dcf77..0000000 --- a/sepolicy/vendor/charger_vendor.te +++ /dev/null @@ -1 +0,0 @@ -allow charger_vendor vendor_sysfs_graphics:file rw_file_perms; diff --git a/sepolicy/vendor/device.te b/sepolicy/vendor/device.te index d29163c..7c987d0 100644 --- a/sepolicy/vendor/device.te +++ b/sepolicy/vendor/device.te @@ -1,4 +1,2 @@ -type vendor_displayfeature_device, dev_type; -type sound_device, dev_type, mlstrustedobject; -type fingerprint_device, dev_type; -type lirc_device, dev_type; +# Fingerprint +type vendor_fingerprint_device, dev_type; diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index af30b54..fa828ca 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -1,35 +1,9 @@ -# Audio -type audio_socket, file_type; - -# Battery -type vendor_sysfs_qcom_battery, fs_type, sysfs_type; - -# Camera -type camera_persist_file, file_type, mlstrustedobject, vendor_persist_type; - -# Display -type vendor_sysfs_displayfeature, fs_type, sysfs_type; - # Fingerprint type goodix_fingerprint_data_file, data_file_type, file_type, core_data_file_type; type vendor_fingerprint_data_file, data_file_type, file_type, vendor_persist_type; +type vendor_fingerprint_data_file_fpdump, data_file_type, file_type; type sysfs_msm_subsys, fs_type, sysfs_type; +type sysfs_tp_fodstatus, fs_type, sysfs_type; # Mac Address type vendor_mac_vendor_data_file, data_file_type, file_type, mlstrustedobject; - -# last_kmsg -type proc_last_kmsg, fs_type, proc_type; - -# Thermal -type thermal_data_file, data_file_type, file_type; - -# Touchfeature -type proc_tp_file, fs_type, proc_type; -type proc_tp_lockdown, fs_type, proc_type; -type sysfs_touch_hostprocess, fs_type, sysfs_type; -type sysfs_touch_suspend, fs_type, sysfs_type; -type sysfs_tp_fodstatus, fs_type, sysfs_type; -type sysfs_tp_virtual_prox, fs_type, sysfs_type; -type vendor_data_touchreport_file, data_file_type, file_type; -type touchreport_data_file, data_file_type, file_type; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index be998ca..b3776bd 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -1,39 +1,22 @@ -# Audio -/dev/socket/audio_hw_socket u:object_r:audio_socket:s0 - -# Battery -/(vendor|system/vendor)/bin/batterysecret u:object_r:batterysecret_exec:s0 - # Camera -/mnt/vendor/persist/camera(/.*)? u:object_r:camera_persist_file:s0 /(vendor|system/vendor)/lib(64)?/libipebpsstriping\.so u:object_r:same_process_hal_file:s0 -# Display -/(vendor|system/vendor)/bin/displayfeature u:object_r:vendor_displayfeature_exec:s0 -/(vendor|system/vendor)/bin/hw/vendor\.xiaomi\.hardware\.displayfeature@1\.0-service u:object_r:vendor_hal_displayfeature_xiaomi_default_exec:s0 -/dev/mi_display/disp_feature u:object_r:vendor_displayfeature_device:s0 -/sys/devices/virtual/mi_display/disp_feature/disp-DSI-+[0-1](/.*)? u:object_r:vendor_sysfs_displayfeature:s0 - -# Dolby -/data/vendor/dolby(/.*)? u:object_r:vendor_data_file:s0 -/vendor/bin/hw/vendor\.dolby\.hardware\.dms@2\.0-service u:object_r:hal_dms_default_exec:s0 -/vendor/bin/hw/vendor\.dolby\.media\.c2@1\.0-service u:object_r:mediacodec_exec:s0 - # Fingerprint data -/data/gf_data(/.*)? u:object_r:goodix_fingerprint_data_file:s0 -/data/vendor/goodix/gf_data(/.*)? u:object_r:vendor_fingerprint_data_file:s0 -/data/vendor/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0 -/data/vendor/fpc(/.*)? u:object_r:vendor_fingerprint_data_file:s0 -/data/vendor/fpdump(/.*)? u:object_r:vendor_fingerprint_data_file:s0 -/mnt/vendor/persist/fpc(/.*)? u:object_r:vendor_fingerprint_data_file:s0 -/mnt/vendor/persist/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0 +/data/gf_data(/.*)? u:object_r:goodix_fingerprint_data_file:s0 +/data/vendor/goodix/gf_data(/.*)? u:object_r:vendor_fingerprint_data_file:s0 +/data/vendor/fpc(/.*)? u:object_r:vendor_fingerprint_data_file:s0 +/data/vendor/fpdump(/.*)? u:object_r:vendor_fingerprint_data_file_fpdump:s0 +/data/vendor/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0 +/mnt/vendor/persist/fpc(/.*)? u:object_r:vendor_fingerprint_data_file:s0 +/mnt/vendor/persist/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0 /sys/devices/platform/soc/soc:fpc1020(/.*?) u:object_r:vendor_sysfs_fps_attr:s0 -# Fingerprint devices -/dev/goodix_fp u:object_r:fingerprint_device:s0 +# Fingerprint devices +/dev/goodix_fp u:object_r:vendor_fingerprint_device:s0 +/dev/xiaomi-fp u:object_r:vendor_fingerprint_device:s0 # Fingerprint HAL -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.xiaomi u:object_r:hal_fingerprint_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.xiaomi u:object_r:hal_fingerprint_default_exec:s0 # Fix Goodix events /vendor/bin/init.goodix.events.sh u:object_r:vendor_goodix_events_exec:s0 @@ -41,9 +24,6 @@ # Health /vendor/bin/hw/android\.hardware\.health-service\.xiaomi u:object_r:hal_health_default_exec:s0 -# IR -/dev/spidev0.1 u:object_r:lirc_device:s0 - # Mac Address /data/vendor/mac_addr(/.*)? u:object_r:vendor_mac_vendor_data_file:s0 /vendor/bin/nv_mac u:object_r:vendor_wcnss_service_exec:s0 @@ -61,38 +41,4 @@ # Sensors /vendor/bin/hw/android\.hardware\.sensors@2.1-service\.xiaomi-multihal u:object_r:hal_sensors_default_exec:s0 - -# Thermal -/(vendor|system/vendor)/bin/mi_thermald u:object_r:mi_thermald_exec:s0 -/data/vendor/thermal(/.*)? u:object_r:thermal_data_file:s0 - -# Touchfeature -/data/vendor/touch(/.*)? u:object_r:vendor_data_touchreport_file:s0 -/dev/xiaomi-touch u:object_r:touchfeature_device:s0 -/sys/devices/virtual/touch/touch_dev/abnormal_event u:object_r:sysfs_touch_hostprocess:s0 -/sys/devices/virtual/touch/touch_dev/clicktouch_raw u:object_r:sysfs_touch_hostprocess:s0 -/sys/devices/virtual/touch/touch_dev/ear_sensor u:object_r:sysfs_tp_virtual_prox:s0 -/sys/devices/virtual/touch/touch_dev/ear_sensor_data u:object_r:sysfs_tp_virtual_prox:s0 -/sys/devices/virtual/touch/touch_dev/enable_touch_delta u:object_r:sysfs_touch_hostprocess:s0 -/sys/devices/virtual/touch/touch_dev/enable_touch_raw u:object_r:sysfs_touch_hostprocess:s0 -/sys/devices/virtual/touch/touch_dev/force_calibration u:object_r:sysfs_touch_hostprocess:s0 -/sys/devices/virtual/touch/touch_dev/hold_sensor u:object_r:sysfs_tp_virtual_prox:s0 -/sys/devices/virtual/touch/touch_dev/palm_sensor u:object_r:sysfs_tp_virtual_prox:s0 -/sys/devices/virtual/touch/touch_dev/rx_num u:object_r:sysfs_touch_hostprocess:s0 -/sys/devices/virtual/touch/touch_dev/suspend_state u:object_r:sysfs_touch_suspend:s0 -/sys/devices/virtual/touch/touch_dev/touch_doze_analysis u:object_r:sysfs_touch_hostprocess:s0 -/sys/devices/virtual/touch/touch_dev/touch_ic_buffer u:object_r:sysfs_touch_hostprocess:s0 -/sys/devices/virtual/touch/touch_dev/touch_sensor u:object_r:sysfs_touch_hostprocess:s0 -/sys/devices/virtual/touch/touch_dev/touch_sensor_ctrl u:object_r:sysfs_touch_hostprocess:s0 -/sys/devices/virtual/touch/touch_dev/touch_thp_(.