trying to enable selinux
This commit is contained in:
faust93
9
selinux/Android.mk
Normal file
9
selinux/Android.mk
Normal file
@@ -0,0 +1,9 @@
|
||||
LOCAL_PATH := $(call my-dir)
|
||||
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := prebuilt_file_contexts
|
||||
LOCAL_MODULE_TAGS := eng
|
||||
LOCAL_MODULE_CLASS := RECOVERY_EXECUTABLES
|
||||
LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
|
||||
LOCAL_SRC_FILES := $(LOCAL_MODULE)
|
||||
include $(BUILD_PREBUILT)
|
||||
487
selinux/prebuilt_file_contexts
Normal file
487
selinux/prebuilt_file_contexts
Normal file
@@ -0,0 +1,487 @@
|
||||
#line 1 "vendor/samsung/common/sepolicy/nsa/file_contexts"
|
||||
###########################################
|
||||
# Root
|
||||
/ u:object_r:rootfs:s0
|
||||
|
||||
# Data files
|
||||
/adb_keys u:object_r:adb_keys_file:s0
|
||||
/default.prop u:object_r:rootfs:s0
|
||||
/fstab\..* u:object_r:rootfs:s0
|
||||
/init\..* u:object_r:rootfs:s0
|
||||
/res(/.*)? u:object_r:rootfs:s0
|
||||
/ueventd\..* u:object_r:rootfs:s0
|
||||
|
||||
# Executables
|
||||
/charger u:object_r:rootfs:s0
|
||||
/init u:object_r:rootfs:s0
|
||||
/sbin(/.*)? u:object_r:rootfs:s0
|
||||
|
||||
# Empty directories
|
||||
/lost\+found u:object_r:rootfs:s0
|
||||
/proc u:object_r:rootfs:s0
|
||||
|
||||
# SELinux policy files
|
||||
/file_contexts u:object_r:rootfs:s0
|
||||
/property_contexts u:object_r:rootfs:s0
|
||||
/seapp_contexts u:object_r:rootfs:s0
|
||||
/sepolicy u:object_r:rootfs:s0
|
||||
|
||||
##########################
|
||||
# Devices
|
||||
#
|
||||
/dev(/.*)? u:object_r:device:s0
|
||||
/dev/accelerometer u:object_r:sensors_device:s0
|
||||
/dev/alarm u:object_r:alarm_device:s0
|
||||
/dev/android_adb.* u:object_r:adb_device:s0
|
||||
/dev/ashmem u:object_r:ashmem_device:s0
|
||||
/dev/audio.* u:object_r:audio_device:s0
|
||||
/dev/binder u:object_r:binder_device:s0
|
||||
/dev/block(/.*)? u:object_r:block_device:s0
|
||||
/dev/block/loop[0-9]* u:object_r:loop_device:s0
|
||||
/dev/block/ram[0-9]* u:object_r:ram_device:s0
|
||||
/dev/bus/usb(.*)? u:object_r:usb_device:s0
|
||||
/dev/cam u:object_r:camera_device:s0
|
||||
/dev/console u:object_r:console_device:s0
|
||||
/dev/cpuctl(/.*)? u:object_r:cpuctl_device:s0
|
||||
/dev/device-mapper u:object_r:dm_device:s0
|
||||
/dev/eac u:object_r:audio_device:s0
|
||||
/dev/fscklogs(/.*)? u:object_r:fscklogs:s0
|
||||
/dev/full u:object_r:full_device:s0
|
||||
/dev/fuse u:object_r:fuse_device:s0
|
||||
/dev/graphics(/.*)? u:object_r:graphics_device:s0
|
||||
/dev/hw_random u:object_r:hw_random_device:s0
|
||||
/dev/input(/.*) u:object_r:input_device:s0
|
||||
/dev/iio:device[0-9]+ u:object_r:iio_device:s0
|
||||
/dev/ion u:object_r:ion_device:s0
|
||||
/dev/kmem u:object_r:kmem_device:s0
|
||||
/dev/log(/.*)? u:object_r:log_device:s0
|
||||
/dev/mem u:object_r:kmem_device:s0
|
||||
/dev/modem.* u:object_r:radio_device:s0
|
||||
/dev/mpu u:object_r:gps_device:s0
|
||||
/dev/mpuirq u:object_r:gps_device:s0
|
||||
/dev/mtd(/.*)? u:object_r:mtd_device:s0
|
||||
/dev/mtp_usb* u:object_r:mtp_device:s0
|
||||
/dev/pn544 u:object_r:nfc_device:s0
|
||||
/dev/ppp u:object_r:ppp_device:s0
|
||||
/dev/ptmx u:object_r:ptmx_device:s0
|
||||
/dev/qemu_.* u:object_r:qemu_device:s0
|
||||
/dev/kmsg u:object_r:kmsg_device:s0
|
||||
/dev/null u:object_r:null_device:s0
|
||||
/dev/nvmap u:object_r:nv_device:s0
|
||||
/dev/nvhost-.* u:object_r:nv_device:s0
|
||||
/dev/random u:object_r:random_device:s0
|
||||
/dev/rpmsg-omx[0-9] u:object_r:rpmsg_device:s0
|
||||
/dev/rproc_user u:object_r:rpmsg_device:s0
|
||||
/dev/snd(/.*)? u:object_r:audio_device:s0
|
||||
/dev/snd/pcmC[0-9]*D[0-9]*c u:object_r:audio_capture_device:s0
|
||||
/dev/socket(/.*)? u:object_r:socket_device:s0
|
||||
/dev/socket/adbd u:object_r:adbd_socket:s0
|
||||
/dev/socket/bluetooth u:object_r:bluetooth_socket:s0
|
||||
/dev/socket/dnsproxyd u:object_r:dnsproxyd_socket:s0
|
||||
/dev/socket/gps u:object_r:gps_socket:s0
|
||||
/dev/socket/installd u:object_r:installd_socket:s0
|
||||
/dev/socket/keystore u:object_r:keystore_socket:s0
|
||||
/dev/socket/mdns u:object_r:mdns_socket:s0
|
||||
/dev/socket/netd u:object_r:netd_socket:s0
|
||||
/dev/socket/property_service u:object_r:property_socket:s0
|
||||
/dev/socket/qemud u:object_r:qemud_socket:s0
|
||||
/dev/socket/racoon u:object_r:racoon_socket:s0
|
||||
/dev/socket/rild u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-debug u:object_r:rild_debug_socket:s0
