Evolution-x-devices/device_xiaomi_sdm710-common
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_xiaomi_sdm710-common synced 2026-01-27 19:13:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

sdm710-common: Initial sepolicy

Browse Source 
* From sdm845-common, cleaned up using sm8250-common one as reference

Change-Id: I9094d8593fba89c96cb2be3ee8a996b5cf4d3969
This commit is contained in:
Sebastiano Barezzi
2022-05-16 12:49:06 +02:00
parent 1d535e45f1
commit 9cb034dc4e
46 changed files with 521 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
BoardConfigCommon.mk
View File

@@ -117,6 +117,10 @@ VENDOR_SECURITY_PATCH := 2021-04-01
# Sepolicy
include device/qcom/sepolicy_vndr/SEPolicy.mk
SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/private
SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/public
BOARD_VENDOR_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor
BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE := true
# Verified Boot
BOARD_AVB_ENABLE := true

21
sepolicy/private/devicesettings_app.te Normal file
View File

@@ -0,0 +1,21 @@
type devicesettings_app, domain;
typeattribute devicesettings_app mlstrustedsubject;
app_domain(devicesettings_app)
# Access standard system services
allow devicesettings_app app_api_service:service_manager find;
allow devicesettings_app audioserver_service:service_manager find;
# Allow reading and writing shared prefs
allow devicesettings_app system_app_data_file:dir create_dir_perms;
allow devicesettings_app system_app_data_file:{ file lnk_file } create_file_perms;
# Allow binder communication with gpuservice
binder_call(devicesettings_app, gpuservice)
# Allow XiaomiParts to read and write to cgroup
allow devicesettings_app cgroup:file rw_file_perms;
# Allow XiaomiParts to write to sysfs_thermal
allow devicesettings_app sysfs_thermal:file w_file_perms;

12
sepolicy/private/property_contexts Normal file
View File

@@ -0,0 +1,12 @@
# IMEI
persist.radio.imei u:object_r:deviceid_prop:s0
persist.radio.meid u:object_r:deviceid_prop:s0
ro.ril.miui.imei u:object_r:deviceid_prop:s0
ro.ril.oem.imei u:object_r:deviceid_prop:s0
ro.ril.oem.meid u:object_r:deviceid_prop:s0
# MIUI specific
ro.cust.test u:object_r:exported_system_prop:s0
ro.boot.hwc u:object_r:exported_default_prop:s0
ro.product.mod_device u:object_r:build_prop:s0
ro.miui. u:object_r:exported_system_prop:s0

1
sepolicy/private/seapp_contexts Normal file
View File

@@ -0,0 +1 @@
user=system seinfo=platform name=org.lineageos.settings domain=devicesettings_app type=system_app_data_file

1
sepolicy/private/system_app.te Normal file
View File

@@ -0,0 +1 @@
hal_client_domain(system_app, hal_mlipay)

1
sepolicy/public/attributes Normal file
View File

@@ -0,0 +1 @@
hal_attribute_lineage(mlipay)

1
sepolicy/public/property.te Normal file
View File

@@ -0,0 +1 @@
vendor_public_prop(deviceid_prop)

2
sepolicy/vendor/app.te vendored Normal file
View File

@@ -0,0 +1,2 @@
get_prop({ appdomain -isolated_app }, vendor_fp_prop)
get_prop({ appdomain -isolated_app }, vendor_tee_listener_prop)

1
sepolicy/vendor/appdomain.te vendored Normal file
View File

@@ -0,0 +1 @@
get_prop(appdomain, camera_prop)

7
sepolicy/vendor/device.te vendored Normal file
View File

@@ -0,0 +1,7 @@
type fingerprint_device, dev_type;
type gps_device, dev_type;
type lirc_device, dev_type;
type ultrasound_device, dev_type;

35
sepolicy/vendor/file.te vendored Normal file
View File

@@ -0,0 +1,35 @@
type audio_socket, file_type;
type debugfs_sched_features, debugfs_type, fs_type;
type debugfs_wlan, debugfs_type, fs_type;
type fingerprint_data_file, data_file_type, file_type;
type gps_data_file, data_file_type, file_type;
type gps_socket, file_type;
type persist_audio_file, file_type, vendor_persist_type;
type persist_camera_file, file_type, vendor_persist_type;
type proc_sysctl_autogroup, proc_type, fs_type;
type proc_sysctl_schedboost, proc_type, fs_type;
type proc_tp, proc_type, fs_type;
type sysfs_fingerprint, sysfs_type, fs_type;
type sysfs_gps, sysfs_type, fs_type;
type sysfs_msm_subsys, sysfs_type, fs_type;
type sysfs_rpm, sysfs_type, fs_type;
type sysfs_system_sleep_stats, sysfs_type, fs_type;
type sysfs_touchpanel, sysfs_type, fs_type;
type thermal_data_file, data_file_type, file_type;