*) u:object_r:sysfs_touch_hostprocess:s0 -/sys/devices/virtual/touch/touch_dev/tx_num u:object_r:sysfs_touch_hostprocess:s0 -/sys/devices/virtual/touch/touch_dev/update_rawdata u:object_r:sysfs_touch_hostprocess:s0 -/sys/devices/virtual/touch/tp_dev/fod_status u:object_r:sysfs_tp_fodstatus:s0 -/(vendor|odm)/etc/init.panel_info.sh u:object_r:vendor_touch_init_shell_exec:s0 -/(vendor|system/vendor|odm|vendor/odm)/bin/ear_sensor u:object_r:touchreport_exec:s0 -/(vendor|system/vendor|odm|vendor/odm)/bin/touch_delta u:object_r:touchreport_exec:s0 -/(vendor|system/vendor|odm|vendor/odm)/bin/touch_raw u:object_r:touchreport_exec:s0 -/(vendor|system/vendor|odm|vendor/odm)/bin/touch_report u:object_r:touchreport_exec:s0 -/(vendor|system/vendor|odm|vendor/odm)/bin/toucheventcheck u:object_r:tpevent_exec:s0 -/(vendor|system/vendor|odm|vendor/odm)/bin/touchsensor u:object_r:touchreport_exec:s0 -/(vendor|system/vendor|odm|vendor/odm)/bin/hw/vendor\.xiaomi\.hw\.touchfeature@1\.0-service u:object_r:hal_touchfeature_xiaomi_default_exec:s0 +/sys/devices/platform/soc/soc:qcom,dsi-display-primary/mi_display/disp-DSI-0/dynamic_fps u:object_r:vendor_sysfs_graphics:s0 \ No newline at end of file diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index 5c42904..ff701e1 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -16,6 +16,8 @@ genfscon sysfs /devices/platform/soc/soc:spf_core_platform/soc:spf_core_platform genfscon sysfs /devices/platform/soc/soc:rt-pd-manager/extcon u:object_r:sysfs_extcon:s0 # Fingerprint +genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc u:object_r:vendor_sysfs_fingerprint:s0 +genfscon sysfs /devices/virtual/touch/touch_dev/fod_press_status u:object_r:sysfs_tp_fodstatus:s0 genfscon sysfs /devices/platform/soc/soc:fpc1020/device_prepare u:object_r:vendor_sysfs_fingerprint:s0 genfscon sysfs /devices/platform/soc/soc:fpc1020/fingerdown_wait u:object_r:vendor_sysfs_fingerprint:s0 genfscon sysfs /devices/platform/soc/soc:fpc1020/irq u:object_r:vendor_sysfs_fingerprint:s0 @@ -32,57 +34,10 @@ genfscon sysfs /devices/platform/soc/soc:fingerprint_goodix/wakeup u genfscon sysfs /devices/platform/soc/soc:goodix_fp/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/soc/4ac0000.qcom,qupv3_0_geni_se/4a84000.i2c/i2c-0/0-006a/power_supply/bbc/wakeup18 u:object_r:sysfs_wakeup:s0 -# last_kmsg -genfscon proc /last_kmsg u:object_r:proc_last_kmsg:s0 - # Suspend genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,pm6125_rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup8 u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-00/1c40000.qcom,spmi:qcom,pm6125@0:qcom,pm6125_rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup8/event_count u:object_r:sysfs_wakeup:s0 -# Touchfeature -genfscon proc "/tp_hal_version" u:object_r:proc_tp_file:s0 -genfscon proc "/tp_lockdown_info" u:object_r:proc_tp_lockdown:s0 -genfscon proc "/tp_lockdown_info_pri" u:object_r:proc_tp_lockdown:s0 -genfscon proc "/tp_lockdown_info_sec" u:object_r:proc_tp_lockdown:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/abnormal_event" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/clicktouch_raw" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/ear_sensor" u:object_r:sysfs_tp_virtual_prox:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/ear_sensor_data" u:object_r:sysfs_tp_virtual_prox:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/enable_touch_delta" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/enable_touch_raw" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/fod_press_status" u:object_r:sysfs_tp_fodstatus:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/hold_sensor" u:object_r:sysfs_tp_virtual_prox:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/palm_sensor" u:object_r:sysfs_tp_virtual_prox:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/palm_sensor_data" u:object_r:sysfs_tp_virtual_prox:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/suspend_state" u:object_r:sysfs_touch_suspend:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_active_status" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_doze_analysis" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_finger_status" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_ic_buffer" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_irq_no" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_sensor_ctrl" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_breakline_mode" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_breakline_result" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_cmd" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_cmd_ready" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_downthd" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_dump" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_dump_data" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_islandthd" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_mem_notify" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_movethd" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_noisefilter" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_preset_point" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_rx_num" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_smooth" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_testmode" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_testresult" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_tx_num" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_upthd" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_x_resolution" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/touch_thp_y_resolution" u:object_r:sysfs_touch_hostprocess:s0 -genfscon sysfs "/devices/virtual/touch/touch_dev/update_rawdata" u:object_r:sysfs_touch_hostprocess:s0 - # Vibrator genfscon sysfs /devices/platform/soc/[a-f0-9]+.qcom,spmi/spmi-0/spmi0-0[0-9]/[a-f0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,haptics@c000/leds/vibrator(/.