|
||||
/dev/socket/vold u:object_r:vold_socket:s0
|
||||
/dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
|
||||
/dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0
|
||||
/dev/socket/zygote u:object_r:zygote_socket:s0
|
||||
/dev/spdif_out.* u:object_r:audio_device:s0
|
||||
/dev/tegra.* u:object_r:video_device:s0
|
||||
/dev/tf_driver u:object_r:tee_device:s0
|
||||
/dev/tty u:object_r:owntty_device:s0
|
||||
/dev/tty[0-9]* u:object_r:tty_device:s0
|
||||
/dev/ttyS[0-9]* u:object_r:serial_device:s0
|
||||
/dev/tun u:object_r:tun_device:s0
|
||||
/dev/uhid u:object_r:uhid_device:s0
|
||||
/dev/uinput u:object_r:uhid_device:s0
|
||||
/dev/urandom u:object_r:urandom_device:s0
|
||||
/dev/usb_accessory u:object_r:usbaccessory_device:s0
|
||||
/dev/vcs[0-9a-z]* u:object_r:vcs_device:s0
|
||||
/dev/video[0-9]* u:object_r:video_device:s0
|
||||
/dev/video4[0-9] u:object_r:camera_device:s0
|
||||
/dev/watchdog u:object_r:watchdog_device:s0
|
||||
/dev/xt_qtaguid u:object_r:qtaguid_device:s0
|
||||
/dev/zero u:object_r:zero_device:s0
|
||||
/dev/__kmsg__ u:object_r:klog_device:s0
|
||||
/dev/__properties__ u:object_r:properties_device:s0
|
||||
#############################
|
||||
# System files
|
||||
#
|
||||
/system(/.*)? u:object_r:system_file:s0
|
||||
/system/bin/auditd u:object_r:auditd_exec:s0
|
||||
/system/bin/mksh u:object_r:shell_exec:s0
|
||||
/system/bin/sh -- u:object_r:shell_exec:s0
|
||||
/system/bin/run-as -- u:object_r:runas_exec:s0
|
||||
/system/bin/app_process u:object_r:zygote_exec:s0
|
||||
/system/bin/servicemanager u:object_r:servicemanager_exec:s0
|
||||
/system/bin/surfaceflinger u:object_r:surfaceflinger_exec:s0
|
||||
/system/bin/drmserver u:object_r:drmserver_exec:s0
|
||||
/system/bin/vold u:object_r:vold_exec:s0
|
||||
/system/bin/netd u:object_r:netd_exec:s0
|
||||
/system/bin/rild u:object_r:rild_exec:s0
|
||||
/system/bin/mediaserver u:object_r:mediaserver_exec:s0
|
||||
/system/bin/installd u:object_r:installd_exec:s0
|
||||
/system/bin/keystore u:object_r:keystore_exec:s0
|
||||
/system/bin/debuggerd u:object_r:debuggerd_exec:s0
|
||||
/system/bin/wpa_supplicant u:object_r:wpa_exec:s0
|
||||
/system/bin/qemud u:object_r:qemud_exec:s0
|
||||
/system/bin/sdcard u:object_r:sdcardd_exec:s0
|
||||
/system/bin/dhcpcd u:object_r:dhcp_exec:s0
|
||||
/system/bin/mtpd u:object_r:mtp_exec:s0
|
||||
/system/bin/pppd u:object_r:ppp_exec:s0
|
||||
/system/bin/tf_daemon u:object_r:tee_exec:s0
|
||||
/system/bin/racoon u:object_r:racoon_exec:s0
|
||||
/system/etc/ppp(/.*)? u:object_r:ppp_system_file:s0
|
||||
/system/etc/dhcpcd(/.*)? u:object_r:dhcp_system_file:s0
|
||||
/system/xbin/su u:object_r:su_exec:s0
|
||||
/system/vendor/bin/gpsd u:object_r:gpsd_exec:s0
|
||||
/system/bin/ping u:object_r:ping_exec:s0
|
||||
/system/bin/dnsmasq u:object_r:dnsmasq_exec:s0
|
||||
/system/bin/hostapd u:object_r:hostapd_exec:s0
|
||||
/system/bin/clatd u:object_r:clatd_exec:s0
|
||||
#############################
|
||||
# Vendor files
|
||||
#
|
||||
/vendor(/.*)? u:object_r:system_file:s0
|
||||
/vendor/bin/gpsd u:object_r:gpsd_exec:s0
|
||||
#############################
|
||||
# Data files
|
||||
#
|
||||
/data(/.*)? u:object_r:system_data_file:s0
|
||||
/data/backup(/.*)? u:object_r:backup_data_file:s0
|
||||
/data/secure/backup(/.*)? u:object_r:backup_data_file:s0
|
||||
/data/security(/.*)? u:object_r:security_file:s0
|
||||
/data/drm(/.*)? u:object_r:drm_data_file:s0
|
||||
/data/gps(/.*)? u:object_r:gps_data_file:s0
|
||||
/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
|
||||
/data/anr(/.*)? u:object_r:anr_data_file:s0
|
||||
/data/app(/.*)? u:object_r:apk_data_file:s0
|
||||
/data/app/vmdl.*\.tmp u:object_r:apk_tmp_file:s0
|
||||
/data/app-private(/.*)? u:object_r:apk_private_data_file:s0
|
||||
/data/app-private/vmdl.*\.tmp u:object_r:apk_private_tmp_file:s0
|
||||
/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
|
||||
/data/local/tmp(/.*)? u:object_r:shell_data_file:s0
|
||||
# Misc data
|
||||
/data/misc/audio(/.*)? u:object_r:audio_data_file:s0
|
||||
/data/misc/audit(/.*)? u:object_r:audit_log:s0
|
||||
/data/misc/bluetooth(/.*)? u:object_r:bluetooth_data_file:s0
|
||||
/data/misc/bluedroid(/.*)? u:object_r:bluetooth_data_file:s0
|
||||
/data/misc/keystore(/.*)? u:object_r:keystore_data_file:s0
|
||||
/data/misc/media(/.*)? u:object_r:media_data_file:s0
|
||||
/data/misc/vpn(/.*)? u:object_r:vpn_data_file:s0
|
||||
/data/misc/systemkeys(/.*)? u:object_r:systemkeys_data_file:s0
|
||||
/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0
|
||||
/data/misc/camera(/.*)? u:object_r:camera_data_file:s0
|
||||
/data/misc/dhcp(/.*)? u:object_r:dhcp_data_file:s0
|
||||
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
|
||||
# App sandboxes
|
||||
/data/data/.* u:object_r:app_data_file:s0
|
||||
# Wallpaper file.
|
||||
/data/data/com.android.settings/files/wallpaper u:object_r:wallpaper_file:s0
|
||||