82
sepolicy/vendor/file_contexts vendored Normal file
View File

@@ -0,0 +1,82 @@
# Audio
/dev/socket/audio_hw_socket u:object_r:audio_socket:s0
/mnt/vendor/persist/audio(/.*)? u:object_r:persist_audio_file:s0
# Camera
/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0
/vendor/bin/remosaic_daemon u:object_r:remosaic_daemon_exec:s0
# Display
/sys/devices/platform/soc/[a-z0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/disp_param u:object_r:sysfs_graphics:s0
/sys/devices/platform/soc/[a-z0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/dynamic_fps u:object_r:sysfs_graphics:s0
/sys/devices/platform/soc/[a-z0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/hbm_status u:object_r:sysfs_graphics:s0
/sys/devices/platform/soc/[a-z0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/panel_info u:object_r:sysfs_graphics:s0
/sys/devices/platform/soc/[a-z0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/smart_fps_value u:object_r:sysfs_graphics:s0
# Fingerprint
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.xiaomi u:object_r:hal_fingerprint_default_exec:s0
# Fingerprint data
/data/gf_data(/.*)? u:object_r:fingerprint_data_file:s0
/data/vendor/fpc(/.*)? u:object_r:fingerprint_data_file:s0
/data/vendor/fpdump(/.*)? u:object_r:fingerprint_data_file:s0
/data/vendor/goodix(/.*)? u:object_r:fingerprint_data_file:s0
/data/vendor/syna(/.*)? u:object_r:fingerprint_data_file:s0
# Fingerprint devices
/dev/goodix_fp u:object_r:fingerprint_device:s0
/dev/vfsspi u:object_r:fingerprint_device:s0
# GPS
/vendor/bin/glgps u:object_r:glgps_exec:s0
/vendor/bin/ignss_2_0 u:object_r:hal_gnss_default_exec:s0
/vendor/bin/lhd u:object_r:lhd_exec:s0
# GPS data
/data/vendor/gps(/.*)? u:object_r:gps_data_file:s0
# GPS devices
/dev/bbd_control u:object_r:gps_device:s0
/dev/bbd_patch u:object_r:gps_device:s0
/dev/bbd_sensor u:object_r:gps_device:s0
/dev/ttyBCM u:object_r:gps_device:s0
# GPS nodes
/dev/socket/gps u:object_r:gps_socket:s0
/sys/devices/platform/soc/[0-9]+\.spi/spi_master/spi[0-9]+/spi[0-9]+\.0/nstandby u:object_r:sysfs_gps:s0
# IR
/vendor/bin/hw/android\.hardware\.ir@1\.0-service\.xiaomi u:object_r:hal_ir_default_exec:s0
# IR devices
/dev/ir_spi u:object_r:lirc_device:s0
/dev/lirc[0-9] u:object_r:lirc_device:s0
/dev/spidev[0-9]\.1 u:object_r:lirc_device:s0
# LED
/sys/devices/platform/soc/[a-z0-9]+.qcom,spmi/spmi-[0-1]/spmi0-0[0-9]/[a-z0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,leds@d000/leds(/.*)? u:object_r:sysfs_leds:s0
/sys/devices/platform/soc/[a-z0-9]+.i2c/i2c-[0-9]/[0-9]-[a-z0-9]+/leds(/.*)? u:object_r:sysfs_leds:s0
# Lights
/vendor/bin/hw/android\.hardware\.light-service\.xiaomi u:object_r:hal_light_default_exec:s0
# Mlipay
/vendor/bin/mlipayd@1\.1 u:object_r:hal_mlipay_default_exec:s0
# Neural-networks
/vendor/bin/hw/android\.hardware\.neuralnetworks@1\.2-service-qti u:object_r:hal_neuralnetworks_default_exec:s0
# Power
/vendor/bin/hw/android\.hardware\.power-service\.xiaomi-libperfmgr u:object_r:hal_power_default_exec:s0
# Thermal
/data/vendor/thermal(/.*)? u:object_r:thermal_data_file:s0
/vendor/bin/mi_thermald u:object_r:mi_thermald_exec:s0
# Ultrasound devices
/dev/elliptic(.*)? u:object_r:ultrasound_device:s0
/dev/mius(.*)? u:object_r:ultrasound_device:s0
# WiFi
/data/vendor/mac_addr(/.*)? u:object_r:wifi_vendor_data_file:s0
/vendor/bin/nv_mac u:object_r:wcnss_service_exec:s0