*)? u:object_r:sysfs_leds:s0 genfscon sysfs /devices/platform/soc/soc:vibrator_gpio/leds/vibrator u:object_r:sysfs_leds:s0 diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te deleted file mode 100644 index b6cbc15..0000000 --- a/sepolicy/vendor/hal_audio_default.te +++ /dev/null @@ -1,18 +0,0 @@ -allow hal_audio_default vendor_persist_audio_file:file rw_file_perms; -allow hal_audio_default mnt_vendor_file:dir r_dir_perms; -allow hal_audio_default vendor_audio_prop:property_service set; -allow hal_audio_default audio_socket:sock_file rw_file_perms; -allow hal_audio_default sound_device:chr_file rw_file_perms; -allow hal_audio_default sysfs:file rw_file_perms; -allow hal_audio_default dmabuf_system_heap_device:chr_file { read open ioctl }; -allow hal_audio_default debugfs:dir { open read }; -allow hal_audio_default vendor_agm_device:chr_file { read write open ioctl }; -allow hal_audio_default vendor_pd_locater_dbg_prop:file { map }; -get_prop(hal_audio_default, vendor_pd_locater_dbg_prop) -unix_socket_connect(hal_audio_default, property, init) -unix_socket_connect(hal_audio_default, property, hal_sensors_default) -set_prop(hal_audio_default, vendor_audio_prop) - -# Allow hal_audio_default to find and call hal_dms_default -allow hal_audio_default hal_dms_hwservice:hwservice_manager find; -binder_call(hal_audio_default, hal_dms_default) diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te deleted file mode 100644 index acfef12..0000000 --- a/sepolicy/vendor/hal_camera_default.te +++ /dev/null @@ -1,9 +0,0 @@ -allow hal_camera_default mnt_vendor_file:dir search; -allow hal_camera_default camera_persist_file:dir search; -allow hal_camera_default vendor_persist_sensors_file:dir search; -dontaudit hal_camera graphics_device:dir search; -dontaudit hal_camera_default default_prop:file read; -r_dir_file(hal_camera_default, mnt_vendor_file) -r_dir_file(hal_camera_default, camera_persist_file) -r_dir_file(hal_camera_default, vendor_persist_sensors_file) -set_prop(hal_camera_default, vendor_camera_sensor_prop) diff --git a/sepolicy/vendor/hal_display_config.te b/sepolicy/vendor/hal_display_config.te deleted file mode 100644 index 12fdcce..0000000 --- a/sepolicy/vendor/hal_display_config.te +++ /dev/null @@ -1 +0,0 @@ -allow vendor_hal_display_config_hwservice vendor_hal_displayfeature_xiaomi_default:binder transfer; diff --git a/sepolicy/vendor/hal_displayfeature_xiaomi.te b/sepolicy/vendor/hal_displayfeature_xiaomi.te deleted file mode 100644 index 4774d52..0000000 --- a/sepolicy/vendor/hal_displayfeature_xiaomi.te +++ /dev/null @@ -1,69 +0,0 @@ -type vendor_hal_displayfeature_xiaomi_default, domain; -type vendor_hal_displayfeature_xiaomi_default_exec, exec_type, file_type, vendor_file_type; -type vendor_hal_displayfeature_xiaomi_hwservice, hwservice_manager_type; -type vendor_mistcdisplay_service, vndservice_manager_type; - -type vendor_displayfeature, domain; -type vendor_displayfeature_exec, exec_type, file_type, vendor_file_type; -type vendor_DisplayFeatureControl_service, vndservice_manager_type; - -allow vendor_hal_displayfeature_xiaomi vendor_sysfs_graphics:file rw_file_perms; -allow vendor_hal_displayfeature_xiaomi vendor_qdisplay_service:service_manager find; -allow vendor_hal_displayfeature_xiaomi hal_graphics_composer:binder { call transfer }; -allow vendor_hal_displayfeature_xiaomi hal_graphics_composer:fd *; -allow vendor_hal_displayfeature_xiaomi graphics_device:chr_file rw_file_perms; -allow vendor_hal_displayfeature_xiaomi graphics_device:dir r_dir_perms; -allow vendor_hal_displayfeature_xiaomi_default sysfs:file { getattr open read write }; -allow vendor_hal_displayfeature_xiaomi_default sensors_device:chr_file r_file_perms; -allow vendor_hal_displayfeature_xiaomi_default fwk_sensor_hwservice:hwservice_manager find; -allow vendor_hal_displayfeature_xiaomi_default system_server:binder { call transfer }; -allow vendor_hal_displayfeature_xiaomi_default vendor_hal_display_config_hwservice:hwservice_manager find; -allow vendor_hal_displayfeature_xiaomi_default vendor_hal_display_config_hwservice:binder { call transfer }; -allow vendor_hal_displayfeature_xiaomi_default vendor_hal_display_config_hwservice:fd *; -allow vendor_hal_displayfeature_xiaomi_default vendor_display_vendor_data_file:dir create_dir_perms; -allow vendor_hal_displayfeature_xiaomi_default vendor_display_vendor_data_file:file create_file_perms; -allow vendor_hal_displayfeature_xiaomi_default vendor_displayfeature_device:chr_file { ioctl open read write }; -allow vendor_hal_displayfeature_xiaomi_default vendor_sysfs_displayfeature:dir r_dir_perms; -allow vendor_hal_displayfeature_xiaomi_default vendor_sysfs_displayfeature:file rw_file_perms; -allow vendor_hal_displayfeature_xiaomi_default vendor_mistcdisplay_service:service_manager find; -allow vendor_hal_displayfeature_xiaomi_default system_app:binder { call transfer }; -allow vendor_hal_displayfeature_xiaomi_default system_app:fd *; -allow vendor_hal_displayfeature_xiaomi_default surfaceflinger:binder call; -allow vendor_hal_displayfeature_xiaomi_client vendor_hal_displayfeature_xiaomi_server:binder { call transfer }; -allow vendor_hal_displayfeature_xiaomi_client vendor_hal_displayfeature_xiaomi_server:fd *; -allow vendor_hal_displayfeature_xiaomi_client vendor_hal_displayfeature_xiaomi_hwservice:hwservice_manager find; -allow vendor_hal_displayfeature_xiaomi_server vendor_hal_displayfeature_xiaomi_client:binder transfer; -attribute vendor_hal_displayfeature_xiaomi; -attribute vendor_hal_displayfeature_xiaomi_client; -attribute vendor_hal_displayfeature_xiaomi_server; -init_daemon_domain(vendor_hal_displayfeature_xiaomi_default) -r_dir_file(vendor_hal_displayfeature_xiaomi, vendor_sysfs_graphics) -unix_socket_connect(vendor_hal_displayfeature_xiaomi_default, property, vendor_sensors) -get_prop(vendor_hal_displayfeature_xiaomi_default, vendor_mpctl_prop) -set_prop(vendor_hal_displayfeature_xiaomi_default, vendor_displayfeature_prop) -vndbinder_use(vendor_hal_displayfeature_xiaomi) -hal_server_domain(vendor_hal_displayfeature_xiaomi_default, vendor_hal_displayfeature_xiaomi) -hal_client_domain(vendor_hal_displayfeature_xiaomi_default, vendor_hal_display_color) -hal_client_domain(vendor_hal_displayfeature_xiaomi_default, vendor_hal_display_postproc) -add_hwservice(vendor_hal_displayfeature_xiaomi_server, vendor_hal_displayfeature_xiaomi_hwservice) - -allow vendor_displayfeature system_server:binder transfer; -allow vendor_displayfeature system_server:binder { call transfer }; -allow vendor_displayfeature system_server:fd *; -allow vendor_displayfeature appdomain:binder { call transfer }; -allow vendor_displayfeature appdomain:fd *; -allow vendor_displayfeature sysfs:file { getattr open read write }; -allow vendor_displayfeature vendor_file:file r_file_perms; -allow vendor_displayfeature graphics_device:dir r_dir_perms; -allow vendor_displayfeature graphics_device:chr_file rw_file_perms; -init_daemon_domain(vendor_displayfeature) -get_prop(vendor_displayfeature, hwservicemanager_prop) -get_prop(vendor_displayfeature, vendor_displayfeature_prop) -hwbinder_use(vendor_displayfeature) -vndbinder_use(vendor_displayfeature) -hal_client_domain(vendor_displayfeature, hal_graphics_composer) -hal_client_domain(vendor_displayfeature, hal_light) -hal_client_domain(vendor_displayfeature, vendor_hal_display_color) -hal_client_domain(vendor_displayfeature, vendor_hal_display_postproc) -hal_client_domain(vendor_displayfeature, vendor_hal_displayfeature_xiaomi) -add_service(vendor_displayfeature, vendor_DisplayFeatureControl_service) diff --git a/sepolicy/vendor/hal_dms.te b/sepolicy/vendor/hal_dms.te deleted file mode 100644 index 6f3b093..0000000 --- a/sepolicy/vendor/hal_dms.te +++ /dev/null @@ -1,6 +0,0 @@ -# HwBinder IPC from client to server, and callbacks -binder_call(hal_dms_client, hal_dms_server) -binder_call(hal_dms_server, hal_dms_client) - -add_hwservice(hal_dms_server, hal_dms_hwservice) -allow hal_dms_client hal_dms_hwservice:hwservice_manager find; diff --git a/sepolicy/vendor/hal_dms_default.te b/sepolicy/vendor/hal_dms_default.te deleted file mode 100644 index 886e3e8..0000000 --- a/sepolicy/vendor/hal_dms_default.te +++ /dev/null @@ -1,10 +0,0 @@ -type hal_dms_default, domain; -hal_server_domain(hal_dms_default, hal_dms) -type hal_dms_default_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_dms_default) - -allow hal_dms_default vendor_data_file:file { rw_file_perms create unlink }; -allow hal_dms_default vendor_data_file:dir { rw_file_perms add_name remove_name }; -allow hal_dms_default mediacodec:binder call; -binder_call(hal_dms_default, hal_audio_default) -binder_call(hal_dms_default, platform_app) diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te index e88fc1d..e747d5d 100644 --- a/sepolicy/vendor/hal_fingerprint_default.te +++ b/sepolicy/vendor/hal_fingerprint_default.te @@ -3,14 +3,14 @@ typeattribute hal_fingerprint_default data_between_core_and_vendor_violators; allow hal_fingerprint_default goodix_fingerprint_data_file:dir create_dir_perms; allow hal_fingerprint_default goodix_fingerprint_data_file:file create_file_perms; -allow hal_fingerprint_default fingerprint_device:chr_file rwx_file_perms; -allow hal_fingerprint_default fingerprint_device:chr_file ioctl; +allow hal_fingerprint_default vendor_fingerprint_device:chr_file ioctl; allow hal_fingerprint_default firmware_file:dir r_dir_perms; allow hal_fingerprint_default input_device:dir r_dir_perms; allow hal_fingerprint_default input_device:chr_file rwx_file_perms; allow hal_fingerprint_default mnt_vendor_file:dir search; allow hal_fingerprint_default rootfs:dir r_dir_perms; allow hal_fingerprint_default self:capability sys_nice; +allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl; allow hal_fingerprint_default sysfs:file rw_file_perms; allow hal_fingerprint_default sysfs:dir r_dir_perms; allow hal_fingerprint_default sysfs_leds:dir { search open }; @@ -21,6 +21,8 @@ allow hal_fingerprint_default sysfs_rtc:dir r_dir_perms; allow hal_fingerprint_default sysfs_rtc:dir { search open }; allow hal_fingerprint_default sysfs_tp_fodstatus:chr_file r_file_perms; allow hal_fingerprint_default sysfs_tp_fodstatus:file r_file_perms; +allow hal_fingerprint_default touchfeature_device:chr_file rw_file_perms; +allow hal_fingerprint_default uhid_device:chr_file rw_file_perms; allow hal_fingerprint_default system_data_root_file:dir r_dir_perms; allow hal_fingerprint_default sysfs_devices_system_cpu:file rw_file_perms; allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl; @@ -30,12 +32,16 @@ allow hal_fingerprint_default sysfs_wakeup:file rw_file_perms; allow hal_fingerprint_default tee_device:chr_file rw_file_perms; allow hal_fingerprint_default tee_device:chr_file ioctl; allow hal_fingerprint_default uhid_device:chr_file rw_file_perms; +allow hal_fingerprint_default vendor_displayfeature_device:chr_file { ioctl open read write }; allow hal_fingerprint_default vendor_dmabuf_qseecom_ta_heap_device:chr_file r_file_perms; allow hal_fingerprint_default vendor_dmabuf_qseecom_heap_device:chr_file r_file_perms; allow hal_fingerprint_default vendor_dmabuf_secure_cdsp_heap_device:chr_file { ioctl open read }; allow hal_fingerprint_default vendor_fingerprint_data_file:dir create_dir_perms; allow hal_fingerprint_default vendor_fingerprint_data_file:dir rw_dir_perms; allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perms; +allow hal_fingerprint_default vendor_fingerprint_data_file_fpdump:dir create_dir_perms; +allow hal_fingerprint_default vendor_fingerprint_data_file_fpdump:file create_file_perms; +allow hal_fingerprint_default vendor_fingerprint_device:chr_file rwx_file_perms; allow hal_fingerprint_default vendor_hal_fingerprint_hwservice_xiaomi:hwservice_manager { add find }; allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find; allow hal_fingerprint_default vendor_hal_perf_default:binder call; @@ -43,6 +49,10 @@ allow hal_fingerprint_default vendor_sysfs_fingerprint:file rw_file_perms; allow hal_fingerprint_default vendor_sysfs_fingerprint:dir r_dir_perms; allow hal_fingerprint_default vendor_sysfs_fps_attr:dir r_dir_perms; allow hal_fingerprint_default vendor_sysfs_fps_attr:file rw_file_perms; +allow hal_fingerprint_default vendor_sysfs_devicetree_soc:dir r_dir_perms; +allow hal_fingerprint_default vendor_sysfs_devicetree_soc:file rw_file_perms; +allow hal_fingerprint_default vendor_sysfs_displayfeature:dir search; +allow hal_fingerprint_default vendor_sysfs_displayfeature:file rw_file_perms; allow hal_fingerprint_default vendor_sysfs_graphics:dir r_dir_perms; allow hal_fingerprint_default vendor_sysfs_graphics:file rw_file_perms; allow hal_fingerprint_default vendor_sysfs_spss:dir r_dir_perms; @@ -53,6 +63,7 @@ allow hal_fingerprint_default vendor_xdsp_device:chr_file r_file_perms; allow hal_fingerprint_default vendor_xdsp_device:file r_file_perms; allow hal_fingerprint_default vendor_hal_fingerprint_hwservice_xiaomi:hwservice_manager { add find }; +get_prop(hal_fingerprint_default, vendor_panel_info_prop) set_prop(hal_fingerprint_default, vendor_fp_prop) set_prop(hal_fingerprint_default, vendor_fp_info_prop) set_prop(hal_fingerprint_default, vendor_system_prop) diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te deleted file mode 100644 index 60d86fb..0000000 --- a/sepolicy/vendor/hal_graphics_composer_default.te +++ /dev/null @@ -1,10 +0,0 @@ -allow hal_graphics_composer vendor_hal_displayfeature_xiaomi:binder transfer; -allow hal_graphics_composer_default vendor_displayfeature_device:chr_file { ioctl open read }; -allow hal_graphics_composer_default vendor_sysfs_displayfeature:dir { open read search }; -allow hal_graphics_composer_default vendor_sysfs_displayfeature:file { open read write }; -get_prop(hal_graphics_composer, vendor_displayfeature_prop) -set_prop(hal_graphics_composer_default, vendor_ctl_vendor_display_prop) -set_prop(hal_graphics_composer_default, vendor_display_prop) -hal_client_domain(hal_graphics_composer_default, vendor_hal_displayfeature_xiaomi) -allow hal_graphics_composer_default vendor_mistcdisplay_service:service_manager