# Wallpaper file for other users
|
||||
/data/system/users/[0-9]+/wallpaper u:object_r:wallpaper_file:s0
|
||||
# Downloaded files
|
||||
/data/data/com.android.providers.downloads/cache u:object_r:download_file:s0
|
||||
#############################
|
||||
# efs files
|
||||
#
|
||||
/efs(/.*)? u:object_r:efs_file:s0
|
||||
#############################
|
||||
# Cache files
|
||||
#
|
||||
/cache(/.*)? u:object_r:cache_file:s0
|
||||
/cache/.*\.data u:object_r:cache_backup_file:s0
|
||||
/cache/.*\.restore u:object_r:cache_backup_file:s0
|
||||
# LocalTransport (backup) uses this directory
|
||||
/cache/backup(/.*)? u:object_r:cache_backup_file:s0
|
||||
#############################
|
||||
# sysfs files
|
||||
#
|
||||
/sys/qemu_trace(/.*)? -- u:object_r:sysfs_writable:s0
|
||||
/sys/devices/platform/nfc-power/nfc_power -- u:object_r:sysfs_nfc_power_writable:s0
|
||||
/sys/class/rfkill/rfkill[0-9]*/state -- u:object_r:sysfs_bluetooth_writable:s0
|
||||
/sys/class/rfkill/rfkill[0-9]*/type -- u:object_r:sysfs_bluetooth_writable:s0
|
||||
/sys/devices/system/cpu(/.*)? u:object_r:sysfs_devices_system_cpu:s0
|
||||
/sys/power/wake_lock -- u:object_r:sysfs_wake_lock:s0
|
||||
/sys/power/wake_unlock -- u:object_r:sysfs_wake_lock:s0
|
||||
#############################
|
||||
# asec containers
|
||||
/mnt/asec(/.*)? u:object_r:asec_apk_file:s0
|
||||
/data/app-asec(/.*)? u:object_r:asec_image_file:s0
|
||||
#line 1 "vendor/samsung/common/sepolicy/file_contexts"
|
||||
#############################
|
||||
# Carrier file
|
||||
# carrier folder for Sprint(Qualcomm and SLSI)
|
||||
/carrier(/.*)? u:object_r:carrier_file:s0
|
||||
|
||||
#############################
|
||||
# Device node
|
||||
#
|
||||
/dev/android_ssusbcon(/.*)? u:object_r:usb_device:s0
|
||||
/dev/.secure_storage(/.*)? u:object_r:secure_storage_device:s0
|
||||
/dev/__kmsg u:object_r:klog_device:s0
|
||||
#remove it because of conflict with NSA
|
||||
#/dev/__properties__ u:object_r:prop_device:s0
|
||||
/dev/batch_io u:object_r:io_device:s0
|
||||
/dev/bcm2079x u:object_r:nfc_device:s0
|
||||
/dev/block/platform/dw_mmc.* u:object_r:dw_mmc_device:s0
|
||||
/dev/block/platform/msm_sdcc.1/by-name/param u:object_r:emmcblk_device:s0
|
||||
/dev/block/vnswap0 u:object_r:swap_device:s0
|
||||
/dev/bus/usb(/.*)? u:object_r:usb_device:s0
|
||||
/dev/diag u:object_r:diag_device:s0
|
||||
/dev/dumpstate u:object_r:dumpstate_device:s0
|
||||
/dev/i2c.* u:object_r:i2c_device:s0
|
||||
|
||||
## Knox Sensitive data protection, DEK engine driver access
|
||||
/dev/dek_evt u:object_r:knox_dar_device:s0
|
||||
/dev/dek_kek u:object_r:knox_dar_device:s0
|
||||
/dev/dek_log u:object_r:knox_dar_device:s0
|
||||
/dev/dek_req u:object_r:knox_dar_device:s0
|
||||
/dev/sdp_mm u:object_r:knox_dar_device:s0
|
||||
|
||||
/dev/media[0-3]* u:object_r:camera_device:s0
|
||||
/dev/mobicore u:object_r:mobicore_device:s0
|
||||
/dev/mobicore-user u:object_r:mobicore-user_device:s0
|
||||
/dev/pipes(/.*)? u:object_r:system_fifo:s0
|
||||
/dev/pn547 u:object_r:nfc_device:s0
|
||||
#fix build error - duplicate definition
|
||||
#/dev/pn544 u:object_r:nfc_device:s0
|
||||
/dev/pvrsrvkm u:object_r:powervr_device:s0
|
||||
/dev/sec-nfc u:object_r:nfc_device:s0
|
||||
/dev/shtc1_sensor u:object_r:sensor_device:s0
|
||||
/dev/socket/charon u:object_r:charon_socket:s0
|
||||
/dev/socket/dumpstate u:object_r:dumpstate_socket:s0
|
||||
/dev/socket/cs_socket u:object_r:cs_socket:s0
|
||||
/dev/socket/msockets(/.*)? u:object_r:msockets_socket:s0
|
||||
/dev/socket/mtpd u:object_r:mtpd_socket:s0
|
||||
/dev/socket/dir_enc_report u:object_r:vold_socket:s0
|
||||
/dev/socket/drsd u:object_r:drsd_socket:s0
|
||||
/dev/socket/epm u:object_r:epm_socket:s0
|
||||
/dev/socket/rild[0-9]* u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-debug[0-9]* u:object_r:rild_debug_socket:s0
|
||||
/dev/ssp_sensorhub u:object_r:input_device:s0
|
||||
/dev/timerirq u:object_r:timerirq_device:s0
|
||||
/dev/ttyGS[0-9]* u:object_r:usb_serial_device:s0
|
||||
/dev/ttyUSB[0-9]* u:object_r:usb_device:s0
|
||||
/dev/tzic u:object_r:tzic_device:s0
|
||||
/dev/usb(/.*)? u:object_r:usb_device:s0
|
||||
/dev/usb.* u:object_r:usb_device:s0
|
||||
/dev/usb/tty.* u:object_r:usb_device:s0
|
||||
/dev/usb_mtp_gadget.* u:object_r:mtp_device:s0
|
||||
/dev/validity(/.*)? u:object_r:validity_device:s0
|
||||
/dev/vfsspi u:object_r:vfsspi_device:s0
|
||||
/dev/block/mmcblk0p[0-9]* u:object_r:emmcblk_device:s0
|
||||
/dev/block/mmcblk[0-9]* u:object_r:emmcblk_device:s0
|
||||
/dev/block/mmcblk1p.* u:object_r:emmcblk_device:s0
|
||||
/dev/block/mmcblk1p1 u:object_r:emmcblk_device:s0
|
||||
|
||||
####################################
|
||||
# sysfs files
|
||||
#
|
||||
/sys(/.*)? u:object_r:sysfs:s0
|
||||
/sys/class/power_supply/battery/music -- u:object_r:sysfs_music_power_writable:s0
|
||||
/sys/class/devfreq/exynos5-busfreq-mif(/.*)? -- u:object_r:sysfs_exynos_writable:s0