55
sepolicy/vendor/genfs_contexts vendored Normal file
View File

@@ -0,0 +1,55 @@
# Display
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/idle_state u:object_r:sysfs_graphics:s0
genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display u:object_r:sysfs_graphics:s0
# Fingerprint
genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/device_prepare u:object_r:sysfs_fingerprint:s0
genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/fingerdown_wait u:object_r:sysfs_fingerprint:s0
genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/irq u:object_r:sysfs_fingerprint:s0
genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/wakeup_enable u:object_r:sysfs_fingerprint:s0
genfscon sysfs /devices/platform/soc/soc:fingerprint_goodix/proximity_state u:object_r:sysfs_fingerprint:s0
# FOD
genfscon sysfs /devices/virtual/touch/tp_dev/fod_status u:object_r:sysfs_fingerprint:s0
# Health
genfscon sysfs /class/power_supply/battery/capacity u:object_r:sysfs_battery_supply:s0
genfscon sysfs /devices/platform/soc/884000.i2c/i2c-3/3-0066/power_supply/bq2597x-standalone u:object_r:sysfs_battery_supply:s0
genfscon sysfs /devices/platform/soc/884000.i2c/i2c-5/5-0066/power_supply/bq2597x-standalone u:object_r:sysfs_battery_supply:s0
genfscon sysfs /devices/platform/soc/890000.i2c/i2c-0/0-0066/power_supply/bq2597x-standalone u:object_r:sysfs_battery_supply:s0
genfscon sysfs /devices/platform/soc/a88000.i2c/i2c-0/0-004b/power_supply/parallel u:object_r:sysfs_battery_supply:s0
genfscon sysfs /devices/platform/soc/a88000.i2c/i2c-0/0-0061/power_supply/idt u:object_r:sysfs_battery_supply:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/wireless u:object_r:sysfs_battery_supply:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/wireless u:object_r:sysfs_battery_supply:s0
genfscon sysfs /devices/platform/soc/soc:maxim_ds28e16/power_supply/batt_verify u:object_r:sysfs_battery_supply:s0
# LED
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,leds@d300/leds/flashlight/brightness u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,leds@d300/leds/led:torch_0/brightness u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,leds@d300/leds/led:torch_1/brightness u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,leds@d300/leds/led:switch_0/brightness u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,leds@d300/leds/led:switch_1/brightness u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-03/c440000.qcom,spmi:qcom,pmi8998@3:qcom,leds@d000/leds/white u:object_r:sysfs_leds:s0
# Power
genfscon debugfs /sched_features u:object_r:debugfs_sched_features:s0
genfscon proc /sys/kernel/sched_autogroup_enabled u:object_r:proc_sysctl_autogroup:s0
genfscon proc /sys/kernel/sched_boost u:object_r:proc_sysctl_schedboost:s0
genfscon sysfs /power/rpmh_stats/master_stats u:object_r:sysfs_rpm:s0
genfscon sysfs /power/system_sleep/stats u:object_r:sysfs_system_sleep_stats:s0
# Subsystem
genfscon sysfs /devices/platform/soc/soc:qcom,cpubw u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /devices/platform/soc/soc:qcom,gpubw u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu0 u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu4 u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /devices/platform/soc/soc:qcom,llccbw u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /devices/platform/soc/soc:qcom,mincpubw u:object_r:sysfs_msm_subsys:s0
# Touchscreen
genfscon proc /tp_fw_version u:object_r:proc_tp:s0
genfscon proc /tp_lockdown_info u:object_r:proc_tp:s0
genfscon sysfs /touchpanel u:object_r:sysfs_touchpanel:s0
# Wi-Fi
genfscon debugfs /wlan0 u:object_r:debugfs_wlan:s0