find; -add_service(hal_graphics_composer_default, vendor_mistcdisplay_service) diff --git a/sepolicy/vendor/hal_health_default.te b/sepolicy/vendor/hal_health_default.te deleted file mode 100644 index e2faddd..0000000 --- a/sepolicy/vendor/hal_health_default.te +++ /dev/null @@ -1,2 +0,0 @@ -allow hal_health_default sysfs:file { getattr open read }; -r_dir_file(hal_health_default, vendor_sysfs_battery_supply) diff --git a/sepolicy/vendor/hal_ir_default.te b/sepolicy/vendor/hal_ir_default.te deleted file mode 100644 index 825e1e2..0000000 --- a/sepolicy/vendor/hal_ir_default.te +++ /dev/null @@ -1 +0,0 @@ -allow hal_ir_default lirc_device:chr_file rw_file_perms; diff --git a/sepolicy/vendor/hal_light_default.te b/sepolicy/vendor/hal_light_default.te deleted file mode 100644 index c2cf4f0..0000000 --- a/sepolicy/vendor/hal_light_default.te +++ /dev/null @@ -1,3 +0,0 @@ -allow hal_light_default vendor_displayfeature_device:chr_file { ioctl open read write }; -allow hal_light_default vendor_sysfs_displayfeature:dir r_dir_perms; -allow hal_light_default vendor_sysfs_displayfeature:file rw_file_perms; diff --git a/sepolicy/vendor/hal_mlipay_default.te b/sepolicy/vendor/hal_mlipay_default.te deleted file mode 100644 index a0b7f6d..0000000 --- a/sepolicy/vendor/hal_mlipay_default.te +++ /dev/null @@ -1,25 +0,0 @@ -type hal_mlipay_default, domain; -type hal_mlipay_default_exec, exec_type, file_type, vendor_file_type; -type hal_mlipay_hwservice, hwservice_manager_type; -allow hal_mlipay_client hal_mlipay_server:binder { call transfer }; -allow hal_mlipay_client hal_mlipay_server:binder transfer; -allow hal_mlipay_client hal_mlipay_server:fd *; -allow hal_mlipay_client hal_mlipay_hwservice:hwservice_manager { add find }; -allow hal_mlipay_server hal_mlipay_client:binder transfer; -allow hal_mlipay_server hal_mlipay_client:binder { call transfer }; -allow hal_mlipay_server hal_mlipay_client:fd *; -allow hal_mlipay_default hal_mlipay_hwservice:hwservice_manager { add find }; -allow hal_mlipay_default tee_device:chr_file rw_file_perms; -allow hal_mlipay_default firmware_file:dir r_dir_perms; -allow hal_mlipay_default firmware_file:file r_file_perms; -allow hal_mlipay_default ion_device:chr_file rw_file_perms; -allow hal_mlipay_default rootfs:lnk_file r_file_perms; -allow hal_mlipay_default vendor_dmabuf_qseecom_heap_device:chr_file { ioctl open read }; -allow hal_mlipay_default vendor_dmabuf_qseecom_ta_heap_device:chr_file { ioctl open read }; -init_daemon_domain(hal_mlipay_default) -get_prop(hal_mlipay_default, vendor_fp_prop) -get_prop(hal_mlipay_default, vendor_system_prop) -set_prop(hal_mlipay_default, vendor_payment_security_prop) -hwbinder_use(hal_mlipay_default) -hal_server_domain(hal_mlipay_default, hal_mlipay) -add_hwservice(hal_mlipay_server, hal_mlipay_hwservice) diff --git a/sepolicy/vendor/hal_nfc_default.te b/sepolicy/vendor/hal_nfc_default.te deleted file mode 100644 index ee949cc..0000000 --- a/sepolicy/vendor/hal_nfc_default.te +++ /dev/null @@ -1,6 +0,0 @@ -allow hal_nfc_default vendor_nfc_vendor_data_file:dir create_dir_perms; -allow hal_nfc_default vendor_data_file:dir rw_dir_perms; -allow hal_nfc_default vendor_data_file:file { create rw_file_perms }; - -get_prop(hal_nfc_default, vendor_nfc_prop) -set_prop(hal_nfc_default, vendor_nfc_prop) diff --git a/sepolicy/vendor/hal_perf_default.te b/sepolicy/vendor/hal_perf_default.te index dc30a49..a6fc6cd 100644 --- a/sepolicy/vendor/hal_perf_default.te +++ b/sepolicy/vendor/hal_perf_default.te @@ -1,20 +1 @@ -allow vendor_hal_perf_default hal_graphics_composer_default:process getpgid; -allow vendor_hal_perf_default hal_graphics_composer_default:dir r_dir_perms; -allow vendor_hal_perf_default hal_graphics_composer_default:file r_file_perms; -allow vendor_hal_perf_default hal_graphics_composer_default:file append; -allow vendor_hal_perf_default hal_graphics_composer:dir search; -allow vendor_hal_perf_default hal_camera_default:dir r_dir_perms; -allow vendor_hal_perf_default hal_camera_default:file r_file_perms; -allow vendor_hal_perf_default hal_fingerprint_default:dir r_dir_perms; -allow vendor_hal_perf_default hal_fingerprint_default:file r_file_perms; -allow vendor_hal_perf_default sysfs_thermal:file rw_file_perms; -allow vendor_hal_perf_default hal_audio_default:dir search; -allow vendor_hal_perf_default hal_audio_default:file { open read }; -allow vendor_hal_perf_default thermal_data_file:dir { read search watch }; -allow vendor_hal_perf_default thermal_data_file:file { getattr open read setattr unlink }; -allow vendor_hal_perf_default vendor_hal_displayfeature_xiaomi_default:dir search; -allow vendor_hal_perf_default vendor_hal_displayfeature_xiaomi_default:file read; -allow vendor_hal_perf_default mi_thermald:dir r_dir_perms; -allow vendor_hal_perf_default mi_thermald:file r_file_perms; - -set_prop(vendor_hal_perf_default, vendor_wlc_public_prop) \ No newline at end of file +allow vendor_hal_perf_default vendor_sysfs_displayfeature:dir search; \ No newline at end of file diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te deleted file mode 100644 index fd720cf..0000000 --- a/sepolicy/vendor/hal_sensors_default.te +++ /dev/null @@ -1,9 +0,0 @@ -allow hal_sensors_default audio_socket:sock_file rw_file_perms; -allow hal_sensors_default hal_audio_default:unix_stream_socket connectto; -allow hal_sensors_default sound_device:chr_file rw_file_perms; -allow hal_sensors_default sysfs:file { read open write }; -allow hal_sensors_default sysfs_tp_fodstatus:file r_file_perms; -allow hal_sensors_default sysfs_tp_virtual_prox:dir r_dir_perms; -allow hal_sensors_default sysfs_tp_virtual_prox:file rw_file_perms; -allow hal_sensors_default vendor_sysfs_graphics:dir r_dir_perms; -allow hal_sensors_default vendor_sysfs_graphics:file r_file_perms; diff --git a/sepolicy/vendor/hal_touchfeature_xiaomi.te b/sepolicy/vendor/hal_touchfeature_xiaomi.te deleted file mode 100644 index 350cfcf..0000000 --- a/sepolicy/vendor/hal_touchfeature_xiaomi.te +++ /dev/null @@ -1,18 +0,0 @@ -allow hal_touchfeature_xiaomi_default sysfs:file { getattr open read write }; -allow hal_touchfeature_xiaomi_default system_server:binder call; -allow hal_touchfeature_xiaomi_default vendor_touchfeature_prop:file { getattr open read }; -allow hal_touchfeature_xiaomi_default surfaceflinger:binder transfer; -#allow hal_touchfeature_xiaomi_default vendor_mfp-daemon:binder transfer; -allow hal_touchfeature_xiaomi touchfeature_device:chr_file rw_file_perms; -allow hal_touchfeature_xiaomi_client hal_touchfeature_xiaomi_server:binder { call transfer }; -allow hal_touchfeature_xiaomi_client hal_touchfeature_xiaomi_server:fd *; -allow hal_touchfeature_xiaomi_client hal_touchfeature_xiaomi_hwservice:hwservice_manager find; -allow