|
||||
/sys/class/lcd(/.*)? -- u:object_r:sysfs_lcd_writable:s0
|
||||
|
||||
#############################
|
||||
# System files
|
||||
#
|
||||
/system/bin/actlmand u:object_r:actlmand_exec:s0
|
||||
/system/bin/androidshmservice u:object_r:androidshmservice_exec:s0
|
||||
/system/bin/apaservice u:object_r:apaservice_exec:s0
|
||||
/system/bin/at_distributor u:object_r:at_distributor_exec:s0
|
||||
/system/bin/bintvoutservice u:object_r:bintvoutservice_exec:s0
|
||||
/system/bin/bootanimation u:object_r:bootanimation_exec:s0
|
||||
/system/bin/bootchecker u:object_r:bootchecker_exec:s0
|
||||
/system/bin/bugreport u:object_r:bugreport_exec:s0
|
||||
/system/bin/cellgeofenced u:object_r:cellgeofenced_exec:s0
|
||||
/system/bin/charon u:object_r:charon_exec:s0
|
||||
/system/bin/connfwexe u:object_r:connfwexe_exec:s0
|
||||
/system/bin/createsystemfile u:object_r:createsystemfile_exec:s0
|
||||
/system/bin/cs u:object_r:cs_exec:s0
|
||||
/system/bin/ddexe u:object_r:ddexe_exec:s0
|
||||
/system/bin/diag_uart_log u:object_r:diag_uart_log_exec:s0
|
||||
/system/bin/drsd u:object_r:drsd_exec:s0
|
||||
/system/bin/dttexe u:object_r:dttexe_exec:s0
|
||||
/system/bin/dumpstate u:object_r:dumpstate_exec:s0
|
||||
/system/bin/dumpsys u:object_r:dumpsys_exec:s0
|
||||
/system/bin/edmaudit u:object_r:edmaudit_exec:s0
|
||||
/system/bin/gsiff_daemon u:object_r:gsiff_daemon_exec:s0
|
||||
/system/bin/icd u:object_r:icd_exec:s0
|
||||
/system/bin/immvibed u:object_r:immvibed_exec:s0
|
||||
/system/bin/imsqmidaemon u:object_r:imsqmidaemon_exec:s0
|
||||
/system/bin/insthk u:object_r:insthk_exec:s0
|
||||
/system/bin/ipruleset u:object_r:ipruleset_exec:s0
|
||||
/system/bin/IPSecService u:object_r:IPSecService_exec:s0
|
||||
/system/bin/jackservice u:object_r:jackservice_exec:s0
|
||||
/system/bin/kiesexe u:object_r:kiesexe_exec:s0
|
||||
/system/bin/logwrapper u:object_r:logwrapper_exec:s0
|
||||
/system/bin/mdnsd u:object_r:mdnsd_exec:s0
|
||||
/system/bin/netmgrd u:object_r:netmgrd_exec:s0
|
||||
/system/bin/npsmobex u:object_r:mobexdaemon_exec:s0
|
||||
/system/bin/p2p_supplicant u:object_r:p2p_supplicant_exec:s0
|
||||
/system/bin/prepare_param.sh u:object_r:prepare_param_sh_file:s0
|
||||
/system/bin/rfs_access u:object_r:rfs_access_exec:s0
|
||||
/system/bin/samsungpowersoundplay u:object_r:samsungpowersoundplay_exec:s0
|
||||
/system/bin/sec-ril u:object_r:sec-ril_exec:s0
|
||||
/system/bin/secure_storage_daemon u:object_r:secure_storage_exec:s0
|
||||
/system/bin/sensorhubservice u:object_r:sensorhubservice_exec:s0
|
||||
/system/bin/selinux-network.sh u:object_r:selinux_net_exec:s0
|
||||
/system/bin/ss_conn_daemon u:object_r:ss_conn_daemon_exec:s0
|
||||
/system/bin/sshd u:object_r:sshd_exec:s0
|
||||
/system/bin/sysmon u:object_r:sysmon_exec:s0
|
||||
/system/bin/tima_dump_log u:object_r:tima_dump_exec:s0
|
||||
/system/bin/vcsFPService u:object_r:vcsFPService_exec:s0
|
||||
/system/bin/wcnss_service u:object_r:wcnss_service_exec:s0
|
||||
/system/bin/wpa_supplicant_real u:object_r:wpa_exec:s0
|
||||
/system/bin/sysprof u:object_r:sysprof_exec:s0
|
||||
/system/etc/install-recovery.sh u:object_r:flash_recovery_sh_file:s0
|
||||
|
||||
/system/lib(/.*)? u:object_r:system_library_file:s0
|
||||
/system/etc/event-log-tags u:object_r:event_log_tags_file:s0
|
||||
|
||||
|
||||
#############################
|
||||
# EFS file
|
||||
#
|
||||
/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
|
||||
/efs/imei(/.*)? u:object_r:imei_efs_file:s0
|
||||
/efs/FactoryApp(/.*)? u:object_r:app_efs_file:s0
|
||||
/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
|
||||
|
||||
|
||||
#############################
|
||||
# DATA file
|
||||
#
|
||||
/data/data/.drm(/.*)? u:object_r:drm_data_file:s0
|
||||
/data/data/imsqmisocket u:object_r:system_data_file:s0
|
||||
/data/app-lib(/.*)? u:object_r:app_library_file:s0
|
||||
/data/bcmnfc(/.*)? u:object_r:nfc_data_file:s0
|
||||
/data/log(/.*)? u:object_r:dumplog_data_file:s0
|
||||
/data/media(/.*)? u:object_r:media_data_file:s0
|
||||
/data/media.tmp(/.*)? u:object_r:media_data_file:s0
|
||||
/data/media/obb(/.*)? u:object_r:obb_apk_file:s0
|
||||
#fix build error - duplicate definition
|
||||
#/data/misc/audio(/.*)? u:object_r:audio_data_file:s0
|
||||
/data/misc/radio(/.*)? u:object_r:radio_data_file:s0
|
||||
/data/system/users(/.*)/wallpaper u:object_r:wallpaper_file:s0
|
||||
/data/.container_[1-9](/.*)? u:object_r:container_app_data_backend:s0
|
||||
/data/container(/.*)? u:object_r:container_app_data_backend:s0
|
||||
/data/clipboard/knox(/.*)? u:object_r:knox_clipboard_file:s0
|
||||
/data/clipboard1[0-9][0-9](/.*)? u:object_r:knox_clipboard_file:s0
|
||||
/data/knox(/.*)? u:object_r:container_app_data_backend:s0
|
||||
/data/system/container(/.*)? u:object_r:security_file:s0