24
sepolicy/vendor/glgps.te vendored Normal file
View File

@@ -0,0 +1,24 @@
type glgps, domain;
type glgps_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(glgps)
net_domain(glgps)
allow glgps fwk_sensor_hwservice:hwservice_manager find;
allow glgps gps_data_file:dir create_dir_perms;
allow glgps gps_data_file:fifo_file create_file_perms;
allow glgps gps_data_file:file create_file_perms;
allow glgps gps_data_file:lnk_file create_file_perms;
allow glgps gps_data_file:sock_file create_file_perms;
allow glgps gps_device:chr_file rw_file_perms;
allow glgps self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow glgps gps_socket:sock_file create_file_perms;
binder_call(glgps, system_server)
typeattribute glgps halclientdomain;
wakelock_use(glgps)

7
sepolicy/vendor/hal_audio_default.te vendored Normal file
View File

@@ -0,0 +1,7 @@
allow hal_audio_default mnt_vendor_file:dir search;
r_dir_file(hal_audio_default, persist_audio_file)
get_prop(hal_audio_default, vendor_bluetooth_prop)
set_prop(hal_audio_default, vendor_audio_prop)
allow hal_audio_default audio_socket:sock_file rw_file_perms;

14
sepolicy/vendor/hal_camera_default.te vendored Normal file
View File

@@ -0,0 +1,14 @@
allow hal_camera_default gpu_device:chr_file rw_file_perms;
allow hal_camera_default remosaic_daemon_service:service_manager find;
allow hal_camera_default sysfs_kgsl:dir search;
allow hal_camera_default sysfs_kgsl:file r_file_perms;
allow hal_camera_default sysfs_leds:dir r_dir_perms;
allow hal_camera_default sysfs_leds:file rw_file_perms;
allow hal_camera_default sysfs_leds:lnk_file read;
allow hal_camera_default sysfs_thermal:file w_file_perms;
r_dir_file(hal_camera_default, persist_camera_file)

17
sepolicy/vendor/hal_fingerprint_default.te vendored Normal file
View File

@@ -0,0 +1,17 @@
allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
allow hal_fingerprint_default fingerprint_data_file:dir create_dir_perms;
allow hal_fingerprint_default fingerprint_data_file:file create_file_perms;
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
allow hal_fingerprint_default sysfs_fingerprint:file rw_file_perms;
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
allow hal_fingerprint_default input_device:dir r_dir_perms;
allow hal_fingerprint_default input_device:chr_file rw_file_perms;
allow hal_fingerprint_default sysfs_graphics:dir search;
allow hal_fingerprint_default sysfs_graphics:file rw_file_perms;
allow hal_fingerprint_default sysfs_msm_subsys:dir search;
allow hal_fingerprint_default sysfs_msm_subsys:file r_file_perms;
set_prop(hal_fingerprint_default, vendor_fp_prop)
hal_client_domain(hal_fingerprint_default, hal_perf)

2
sepolicy/vendor/hal_gnss_default.te vendored Normal file
View File

@@ -0,0 +1,2 @@
allow hal_gnss_default gps_data_file:dir rw_dir_perms;
allow hal_gnss_default gps_data_file:fifo_file create_file_perms;

1
sepolicy/vendor/hal_imsrtp.te vendored Normal file
View File

@@ -0,0 +1 @@
binder_call(hal_imsrtp, radio)

2
sepolicy/vendor/hal_ir_default.te vendored Normal file
View File

@@ -0,0 +1,2 @@
allow hal_ir_default lirc_device:chr_file rw_file_perms;
allow hal_ir_default lirc_device:file rw_file_perms;

5
sepolicy/vendor/hal_mlipay.te vendored Normal file
View File

@@ -0,0 +1,5 @@
# HwBinder IPC from client to server
binder_call(hal_mlipay_client, hal_mlipay_server)
add_hwservice(hal_mlipay_server, hal_mlipay_hwservice)
allow hal_mlipay_client hal_mlipay_hwservice:hwservice_manager find;

13
sepolicy/vendor/hal_mlipay_default.te vendored Normal file
View File

@@ -0,0 +1,13 @@
type hal_mlipay_default, domain;
hal_server_domain(hal_mlipay_default, hal_mlipay)
type hal_mlipay_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_mlipay_default)
allow hal_mlipay_default ion_device:chr_file rw_file_perms;
allow hal_mlipay_default tee_device:chr_file rw_file_perms;
r_dir_file(hal_mlipay_default, firmware_file)
get_prop(hal_mlipay_default, vendor_fp_prop)
set_prop(hal_mlipay_default, vendor_tee_listener_prop)

