From 01639ef896d08cac6057e2fe9625d0c97e3cff81 Mon Sep 17 00:00:00 2001 From: me-cafebabe Date: Sat, 11 Mar 2023 04:31:16 +0800 Subject: [PATCH] sdm710-common: Import full CACert stack * Used by xtra-daemon * Nothing uses 32-bit libjnihelper.so which belongs to CACert stack, remove it * Fix the denials while we're at it Test: 1. Download and open "GPS Test" app 2. Perform Menu > AGPS > Clear and update 3. Confirm there's no error about getting cacert service on logcat Change-Id: Iace09f6d7a05e0a2ae8ef8048a19a391f537237e --- proprietary-files.txt | 9 ++++++--- sepolicy/vendor/location.te | 1 + sepolicy/vendor/qtidataservices_app.te | 1 + 3 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 sepolicy/vendor/location.te create mode 100644 sepolicy/vendor/qtidataservices_app.te diff --git a/proprietary-files.txt b/proprietary-files.txt index 32a6361..9ae6433 100644 --- a/proprietary-files.txt +++ b/proprietary-files.txt @@ -45,6 +45,12 @@ vendor/lib/vendor.qti.hardware.bluetooth_sar@1.1.so vendor/lib64/vendor.qti.hardware.bluetooth_sar@1.0.so vendor/lib64/vendor.qti.hardware.bluetooth_sar@1.1.so +# CACert +-vendor/app/CACertService/CACertService.apk +vendor/lib64/libcacertclient.so +vendor/lib64/libjnihelper.so +vendor/lib64/vendor.qti.hardware.cacert@1.0.so + # CDSP vendor/bin/cdsprpcd vendor/etc/init/vendor.qti.cdsprpc-service.rc @@ -310,7 +316,6 @@ vendor/lib64/hw/android.hardware.gnss@2.1-impl-qti.so vendor/lib64/hw/vendor.qti.gnss@4.0-impl.so vendor/lib64/libaoa.so vendor/lib64/libbatching.so -vendor/lib64/libcacertclient.so vendor/lib64/libcdfw.so vendor/lib64/libcdfw_remote_api.so vendor/lib64/libdataitems.so @@ -321,7 +326,6 @@ vendor/lib64/libgnsspps.so vendor/lib64/libgps.utils.so vendor/lib64/libizat_client_api.so vendor/lib64/libizat_core.so -vendor/lib64/libjnihelper.so vendor/lib64/liblbs_core.so vendor/lib64/libloc_api_v02.so vendor/lib64/libloc_core.so @@ -450,7 +454,6 @@ vendor/lib/libgcs-calwrapper.so vendor/lib/libgcs-ipc.so vendor/lib/libgcs-osal.so vendor/lib/libgcs.so -vendor/lib/libjnihelper.so vendor/lib/liblistensoundmodel2.so vendor/lib/libmulawdec.so vendor/lib/librice.so diff --git a/sepolicy/vendor/location.te b/sepolicy/vendor/location.te new file mode 100644 index 0000000..93a2caf --- /dev/null +++ b/sepolicy/vendor/location.te @@ -0,0 +1 @@ +allow location hal_cacert_hwservice:hwservice_manager find; diff --git a/sepolicy/vendor/qtidataservices_app.te b/sepolicy/vendor/qtidataservices_app.te new file mode 100644 index 0000000..32b7fa8 --- /dev/null +++ b/sepolicy/vendor/qtidataservices_app.te @@ -0,0 +1 @@ +allow qtidataservices_app qtidataservices_app:socket { create read write }; # { ioctl } hits neverallow