|
||||
/data/sc(/.*)? u:object_r:smartcard_data_file:s0
|
||||
# personalpage path is not used by (hyojin45.son)
|
||||
# /data/personalpage(/.*)? u:object_r:personal_page_file:s0
|
||||
# new path for personalpage is privatemode.K is first model for personalpage.
|
||||
/data/privatemode(/.*)? u:object_r:personal_page_file:s0
|
||||
/data/KEqvTaYEYkuJr1Mn+t-SwFvbgYo_(/.*)? u:object_r:tima_keystore_file:s0
|
||||
/data/misc/tima(/.*)? u:object_r:tima_log:s0
|
||||
/data/data/com.android.shell(/.*)? u:object_r:shell_data_file:s0
|
||||
|
||||
#############################
|
||||
# MISC partition file
|
||||
#
|
||||
/hidden(/.*)? u:object_r:hidden_file:s0
|
||||
/persdata(/.*)? u:object_r:persdata_data_file:s0
|
||||
/persist(/.*)? u:object_r:persist_data_file:s0
|
||||
/preload(/.*)? u:object_r:hidden_file:s0
|
||||
/tombstone(/.*)? u:object_r:tombstone_data_file:s0
|
||||
/tombstones(/.*)? u:object_r:tombstones_data_file:s0
|
||||
|
||||
#############################
|
||||
# MNT
|
||||
#
|
||||
/mnt/obb(/.*)? u:object_r:obb_apk_file:s0
|
||||
/mnt/secure/asec(/.*)? u:object_r:asec_apk_file:s0
|
||||
/mnt/secure/staging(/.*)? u:object_r:asec_image_file:s0
|
||||
|
||||
#line 1 "vendor/samsung/common/sepolicy/slsi_common/file_contexts"
|
||||
#############################
|
||||
# System files
|
||||
#
|
||||
/system/bin/brcm_patchram_plus u:object_r:brcm_patchram_plus_exec:s0
|
||||
/system/bin/diagexe u:object_r:diagexe_exec:s0
|
||||
/system/bin/gpsd u:object_r:gpsd_exec:s0
|
||||
/system/bin/mcDriverDaemon u:object_r:mobicoredaemon_exec:s0
|
||||
/system/bin/mlexe u:object_r:mlexe_exec:s0
|
||||
/system/bin/smdexe u:object_r:smdexe_exec:s0
|
||||
/system/etc/security/.drm u:object_r:drm_security_system_file:s0
|
||||
/system/etc/ymc/setup u:object_r:setup_ymc_etc_system_file:s0
|
||||
/system/lib/drm u:object_r:drm_lib_system_file:s0
|
||||
#############################
|
||||
# Device node
|
||||
#
|
||||
/dev/akm8963 u:object_r:akm8963_device:s0
|
||||
/dev/b.L.* u:object_r:ap_device:s0
|
||||
/dev/bL.* u:object_r:ap_device:s0
|
||||
/dev/block/modem(/.*)? u:object_r:modem_device:s0
|
||||
/dev/btlock u:object_r:bluetooth_device:s0
|
||||
/dev/cpu.* u:object_r:ap_device:s0
|
||||
/dev/dir_enc_report u:object_r:report_device:s0
|
||||
/dev/ecryptfs u:object_r:ecryptfs_device:s0
|
||||
/dev/ehci_power u:object_r:mif_device:s0
|
||||
/dev/fimg2d(/.*)? u:object_r:fimg2d_video_device:s0
|
||||
/dev/gps_geofence_wake u:object_r:gps_device:s0
|
||||
/dev/hsicctl[0-3]* u:object_r:hsic_device:s0
|
||||
/dev/keychord u:object_r:keychord_device:s0
|
||||
/dev/kfc_freq_min u:object_r:ap_device:s0
|
||||
/dev/link_pm u:object_r:radio_device:s0
|
||||
/dev/mali.* u:object_r:video_device:s0
|
||||
/dev/mbin.* u:object_r:mbin_device:s0
|
||||
/dev/mdm u:object_r:mdm_device:s0
|
||||
/dev/mdns u:object_r:mdns_device:s0
|
||||
/dev/multipdp u:object_r:multipdp_device:s0
|
||||
/dev/psaux u:object_r:psaux_device:s0
|
||||
/dev/pts(/.*)? u:object_r:pts_device:s0
|
||||
/dev/pvr_sync u:object_r:pvrsync_device:s0
|
||||
/dev/s5p-smem u:object_r:s5p_smem_device:s0
|
||||
/dev/seiren u:object_r:seiren_device:s0
|
||||
/dev/srp u:object_r:srp_device:s0
|
||||
/dev/sw_sync u:object_r:sync_device:s0
|
||||
/dev/tspdrv u:object_r:vibrator_device:s0
|
||||
/dev/ttySAC[0-9]* u:object_r:uart_device:s0
|
||||
/dev/umts.* u:object_r:mif_device:s0
|
||||
/dev/v4l-subdev[0-9]* u:object_r:video_device:s0
|
||||
#############################
|
||||
# EFS file
|
||||
#
|
||||
/efs/FactoryApp/baro_delta u:object_r:baro_delta_factoryapp_efs_file:s0
|
||||
/efs/FactoryApp/factorymode u:object_r:factorymode_factoryapp_efs_file:s0
|
||||
/efs/FactoryApp/fdata u:object_r:radio_factoryapp_efs_file:s0
|
||||
/efs/FactoryApp/hist_nv u:object_r:radio_factoryapp_efs_file:s0
|
||||
/efs/FactoryApp/test_nv u:object_r:radio_factoryapp_efs_file:s0
|
||||
/efs/gyro_cal_data u:object_r:sensor_efs_file:s0
|
||||
/efs/nv_data.bin(/.*)? u:object_r:bin_nv_data_efs_file:s0
|
||||
|
||||
# Exynrgd
|
||||
/sbin/exyrngd u:object_r:exyrngd_exec:s0
|
||||
|
||||
#line 1 "vendor/samsung/common/sepolicy/vmware/file_contexts"
|
||||
# VMware daemon
|
||||
/system/bin/mvpd u:object_r:vmwared_exec:s0
|
||||
|
||||
# Vmware device
|
||||
/dev/mvpkm u:object_r:vmware_device:s0
|
||||
|
||||
# VMWare sysfs
|
||||
/sys/hypervisor(/.*) u:object_r:sysfs_vmware_writable:s0
|
||||
#line 1 "vendor/samsung/common/sepolicy/qcom_common/carrier_spr/file_contexts"
|
||||
#### Kineto for secsprextension/java/com/oem/smartwifisupport
|
||||
/dev/socket/cfiat u:object_r:cfiat_socket:s0
|
||||
/dev/socket/kipc u:object_r:kipc_socket:s0
|
||||
|
||||
#############################
|
||||
# ItsOn file
|
||||
#
|
||||
/system/vendor/itson(/.*)? u:object_r:sprintitson_file:s0