2
sepolicy/vendor/hal_nfc_default.te vendored Normal file
View File

@@ -0,0 +1,2 @@
allow hal_power_default nfc_vendor_data_file:dir create_dir_perms;
allow hal_power_default nfc_vendor_data_file:file create_file_perms;

31
sepolicy/vendor/hal_power_default.te vendored Normal file
View File

@@ -0,0 +1,31 @@
allow hal_power_default input_device:dir r_dir_perms;
allow hal_power_default input_device:chr_file rw_file_perms;
allow hal_power_default sysfs_graphics:dir search;
allow hal_power_default sysfs_graphics:file r_file_perms;
allow hal_power_default sysfs_rpm:file r_file_perms;
allow hal_power_default sysfs_system_sleep_stats:file r_file_perms;
allow hal_power_default sysfs_touchpanel:dir r_dir_perms;
allow hal_power_default sysfs_touchpanel:file rw_file_perms;
allow hal_power_default debugfs_wlan:dir r_dir_perms;
allow hal_power_default debugfs_wlan:file r_file_perms;
# To do powerhint on nodes defined in powerhint.json
allow hal_power_default sysfs_devfreq:dir search;
allow hal_power_default sysfs_devfreq:file rw_file_perms;
allow hal_power_default sysfs_kgsl:lnk_file read;
allow hal_power_default sysfs_kgsl:file rw_file_perms;
allow hal_power_default sysfs_msm_subsys:dir search;
allow hal_power_default sysfs_msm_subsys:file rw_file_perms;
allow hal_power_default sysfs_devices_system_cpu:file rw_file_perms;
allow hal_power_default device_latency:chr_file rw_file_perms;
allow hal_power_default cgroup:dir search;
allow hal_power_default cgroup:file rw_file_perms;
allow hal_power_default debugfs_sched_features:file rw_file_perms;
allow hal_power_default proc_sysctl_schedboost:file rw_file_perms;
# To get/set powerhal state property
set_prop(hal_power_default, vendor_power_prop)

8
sepolicy/vendor/hal_sensors_default.te vendored Normal file
View File

@@ -0,0 +1,8 @@
allow hal_sensors_default mnt_vendor_file:file r_file_perms;
allow hal_sensors_default ultrasound_device:chr_file rw_file_perms;
allow hal_sensors_default audio_socket:sock_file rw_file_perms;
unix_socket_connect(hal_sensors_default, audio, hal_audio_default)
get_prop(hal_sensors_default, adsprpc_prop)
get_prop(hal_sensors_default, sensors_prop)

1
sepolicy/vendor/hwservice.te vendored Normal file
View File

@@ -0,0 +1 @@
type hal_mlipay_hwservice, hwservice_manager_type;

21
sepolicy/vendor/hwservice_contexts vendored Normal file
View File

@@ -0,0 +1,21 @@
# Fingerprint
com.fingerprints.extension::IFingerprintEngineering u:object_r:hal_fingerprint_hwservice:s0
com.fingerprints.extension::IFingerprintSensorTest u:object_r:hal_fingerprint_hwservice:s0
com.fingerprints.extension::IFingerprintNavigation u:object_r:hal_fingerprint_hwservice:s0
com.fingerprints.extension::IFingerprintCalibration u:object_r:hal_fingerprint_hwservice:s0
com.fingerprints.extension::IFingerprintSenseTouch u:object_r:hal_fingerprint_hwservice:s0
vendor.goodix.hardware.fingerprintextension::IGoodixBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_hwservice:s0
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonExt u:object_r:hal_fingerprint_hwservice:s0
vendor.synaptics.fingerprints.interfaces.extensions::ISensorTest u:object_r:hal_fingerprint_hwservice:s0
vendor.synaptics.fingerprints.interfaces.extensions::INavigation u:object_r:hal_fingerprint_hwservice:s0
vendor.synaptics.fingerprints.interfaces.extensions::IFpCollection u:object_r:hal_fingerprint_hwservice:s0
# Mlipay
vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0
# NFC
vendor.nxp.nxpnfc::INxpNfc u:object_r:hal_nfc_hwservice:s0
# Secure element
vendor.nxp.nxpese::INxpEse u:object_r:hal_secure_element_hwservice:s0