hal_touchfeature_xiaomi_server hal_touchfeature_xiaomi_client:binder transfer; -init_daemon_domain(hal_touchfeature_xiaomi_default) -unix_socket_connect(hal_touchfeature_xiaomi_default, property, touchreport) -unix_socket_connect(hal_touchfeature_xiaomi_default, property, tpevent) -set_prop(hal_touchfeature_xiaomi_default, vendor_touchfeature_prop) -set_prop(hal_touchfeature_xiaomi_default, vendor_touch_hostprocess_prop) -vndbinder_use(hal_touchfeature_xiaomi) -hal_server_domain(hal_touchfeature_xiaomi_default, hal_touchfeature_xiaomi) -add_hwservice(hal_touchfeature_xiaomi_server, hal_touchfeature_xiaomi_hwservice) diff --git a/sepolicy/vendor/hal_vibrator_default.te b/sepolicy/vendor/hal_vibrator_default.te deleted file mode 100644 index 31469f4..0000000 --- a/sepolicy/vendor/hal_vibrator_default.te +++ /dev/null @@ -1 +0,0 @@ -allow hal_vibrator_default sysfs:file { open read write }; diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te deleted file mode 100644 index 3ef95d3..0000000 --- a/sepolicy/vendor/hwservice.te +++ /dev/null @@ -1,2 +0,0 @@ -# Dolby -type hal_dms_hwservice, hwservice_manager_type; diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts index a763146..f6a06da 100644 --- a/sepolicy/vendor/hwservice_contexts +++ b/sepolicy/vendor/hwservice_contexts @@ -1,9 +1,3 @@ -# Displayfeature -vendor.xiaomi.hardware.displayfeature::IDisplayFeature u:object_r:vendor_hal_displayfeature_xiaomi_hwservice:s0 - -# Dolby -vendor.dolby.hardware.dms::IDms u:object_r:hal_dms_hwservice:s0 - # Fingerprint com.fingerprints.extension::IFingerprintNavigation u:object_r:hal_fingerprint_hwservice:s0 com.fingerprints.extension::IFingerprintSensorTest u:object_r:hal_fingerprint_hwservice:s0 @@ -16,7 +10,4 @@ vendor.xiaomi.hardware.fingerprintextension::IXiaomiFingerprint u: vendor.xiaomi.hardware.fx.tunnel::IMiFxTunnel u:object_r:hal_fingerprint_hwservice:s0 # Mlipay -vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0 - -# Touchfeature -vendor.xiaomi.hw.touchfeature::ITouchFeature u:object_r:hal_touchfeature_xiaomi_hwservice:s0 +vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0 \ No newline at end of file diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te index 5ad5355..13fe37c 100644 --- a/sepolicy/vendor/init.te +++ b/sepolicy/vendor/init.te @@ -1,14 +1,3 @@ allow init debugfs_tracing_debug:dir mounton; allow init proc:file { setattr }; -allow init hal_fingerprint_default:process ptrace; - -# last_kmsg -allow init proc_last_kmsg:file r_file_perms; -allow init proc_last_kmsg:file setattr; - -# Touchfeature -allow init tpevent_exec:file { execute getattr open read }; -allow init tpevent:process { rlimitinh siginh transition }; -allow init touchreport_exec:file { execute getattr open read }; -allow init touchreport:process { rlimitinh siginh transition }; -set_prop(vendor_init, vendor_touchfeature_prop) +allow init hal_fingerprint_default:process ptrace; \ No newline at end of file diff --git a/sepolicy/vendor/mediacodec.te b/sepolicy/vendor/mediacodec.te deleted file mode 100644 index bf336c1..0000000 --- a/sepolicy/vendor/mediacodec.te +++ /dev/null @@ -1,2 +0,0 @@ -allow mediacodec hal_dms_hwservice:hwservice_manager find; -binder_call(mediacodec, hal_dms_default) diff --git a/sepolicy/vendor/mi_thermald.te b/sepolicy/vendor/mi_thermald.te deleted file mode 100644 index e857bcc..0000000 --- a/sepolicy/vendor/mi_thermald.te +++ /dev/null @@ -1,28 +0,0 @@ -type mi_thermald, domain, mlstrustedsubject; -type mi_thermald_exec, exec_type, vendor_file_type, file_type; -allow mi_thermald sysfs_devices_system_cpu:file rw_file_perms; -allow mi_thermald self:capability { fsetid sys_boot }; -allow mi_thermald sysfs_thermal:file w_file_perms; -allow mi_thermald sysfs:file w_file_perms; -allow mi_thermald vendor_sysfs_kgsl:dir r_dir_perms; -allow mi_thermald vendor_sysfs_kgsl:file rw_file_perms; -allow mi_thermald vendor_sysfs_kgsl:lnk_file r_file_perms; -allow mi_thermald vendor_sysfs_battery_supply:dir r_dir_perms; -allow mi_thermald vendor_sysfs_battery_supply:file rw_file_perms; -allow mi_thermald vendor_sysfs_battery_supply:lnk_file r_file_perms; -allow mi_thermald vendor_sysfs_qcom_battery:file rw_file_perms; -allow mi_thermald vendor_sysfs_graphics:dir r_dir_perms; -allow mi_thermald vendor_sysfs_graphics:file rw_file_perms; -allow mi_thermald vendor_sysfs_graphics:lnk_file r_file_perms; -allow mi_thermald thermal_data_file:dir { add_name read remove_name search watch write }; -allow mi_thermald thermal_data_file:file { create getattr open read rename setattr unlink write }; -allow mi_thermald mi_thermald:capability { chown fowner }; -allow mi_thermald mi_thermald:capability2 { block_suspend wake_alarm }; -allow mi_thermald vendor_data_file:dir { add_name read remove_name watch write }; -allow mi_thermald vendor_data_file:file { create getattr open read rename setattr unlink write }; -init_daemon_domain(mi_thermald) -r_dir_file(mi_thermald, sysfs_thermal) -r_dir_file(mi_thermald, sysfs) -r_dir_file(mi_thermald, sysfs_leds) -r_dir_file(mi_thermald, vendor_sysfs_qcom_battery) -set_prop(mi_thermald, vendor_thermal_normal_prop) diff --git a/sepolicy/vendor/platform_app.te b/sepolicy/vendor/platform_app.te index a10392c..e14f1ea 100644 --- a/sepolicy/vendor/platform_app.te +++ b/sepolicy/vendor/platform_app.te @@ -1,5 +1,2 @@ allow platform_app hal_dms_hwservice:hwservice_manager find; -binder_call(platform_app, hal_dms_default) - -# Touchfeature -allow platform_app hal_touchfeature_xiaomi_hwservice:hwservice_manager find; +binder_call(platform_app, hal_dms_default) \ No newline at end of file diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te index dd71d5c..f704734 100644 --- a/sepolicy/vendor/property.te +++ b/sepolicy/vendor/property.te @@ -1,29 +1,14 @@ -# Camera -vendor_public_prop(vendor_camera_sensor_prop) - # Device ID vendor_public_prop(vendor_deviceid_prop) vendor_public_prop(vendor_sno_prop) vendor_public_prop(vendor_cpuid_prop) # Display -vendor_public_prop(vendor_displayfeature_prop) vendor_internal_prop(vendor_ctl_vendor_display_prop) # Fingerprint vendor_restricted_prop(vendor_fp_info_prop) vendor_public_prop(vendor_fp_prop) -# Mlipay -vendor_public_prop(vendor_payment_security_prop) - -# Thermal -vendor_public_prop(vendor_thermal_normal_prop) - -# Touchfeature -vendor_public_prop(vendor_panel_info_prop) -vendor_restricted_prop(vendor_touchfeature_prop) -vendor_restricted_prop(vendor_touch_hostprocess_prop) - # WiFi vendor_public_prop(vendor_wifimac_prop) diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index dbd9473..54a42b2 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -1,39 +1,5 @@ -# Camera -vendor.camera.sensor. u:object_r:vendor_camera_sensor_prop:s0 - -# Device ID -persist.vendor.radio.imei u:object_r:vendor_deviceid_prop:s0 -persist.vendor.radio.meid u:object_r:vendor_deviceid_prop:s0 -ro.vendor.oem.imei u:object_r:vendor_deviceid_prop:s0 -ro.vendor.oem.meid u:object_r:vendor_deviceid_prop:s0 -ro.vendor.oem.psno u:object_r:vendor_sno_prop:s0 -ro.vendor.oem.sno u:object_r:vendor_sno_prop:s0 - # Display -ro.vendor.eyecare.threshold u:object_r:vendor_displayfeature_prop:s0 -ro.vendor.eyecare.level u:object_r:vendor_displayfeature_prop:s0 -ro.vendor.hist.threshold u:object_r:vendor_displayfeature_prop:s0 -ro.vendor.histogram.enable u:object_r:vendor_displayfeature_prop:s0 -ro.vendor.whitepoint_calibration_enable u:object_r:vendor_displayfeature_prop:s0 -ro.vendor.df.effect.conflict u:object_r:vendor_displayfeature_prop:s0 -persist.vendor.df.extcolor.proc u:object_r:vendor_displayfeature_prop:s0 -vendor.displayfeature.entry.enable u:object_r:vendor_displayfeature_prop:s0 -persist.vendor.df.color.temp u:object_r:vendor_displayfeature_prop:s0 -ro.vendor.colorpick_adjust u:object_r:vendor_displayfeature_prop:s0 -ro.vendor.all_modes.colorpick_adjust u:object_r:vendor_displayfeature_prop:s0 -ro.vendor.display.type u:object_r:vendor_displayfeature_prop:s0 -ro.vendor.xiaomi.bl.poll u:object_r:vendor_displayfeature_prop:s0 -persist.vendor.dc_backlight.threshold u:object_r:vendor_displayfeature_prop:s0 -persist.vendor.dc_backlight.enable u:object_r:vendor_displayfeature_prop:s0 -persist.vendor.dfps.level u:object_r:vendor_displayfeature_prop:s0 -persist.vendor.power.dfps.level u:object_r:vendor_displayfeature_prop:s0 -ro.vendor.cabc.enable u:object_r:vendor_displayfeature_prop:s0 -ro.vendor.bcbc.enable u:object_r:vendor_displayfeature_prop:s0 -ro.vendor.dfps.enable u:object_r:vendor_displayfeature_prop:s0 ro.vendor.smart_dfps.enable u:object_r:vendor_displayfeature_prop:s0 -ro.vendor.display.default_fps u:object_r:vendor_displayfeature_prop:s0 -vendor.hbm.enable u:object_r:vendor_displayfeature_prop:s0 -persist.vendor.max.brightness u:object_r:vendor_displayfeature_prop:s0 # Fingerprint persist.vendor.fpc. u:object_r:vendor_fp_prop:s0 @@ -48,24 +14,10 @@ vendor.panel.display. u:object_r:vendor_fp_prop:s0 vendor.sys.fp. u:object_r:vendor_fp_prop:s0 # Mlipay -persist.vendor.sys.pay. u:object_r:vendor_payment_security_prop:s0 persist.vendor.sys.provision.status u:object_r:vendor_payment_security_prop:s0 vendor.sys.feature_state u:object_r:vendor_payment_security_prop:s0 vendor.sys.rpmb_state u:object_r:vendor_payment_security_prop:s0 -# NFC -persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0 - # Radio ro.vendor.ril.svlte1x u:object_r:vendor_radio_prop:s0 -ro.vendor.ril.svdo u:object_r:vendor_radio_prop:s0 - -# Thermal -vendor.sys.thermal.data.path u:object_r:vendor_thermal_normal_prop:s0 - -# Touchfeature -persist.vendor.hostprocess.waterproof u:object_r:vendor_touch_hostprocess_prop:s0 -persist.vendor.touchfeature. u:object_r:vendor_touchfeature_prop:s0 -ro.vendor.touchfeature.type u:object_r:vendor_touchfeature_prop:s0 -vendor.panel. u:object_r:vendor_panel_info_prop:s0 -vendor.touchfeature. u:object_r:vendor_touchfeature_prop:s0 +ro.vendor.ril.svdo u:object_r:vendor_radio_prop:s0 \ No newline at end of file diff --git a/sepolicy/vendor/stflashtool.te b/sepolicy/vendor/stflashtool.te deleted file mode 100644 index a5feae0..0000000 --- a/sepolicy/vendor/stflashtool.te +++ /dev/null @@ -1,10 +0,0 @@ -type stflashtool, domain; -type stflashtool_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(stflashtool) - -allow stflashtool nfc_device:chr_file {ioctl read write getattr lock append map open watch watch_reads}; - -get_prop(stflashtool, vendor_radio_prop) -get_prop(stflashtool, vendor_nfc_prop) -set_prop(stflashtool, vendor_nfc_prop) diff --git a/sepolicy/vendor/surfaceflinger.te b/sepolicy/vendor/surfaceflinger.te deleted file mode 100644 index c67f0f6..0000000 --- a/sepolicy/vendor/surfaceflinger.te +++ /dev/null @@ -1,9 +0,0 @@ -allow surfaceflinger sysfs_touch_hostprocess:dir r_dir_perms; -allow surfaceflinger sysfs_touch_hostprocess:file rw_file_perms; -allow surfaceflinger hal_touchfeature_xiaomi_hwservice:hwservice_manager find; -allow surfaceflinger hal_touchfeature_xiaomi_default:binder { call transfer }; -allow surfaceflinger hal_touchfeature_xiaomi_default:fd *; -allow surfaceflinger vendor_sysfs_displayfeature:dir r_dir_perms; -allow surfaceflinger vendor_sysfs_displayfeature:file rw_file_perms; -allow surfaceflinger vendor_displayfeature_device:chr_file { ioctl open read write }; -allow surfaceflinger vendor_sysfs_graphics:dir { open read search }; diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te index a3ba302..5d9b137 100644 --- a/sepolicy/vendor/system_app.te +++ b/sepolicy/vendor/system_app.te @@ -2,12 +2,6 @@ allow system_app proc_pagetypeinfo:file { read open getattr }; allow system_app sysfs_zram:dir r_dir_perms; allow system_app sysfs_zram:file r_file_perms; -# Touchfeature -allow system_app touchfeature_device:chr_file rw_file_perms; -allow system_app touchfeature_device:file { getattr map read }; -get_prop(system_app, vendor_touchfeature_prop) -hal_client_domain(system_app, hal_touchfeature_xiaomi) - binder_call(system_app, hal_audio_default) binder_call(system_app, hal_health_default) binder_call(system_app, hal_ir_default) diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te index 4494ea1..02c2cc3 100644 --- a/sepolicy/vendor/system_server.te +++ b/sepolicy/vendor/system_server.te @@ -1,17 +1,5 @@ # Displayfeature allow system_server vendor_hal_displayfeature_xiaomi_default:binder { call transfer }; -# last_kmsg -allow system_server proc_last_kmsg:file r_file_perms; - # OEM Fastcharge -allow system_server sysfs_wakeup:file r_file_perms; -allow system_server vendor_sysfs_battery_supply:file r_file_perms; - -# Touchfeature -allow system_server hal_touchfeature_xiaomi_default:process signal; -allow system_server sysfs_touch_hostprocess:file rw_file_perms; -allow system_server touchfeature_device:chr_file rw_file_perms; -allow system_server touchfeature_device:file { getattr map read }; -get_prop(system_server, vendor_touchfeature_prop) -hal_client_domain(system_server, hal_touchfeature_xiaomi) +allow system_server vendor_sysfs_battery_supply:file r_file_perms; \ No newline at end of file diff --git a/sepolicy/vendor/touch_init_shell.te b/sepolicy/vendor/touch_init_shell.te deleted file mode 100644 index 41c655a..0000000 --- a/sepolicy/vendor/touch_init_shell.te +++ /dev/null @@ -1,10 +0,0 @@ -type vendor_touch_init_shell, domain; -type vendor_touch_init_shell_exec, exec_type, file_type, vendor_file_type; - -allow vendor_touch_init_shell vendor_touch_init_shell_exec:file { entrypoint rx_file_perms }; -allow vendor_touch_init_shell vendor_shell_exec:file { entrypoint rx_file_perms }; -allow vendor_touch_init_shell vendor_toolbox_exec:file rx_file_perms; -allow vendor_touch_init_shell sysfs:file r_file_perms; -init_daemon_domain(vendor_touch_init_shell) -set_prop(vendor_touch_init_shell, vendor_panel_info_prop) -set_prop(vendor_touch_init_shell, vendor_touchfeature_prop) diff --git a/sepolicy/vendor/touchreport.te b/sepolicy/vendor/touchreport.te deleted file mode 100644 index 64d3fd3..0000000 --- a/sepolicy/vendor/touchreport.te +++ /dev/null @@ -1,28 +0,0 @@ -allow touchreport touchreport_exec:file entrypoint; -allow touchreport touchfeature_device:chr_file rw_file_perms; -allow touchreport touchfeature_device:file { getattr map read }; -allow touchreport uhid_device:chr_file rw_file_perms; -allow touchreport sysfs_touch_hostprocess:file { open read write }; -allow touchreport sysfs_touch_hostprocess:file rw_file_perms; -allow touchreport sysfs_tp_virtual_prox:file { open read write }; -allow touchreport sysfs_tp_virtual_prox:file rw_file_perms; -allow touchreport sysfs_touch_suspend:file { open read write }; -allow touchreport sysfs_touch_suspend:file rw_file_perms; -allow touchreport input_device:chr_file rw_file_perms; -allow touchreport input_device:dir r_dir_perms; -allow touchreport proc_tp_file:file { open read write }; -allow touchreport proc_tp_lockdown:file { open read write }; -allow touchreport touchreport_data_file:file { open read }; -allow touchreport touchreport_data_file:dir rw_dir_perms; -allow touchreport vendor_data_touchreport_file:dir { add_name read remove_name search watch write }; -allow touchreport vendor_data_touchreport_file:file { create getattr open read rename setattr unlink write }; -#allow touchreport vendor_bsp_data_log_file:file create_file_perms; -#allow touchreport vendor_bsp_data_log_file:dir create_dir_perms; -allow touchreport self:capability sys_nice; -allow touchreport self:cap_userns sys_nice; -allow touchreport self:tcp_socket { create getattr getopt read setopt write }; -allow touchreport self:udp_socket { create getattr getopt read setopt write }; -init_daemon_domain(touchreport) -set_prop(touchreport, vendor_touch_hostprocess_prop) -type touchreport, domain; -type touchreport_exec, exec_type, file_type, vendor_file_type; diff --git a/sepolicy/vendor/tpevent.te b/sepolicy/vendor/tpevent.te deleted file mode 100644 index 4cf96b6..0000000 --- a/sepolicy/vendor/tpevent.te +++ /dev/null @@ -1,10 +0,0 @@ -allow tpevent tpevent_exec:file entrypoint; -allow tpevent input_device:chr_file rw_file_perms; -allow tpevent input_device:dir r_dir_perms; -allow tpevent sysfs_touch_suspend:file rw_file_perms; -allow tpevent sysfs_touch_hostprocess:file rw_file_perms; -allow tpevent proc_interrupts:file r_file_perms; -allow tpevent proc_tp_lockdown:file r_file_perms; -init_daemon_domain(tpevent) -type tpevent, domain; -type tpevent_exec, exec_type, file_type, vendor_file_type; diff --git a/sepolicy/vendor/vendor_hal_perf_default.te b/sepolicy/vendor/vendor_hal_perf_default.te deleted file mode 100644 index 978fc6d..0000000 --- a/sepolicy/vendor/vendor_hal_perf_default.te +++ /dev/null @@ -1,14 +0,0 @@ -allow vendor_hal_perf_default hal_audio_default:dir r_dir_perms; -allow vendor_hal_perf_default hal_audio_default:file r_file_perms; -allow vendor_hal_perf_default hal_fingerprint_default:dir r_dir_perms; -allow vendor_hal_perf_default hal_fingerprint_default:file r_file_perms; -allow vendor_hal_perf_default hal_camera_default:dir r_dir_perms; -allow vendor_hal_perf_default hal_camera_default:file { read open }; -allow vendor_hal_perf_default hal_graphics_composer_default:dir r_dir_perms; -allow vendor_hal_perf_default hal_graphics_composer_default:file r_file_perms; -allow vendor_hal_perf_default surfaceflinger:dir r_dir_perms; -allow vendor_hal_perf_default surfaceflinger:file r_file_perms; -allow vendor_hal_perf_default surfaceflinger:process setsched; -allow vendor_hal_perf_default sysfs:file r_file_perms; - -r_dir_file(vendor_hal_perf_default, system_server) diff --git a/sepolicy/vendor/hvdcp.te b/sepolicy/vendor/vendor_hvdcp.te similarity index 80% rename from sepolicy/vendor/hvdcp.te rename to sepolicy/vendor/vendor_hvdcp.te index d37946b..b989c73 100644 --- a/sepolicy/vendor/hvdcp.te +++ b/sepolicy/vendor/vendor_hvdcp.te @@ -1,4 +1,5 @@ -r_dir_file(vendor_hvdcp, vendor_sysfs_battery_supply) -rw_dir_file(vendor_hvdcp, sysfs) allow vendor_hvdcp sysfs_batteryinfo:dir search; +r_dir_file(vendor_hvdcp, vendor_sysfs_battery_supply) +r_dir_file(vendor_hvdcp, vendor_sysfs_iio) +rw_dir_file(vendor_hvdcp, sysfs) set_prop(vendor_hvdcp, ctl_stop_prop) diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index 39c24d8..07c8978 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -1,4 +1,3 @@ -allow vendor_init block_device:lnk_file { setattr }; allow vendor_init cgroup:file getattr; allow vendor_init hwservicemanager:binder { transfer }; allow vendor_init tee_device:chr_file { ioctl }; @@ -13,6 +12,3 @@ allow vendor_init vendor_qce_device:chr_file rw_file_perms; set_prop(vendor_init, vendor_fp_prop) set_prop(vendor_init, vendor_fp_info_prop) -set_prop(vendor_init, vendor_nfc_prop) -set_prop(vendor_init, vendor_thermal_normal_prop) -set_prop(vendor_init, vendor_displayfeature_prop) diff --git a/sepolicy/vendor/vendor_modprobe.te b/sepolicy/vendor/vendor_modprobe.te index 98f6b2e..15ef798 100644 --- a/sepolicy/vendor/vendor_modprobe.te +++ b/sepolicy/vendor/vendor_modprobe.te @@ -1,4 +1,3 @@ -allow vendor_modprobe block_device:dir search; allow vendor_modprobe self:capability sys_module; allow vendor_modprobe self:cap_userns sys_module; allow vendor_modprobe vendor_file:system module_load; diff --git a/sepolicy/vendor/vendor_qti_init_shell.te b/sepolicy/vendor/vendor_qti_init_shell.te index 9b07745..a6345b1 100644 --- a/sepolicy/vendor/vendor_qti_init_shell.te +++ b/sepolicy/vendor/vendor_qti_init_shell.te @@ -4,8 +4,6 @@ allow vendor_qti_init_shell configfs:dir setattr; # END allow vendor_qti_init_shell device:dir r_dir_perms; allow vendor_qti_init_shell sysfs:file { write }; -allow vendor_qti_init_shell sysfs_dm:file rw_file_perms; -allow vendor_qti_init_shell sysfs_dm:dir r_dir_perms; allow vendor_qti_init_shell vendor_sysfs_msm_perf:file w_file_perms; allow vendor_qti_init_shell vendor_qti_init_shell:lockdown { integrity }; allow vendor_qti_init_shell vendor_sysfs_qdss_dev:file { setattr write }; diff --git a/sepolicy/vendor/vndservice_contexts b/sepolicy/vendor/vndservice_contexts deleted file mode 100644 index d80dbf1..0000000 --- a/sepolicy/vendor/vndservice_contexts +++ /dev/null @@ -1,2 +0,0 @@ -display.mistcservice u:object_r:vendor_mistcdisplay_service:s0 -DisplayFeatureControl u:object_r:vendor_DisplayFeatureControl_service:s0