|
||||
#/vendor/app(/.*)? u:object_r:sprintitson_file:s0
|
||||
/carrier/itson(/.*)? u:object_r:sprintitson_file:s0
|
||||
5
sepolicy/bluetooth.te
Normal file
5
sepolicy/bluetooth.te
Normal file
@@ -0,0 +1,5 @@
|
||||
# /dev/ttySAC3
|
||||
allow bluetooth bluetooth_device:chr_file { rw_file_perms ioctl };
|
||||
|
||||
# /data/.cid.info
|
||||
allow bluetooth wifi_data_file:file r_file_perms;
|
||||
42
sepolicy/cpboot-daemon.te
Normal file
42
sepolicy/cpboot-daemon.te
Normal file
@@ -0,0 +1,42 @@
|
||||
# modem daemon sec label
|
||||
type cpboot-daemon, domain;
|
||||
type cpboot-daemon_exec, exec_type, file_type;
|
||||
|
||||
net_domain(cpboot-daemon)
|
||||
init_daemon_domain(cpboot-daemon)
|
||||
wakelock_use(cpboot-daemon)
|
||||
unix_socket_connect(cpboot-daemon, property, init)
|
||||
|
||||
allow cpboot-daemon self:capability { dac_override setuid setgid };
|
||||
|
||||
# FIXME neverallow rule
|
||||
# allow cpboot-daemon self:capability mknod;
|
||||
allow cpboot-daemon kernel:system syslog_read;
|
||||
allow cpboot-daemon cgroup:dir create_dir_perms;
|
||||
|
||||
# /dev/log/*
|
||||
allow cpboot-daemon log_device:dir r_dir_perms;
|
||||
allow cpboot-daemon log_device:chr_file rw_file_perms;
|
||||
# /dev/kmsg (write to kernel log)
|
||||
allow cpboot-daemon kmsg_device:chr_file rw_file_perms;
|
||||
|
||||
# /dev/umts_boot0
|
||||
allow cpboot-daemon mif_device:chr_file rw_file_perms;
|
||||
# /dev/mbin0
|
||||
allow cpboot-daemon emmcblk_device:blk_file r_file_perms;
|
||||
# /dev/block/mmcblk0p13
|
||||
allow cpboot-daemon block_device:dir r_dir_perms;
|
||||
|
||||
# /dev/mipi-lli/lli_control
|
||||
allow cpboot-daemon sysfs_mipi_writable:file rw_file_perms;
|
||||
|
||||
# /efs
|
||||
allow cpboot-daemon efs_file:dir r_dir_perms;
|
||||
|
||||
# /efs/nv_data.bin
|
||||
allow cpboot-daemon bin_nv_data_efs_file:file rw_file_perms;
|
||||
|
||||
# set properties on boot
|
||||
set_prop(cpboot-daemon, cpboot-daemon_prop)
|
||||
set_prop(cpboot-daemon, radio_prop)
|
||||
set_prop(cpboot-daemon, system_prop)
|
||||
17
sepolicy/device.te
Normal file
17
sepolicy/device.te
Normal file
@@ -0,0 +1,17 @@
|
||||
# /dev/ttySAC3
|
||||
type bluetooth_device, dev_type;
|
||||
|
||||
# /dev/block/mmcblk0p[0-9] (/dev/mbin0)
|
||||
type emmcblk_device, file_type;
|
||||
|
||||
# /dev/umts_boot*, /dev/ehci_power
|
||||
type mif_device, dev_type;
|
||||
|
||||
# /dev/rfkill
|
||||
type rfkill_device, dev_type;
|
||||
|
||||
# /dev/seiren
|
||||
type seiren_device, dev_type;
|
||||
|
||||
# /dev/s5p-smem
|
||||
type secmem_device, dev_type;
|
||||
1
sepolicy/domain.te
Normal file
1
sepolicy/domain.te
Normal file
@@ -0,0 +1 @@
|
||||
dontaudit domain kernel:system module_request;
|
||||
20
sepolicy/file.te
Normal file
20
sepolicy/file.te
Normal file
@@ -0,0 +1,20 @@
|
||||
### efs types
|
||||
type app_efs_file, file_type;
|
||||
type baro_delta_factoryapp_efs_file, file_type;
|
||||
type bin_nv_data_efs_file, file_type;
|
||||
# widewine, drm
|
||||
type cpk_efs_file, file_type;
|
||||
type drm_efs_file, file_type;
|
||||
type factorymode_factoryapp_efs_file, file_type;
|
||||
type imei_efs_file, file_type;
|
||||
type prov_efs_file, file_type;
|
||||
type radio_factoryapp_efs_file, file_type;
|
||||
type sensor_efs_file, file_type;
|
||||
type wifi_efs_file, file_type;
|
||||
|
||||
### sysfs types
|
||||
type sysfs_mdnie_writable, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_mipi_writable, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_multipdp_writable, fs_type, sysfs_type, mlstrustedobject;
|
||||
|
||||
allow sysfs_type tmpfs:filesystem associate;
|
||||
103
sepolicy/file_contexts
Normal file
103
sepolicy/file_contexts
Normal file
@@ -0,0 +1,103 @@
|
||||
##########################
|
||||
# Devices
|
||||
#
|
||||
/dev/mali[0-9]* u:object_r:gpu_device:s0
|
||||
|
||||
/dev/seiren u:object_r:seiren_device:s0
|
||||
|
||||
/dev/ttySAC3 u:object_r:bluetooth_device:s0
|
||||
|
||||
/dev/s5p-smem u:object_r:secmem_device:s0
|
||||
/dev/mobicore u:object_r:tee_device:s0
|
||||
/dev/mobicore-user u:object_r:tee_device:s0
|
||||
|
||||
/dev/v4l-subdev[0-9]* u:object_r:video_device:s0
|
||||
/dev/media[0-3]* u:object_r:camera_device:s0
|
||||
/dev/m2m1shot_jpeg u:object_r:camera_device:s0
|
||||
|
||||
/dev/mtp_usb* u:object_r:mtp_device:s0
|
||||
|
||||
/dev/__cbd_msg_ u:object_r:mif_device:s0
|
||||
/dev/umts.* u:object_r:mif_device:s0
|
||||
/dev/ehci_power u:object_r:mif_device:s0
|
||||
/dev/mipi-lli/lli_control u:object_r:mif_device:s0
|
||||
|
||||
/dev/ttySAC[0-9]* u:object_r:gps_device:s0
|
||||
|
||||
/dev/block/mmcblk0p[0-9]* u:object_r:emmcblk_device:s0
|
||||
|
||||
/dev/rfkill u:object_r:rfkill_device:s0
|
||||
|
||||
####################################
|
||||
# efs files
|
||||