1
sepolicy/vendor/init.te vendored Normal file
View File

@@ -0,0 +1 @@
allow init socket_device:sock_file { unlink setattr create };

1
sepolicy/vendor/kernel.te vendored Normal file
View File

@@ -0,0 +1 @@
allow kernel debugfs_wlan:dir search;

14
sepolicy/vendor/lhd.te vendored Normal file
View File

@@ -0,0 +1,14 @@
type lhd, domain;
type lhd_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(lhd)
net_domain(lhd)
allow lhd gps_data_file:dir create_dir_perms;
allow lhd gps_data_file:fifo_file create_file_perms;
allow lhd gps_data_file:file create_file_perms;
allow lhd gps_device:chr_file rw_file_perms;
allow lhd sysfs_gps:file rw_file_perms;
wakelock_use(lhd)

28
sepolicy/vendor/mi_thermald.te vendored Normal file
View File

@@ -0,0 +1,28 @@
type mi_thermald, domain;
type mi_thermald_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(mi_thermald)
allow mi_thermald self:capability { chown fowner fsetid };
# Allow mi_thermald to read thermal_data_file
allow mi_thermald thermal_data_file:dir rw_dir_perms;
allow mi_thermald thermal_data_file:file create_file_perms;
r_dir_file(mi_thermald, sysfs_battery_supply)
r_dir_file(mi_thermald, sysfs_devices_system_cpu)
r_dir_file(mi_thermald, sysfs_graphics)
r_dir_file(mi_thermald, sysfs_kgsl)
r_dir_file(mi_thermald, sysfs_leds)
r_dir_file(mi_thermald, sysfs_thermal)
allow mi_thermald sysfs_battery_supply:file rw_file_perms;
allow mi_thermald sysfs_battery_supply:lnk_file rw_file_perms;
allow mi_thermald sysfs_devices_system_cpu:file rw_file_perms;
allow mi_thermald sysfs_devices_system_cpu:lnk_file rw_file_perms;
allow mi_thermald sysfs_kgsl:file rw_file_perms;
allow mi_thermald sysfs_kgsl:lnk_file rw_file_perms;
allow mi_thermald sysfs_thermal:file rw_file_perms;
allow mi_thermald sysfs_thermal:lnk_file rw_file_perms;
set_prop(mi_thermald, vendor_thermal_normal_prop)

1
sepolicy/vendor/mm-pp-daemon.te vendored Normal file
View File

@@ -0,0 +1 @@
get_prop(mm-pp-daemon, vendor_dpps_prop)

7
sepolicy/vendor/property.te vendored Normal file
View File

@@ -0,0 +1,7 @@
vendor_internal_prop(vendor_thermal_normal_prop)
vendor_internal_prop(vendor_dpps_prop)
vendor_public_prop(vendor_fp_prop)
vendor_internal_prop(vendor_power_prop)

54
sepolicy/vendor/property_contexts vendored Normal file
View File

@@ -0,0 +1,54 @@
# Audio
audio.soundtrigger.debug.urser_id u:object_r:audio_prop:s0
audio_hal.in_period_size u:object_r:audio_prop:s0
# Camera
camera. u:object_r:camera_prop:s0
persist.camera. u:object_r:camera_prop:s0
persist.debug.sf.showfps u:object_r:camera_prop:s0
persist.vendor.camera u:object_r:camera_prop:s0
ro.camera.res.fmq.size u:object_r:camera_prop:s0
ro.camera.req.fmq.size u:object_r:camera_prop:s0
ro.vendor.camera. u:object_r:camera_prop:s0
vendor.camera.boot_complete u:object_r:camera_prop:s0
vendor.camera.sensor. u:object_r:camera_prop:s0
vidhance. u:object_r:camera_prop:s0
# Display post processing
init.svc.ppd u:object_r:vendor_dpps_prop:s0
ro.vendor.display.ad u:object_r:vendor_dpps_prop:s0
ro.vendor.display.sensortype u:object_r:vendor_dpps_prop:s0
# Fingerprint
fpc_kpi u:object_r:vendor_fp_prop:s0
gf.debug. u:object_r:vendor_fp_prop:s0
persist.sys.fp. u:object_r:vendor_fp_prop:s0
persist.vendor.fpc. u:object_r:vendor_fp_prop:s0
persist.vendor.sys.fp. u:object_r:vendor_fp_prop:s0
ro.boot.fpsensor u:object_r:vendor_fp_prop:s0
ro.hardware.fp u:object_r:vendor_fp_prop:s0
vendor.fps_hal. u:object_r:vendor_fp_prop:s0
# MIUI specific
ro.boot.factorybuild u:object_r:exported_default_prop:s0
ro.boot.hwversion u:object_r:exported_default_prop:s0
ro.carrier.name u:object_r:exported_default_prop:s0
ro.miui.cust_variant u:object_r:exported_default_prop:s0
# Mlipay
persist.vendor.sys.pay u:object_r:vendor_tee_listener_prop:s0
# Power
vendor.powerhal. u:object_r:vendor_power_prop:s0
# Sensors
persist.sensor. u:object_r:sensors_prop:s0
invn.hal.data. u:object_r:sensors_prop:s0
invn.hal.debug. u:object_r:sensors_prop:s0
invn.hal.entry. u:object_r:sensors_prop:s0
invn.hal.verbose. u:object_r:sensors_prop:s0
# Thermal
persist.sys.thermal. u:object_r:vendor_thermal_normal_prop:s0
sys.thermal. u:object_r:vendor_thermal_normal_prop:s0
vendor.sys.thermal. u:object_r:vendor_thermal_normal_prop:s0