/efs/FactoryApp(/.*)? u:object_r:app_efs_file:s0
|
||||
/efs/FactoryApp/baro_delta u:object_r:baro_delta_factoryapp_efs_file:s0
|
||||
/efs/FactoryApp/factorymode u:object_r:factorymode_factoryapp_efs_file:s0
|
||||
/efs/FactoryApp/fdata u:object_r:radio_factoryapp_efs_file:s0
|
||||
/efs/FactoryApp/hist_nv u:object_r:radio_factoryapp_efs_file:s0
|
||||
/efs/FactoryApp/test_nv u:object_r:radio_factoryapp_efs_file:s0
|
||||
|
||||
/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
|
||||
/efs/drm(/.*)? u:object_r:drm_efs_file:s0
|
||||
/efs/gyro_cal_data u:object_r:sensor_efs_file:s0
|
||||
/efs/h2k.dat u:object_r:cpk_efs_file:s0
|
||||
/efs/imei(/.*)? u:object_r:imei_efs_file:s0
|
||||
/efs/nv_data.bin(.*) u:object_r:bin_nv_data_efs_file:s0
|
||||
/efs/prov(/.*)? u:object_r:prov_efs_file:s0
|
||||
/efs/prov_data(/.*)? u:object_r:prov_efs_file:s0
|
||||
/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
|
||||
/efs/wv.keys u:object_r:cpk_efs_file:s0
|
||||
|
||||
####################################
|
||||
# data files
|
||||
/data/.cid.info u:object_r:wifi_data_file:s0
|
||||
/data/.wifiver.info u:object_r:wifi_data_file:s0
|
||||
|
||||
/data/misc/radio(/.*)? u:object_r:radio_data_file:s0
|
||||
|
||||
# gps
|
||||
/data/system/gps/\.flp\.interface\.pipe\.to_gpsd u:object_r:gps_data_file:s0
|
||||
/data/system/gps/\.gps\.interface\.pipe\.to_gpsd u:object_r:gps_data_file:s0
|
||||
/data/system/gps/\.gps\.interface\.pipe\.to_jni u:object_r:gps_data_file:s0
|
||||
/data/system/gps/\.gpsd\.lock u:object_r:gps_data_file:s0
|
||||
/data/system/gps/gldata\.sto u:object_r:gps_data_file:s0
|
||||
/data/system/gps/alt\.dat u:object_r:gps_data_file:s0
|
||||
/data/system/gps/lto2\.dat u:object_r:gps_data_file:s0
|
||||
/data/system/gps/ltoStatus\.txt u:object_r:gps_data_file:s0
|
||||
|
||||
/data/gps/ctrlpipe u:object_r:gps_data_file:s0
|
||||
/data/gps/.gpslogd.pipe u:object_r:gps_data_file:s0
|
||||
/data/gps/nmeapipe u:object_r:gps_data_file:s0
|
||||
|
||||
####################################
|
||||
# sysfs files
|
||||
/sys/class/power_supply/battery/music -- u:object_r:sysfs_writable:s0
|
||||
/sys/class/devfreq/exynos5-busfreq-mif(/.*)? -- u:object_r:sysfs_writable:s0
|
||||
/sys/class/lcd(/.*)? -- u:object_r:sysfs_writable:s0
|
||||
|
||||
# bluetooth
|
||||
/sys/devices/bluetooth.[0-9]*/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
|
||||
/sys/devices/bluetooth.[0-9]*/rfkill/rfkill0/type u:object_r:sysfs_bluetooth_writable:s0
|
||||
|
||||
# cbd
|
||||
/sys/devices/10f24000.mipi-lli/lli_control u:object_r:sysfs_mipi_writable:s0
|
||||
|
||||
# rild
|
||||
/sys/devices/virtual/misc/multipdp(/.*) u:object_r:sysfs_multipdp_writable:s0
|
||||
|
||||
# mDNIe
|
||||
/sys/devices/[0-9]*.decon_fb/lcd/panel/mdnie/mode u:object_r:sysfs_mdnie_writable:s0
|
||||
/sys/devices/[0-9]*.decon_fb/lcd/panel/mdnie/scenario u:object_r:sysfs_mdnie_writable:s0
|
||||
|
||||
####################################
|
||||
# deamons
|
||||
#
|
||||
|
||||
/system/bin/mcDriverDaemon -- u:object_r:tee_exec:s0
|
||||
/system/bin/macloader -- u:object_r:macloader_exec:s0
|
||||
/system/bin/modemloader -- u:object_r:modemloader_exec:s0
|
||||
/system/bin/sensorhubservice -- u:object_r:sensorhubservice_exec:s0
|
||||
/system/bin/wifiloader -- u:object_r:wifiloader_exec:s0
|
||||
|
||||
/system/bin/cbd -- u:object_r:cpboot-daemon_exec:s0
|
||||
/system/bin/gpsd -- u:object_r:gpsd_exec:s0
|
||||
2
sepolicy/fsck.te
Normal file
2
sepolicy/fsck.te
Normal file
@@ -0,0 +1,2 @@
|
||||
# /dev/block/mmcblk0p3
|
||||
allow fsck emmcblk_device:blk_file rw_file_perms;
|
||||
21
sepolicy/gpsd.te
Normal file
21
sepolicy/gpsd.te
Normal file
@@ -0,0 +1,21 @@
|
||||
# Automatically label files created in /data/system/gps as gps_data_file
|
||||
file_type_auto_trans(gpsd, system_data_file, gps_data_file)
|
||||
|
||||
# Allow rild to connect to gpsd
|
||||
unix_socket_connect(gpsd, property, rild)
|
||||
|
||||
allow gpsd system_server:unix_stream_socket { read write setopt };
|
||||
|
||||
binder_call(gpsd, system_server)
|
||||
binder_use(gpsd)
|
||||
|
||||
allow gpsd self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
|
||||
allow gpsd gps_device:chr_file { getattr setattr };
|
||||
allow gpsd gps_data_file:dir { search write add_name remove_name };
|
||||
allow gpsd gps_data_file:file { create rw_file_perms };
|
||||
allow gpsd gps_data_file:fifo_file { unlink create setattr getattr rw_file_perms };
|
||||
|
||||
allow gpsd sysfs_wake_lock:file rw_file_perms;
|
||||
|
||||
allow gpsd sensorservice_service:service_manager { find };
|
||||
3
sepolicy/healthd.te
Normal file
3
sepolicy/healthd.te
Normal file
@@ -0,0 +1,3 @@
|
||||
# healthd
|
||||
allow healthd device:dir rw_dir_perms;
|
||||
allow healthd rtc_device:chr_file rw_file_perms;