14
sepolicy/vendor/radio.te vendored Normal file
View File

@@ -0,0 +1,14 @@
allow radio audioserver_service:service_manager find;
allow radio cameraserver_service:service_manager find;
allow radio drmserver_service:service_manager find;
allow radio hal_datafactory_hwservice:hwservice_manager find;
allow radio hal_iwlan_hwservice:hwservice_manager find;
allow radio mediaextractor_service:service_manager find;
allow radio mediametrics_service:service_manager find;
allow radio mediaserver_service:service_manager find;
binder_call(radio, cnd)
binder_call(radio, gpuservice)
binder_call(radio, hal_imsrtp)
get_prop(radio, qcom_ims_prop)

8
sepolicy/vendor/remosaic_daemon.te vendored Normal file
View File

@@ -0,0 +1,8 @@
type remosaic_daemon, domain;
type remosaic_daemon_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(remosaic_daemon)
vndbinder_use(remosaic_daemon)
add_service(remosaic_daemon, remosaic_daemon_service)

1
sepolicy/vendor/rild.te vendored Normal file
View File

@@ -0,0 +1 @@
set_prop(rild, deviceid_prop)

1
sepolicy/vendor/sensors.te vendored Normal file
View File

@@ -0,0 +1 @@
allow sensors proc_tp:file r_file_perms;

1
sepolicy/vendor/system_server.te vendored Normal file
View File

@@ -0,0 +1 @@
binder_call(system_server, glgps)

2
sepolicy/vendor/tee.te vendored Normal file
View File

@@ -0,0 +1,2 @@
allow tee fingerprint_data_file:dir create_dir_perms;
allow tee fingerprint_data_file:file create_file_perms;

7
sepolicy/vendor/thermal-engine.te vendored Normal file
View File

@@ -0,0 +1,7 @@
allow thermal-engine thermal_data_file:dir rw_dir_perms;
allow thermal-engine thermal_data_file:file create_file_perms;
allow thermal-engine self:capability { chown fowner };
allow thermal-engine sysfs_devfreq:dir r_dir_perms;
set_prop(thermal-engine, vendor_thermal_normal_prop)

4
sepolicy/vendor/vendor_init.te vendored Normal file
View File

@@ -0,0 +1,4 @@
allow vendor_init proc_sysctl_autogroup:file w_file_perms;
allow vendor_init proc_sysctl_schedboost:file w_file_perms;
set_prop(vendor_init, vendor_power_prop)

1
sepolicy/vendor/vndservice.te vendored Normal file
View File

@@ -0,0 +1 @@
type remosaic_daemon_service, vndservice_manager_type;

2
sepolicy/vendor/vndservice_contexts vendored Normal file
View File

@@ -0,0 +1,2 @@
# Camera
android.IRemosaicDaemon u:object_r:remosaic_daemon_service:s0

2
sepolicy/vendor/vold.te vendored Normal file
View File

@@ -0,0 +1,2 @@
# For setting read_ahead_kb
allow vold sysfs_mmc_host:file w_file_perms;

1
sepolicy/vendor/vppservice.te vendored Normal file
View File

@@ -0,0 +1 @@
hal_client_domain(vendor_vppservice, hal_capabilityconfigstore_qti)