|
||||
17
sepolicy/init.te
Normal file
17
sepolicy/init.te
Normal file
@@ -0,0 +1,17 @@
|
||||
# Mount debugfs on /sys/kernel/debug.
|
||||
allow init debugfs:dir mounton;
|
||||
|
||||
# /dev/block/mmcblk0p[0-9]
|
||||
allow init emmcblk_device:blk_file rw_file_perms;
|
||||
|
||||
allow init block_device:lnk_file { setattr };
|
||||
allow init tmpfs:lnk_file create_file_perms;
|
||||
|
||||
# /data
|
||||
allow init sdcardd_exec:file r_file_perms;
|
||||
|
||||
# sysfs iio:device[0-9]
|
||||
allow init sysfs:lnk_file setattr;
|
||||
|
||||
# read/chown mDNIE symlinks
|
||||
allow init sysfs_mdnie_writable:lnk_file { read setattr };
|
||||
12
sepolicy/kernel.te
Normal file
12
sepolicy/kernel.te
Normal file
@@ -0,0 +1,12 @@
|
||||
allow kernel self:capability { mknod };
|
||||
# /dev/mbin0
|
||||
allow kernel emmcblk_device:blk_file r_file_perms;
|
||||
allow kernel device:blk_file { create setattr getattr unlink };
|
||||
# /bus/usb/001/001
|
||||
allow kernel device:dir { create write remove_name rmdir add_name };
|
||||
allow kernel device:chr_file { create setattr getattr unlink };
|
||||
|
||||
# /sys/devices/system/cpu/cpu[0-9]/cpufreq/*
|
||||
allow kernel kernel:capability { chown };
|
||||
allow kernel sysfs_devices_system_cpu:file { setattr };
|
||||
allow kernel sysfs:file { setattr };
|
||||
30
sepolicy/macloader.te
Normal file
30
sepolicy/macloader.te
Normal file
@@ -0,0 +1,30 @@
|
||||
#### macloader
|
||||
#
|
||||
type macloader, domain;
|
||||
type macloader_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(macloader)
|
||||
|
||||
allow macloader self:capability { chown dac_override fowner fsetid };
|
||||
allow macloader self:process execmem;
|
||||
|
||||
# Write into /data
|
||||
allow macloader system_data_file:dir { add_name search write };
|
||||
allow macloader system_file:file execute_no_trans;
|
||||
|
||||
# /data/.cid.info
|
||||
# Automatically label files created in /data/ as wifi_data_file
|
||||
file_type_auto_trans(macloader, system_data_file, wifi_data_file)
|
||||
|
||||
allow macloader wifi_data_file:dir create_dir_perms;
|
||||
allow macloader wifi_data_file:file { create_file_perms getattr setattr };
|
||||
|
||||
# /sys/module/dhd/parameters/nvram_path
|
||||
allow macloader sysfs:file rw_file_perms;
|
||||
|
||||
# /efs
|
||||
allow macloader efs_file:dir r_dir_perms;
|
||||
|
||||
# /efs/wifi/.mac.info
|
||||
allow macloader wifi_efs_file:dir r_dir_perms;
|
||||
allow macloader wifi_efs_file:file r_file_perms;
|
||||
14
sepolicy/mediaserver.te
Normal file
14
sepolicy/mediaserver.te
Normal file
@@ -0,0 +1,14 @@
|
||||
# /dev/seiren
|
||||
allow mediaserver seiren_device:chr_file { ioctl rw_file_perms };
|
||||
# /dev/s5p-smem
|
||||
allow mediaserver secmem_device:chr_file { ioctl rw_file_perms };
|
||||
|
||||
# /efs
|
||||
allow mediaserver efs_file:dir r_dir_perms;
|
||||
|
||||
# /efs/wv.keys
|
||||
allow mediaserver efs_file:file r_file_perms;
|
||||
|
||||
# Snap permissions
|
||||
allow mediaserver sensorservice_service:service_manager { find };
|
||||
allow mediaserver system_server:unix_stream_socket { read write };
|
||||
10
sepolicy/modemloader.te
Normal file
10
sepolicy/modemloader.te
Normal file
@@ -0,0 +1,10 @@
|
||||
#### modemloader
|
||||
#
|
||||
type modemloader, domain;
|
||||
type modemloader_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(modemloader)
|
||||
|
||||
allow modemloader proc:file r_file_perms;
|
||||
|
||||
set_prop(modemloader, modemloader_prop)
|
||||
1
sepolicy/netd.te
Normal file
1
sepolicy/netd.te
Normal file
@@ -0,0 +1 @@
|
||||
allow netd self:capability sys_module;
|
||||
5
sepolicy/property.te
Normal file
5
sepolicy/property.te
Normal file
@@ -0,0 +1,5 @@
|
||||
# Modemloader
|
||||
type modemloader_prop, property_type;
|
||||
|
||||
# CP-Boot Daemon
|
||||
type cpboot-daemon_prop, property_type;
|
||||
2
sepolicy/property_contexts
Normal file
2
sepolicy/property_contexts
Normal file
@@ -0,0 +1,2 @@
|
||||
# modemloader
|
||||
hw.revision u:object_r:modemloader_prop:s0
|
||||
36
sepolicy/rild.te
Normal file
36
sepolicy/rild.te
Normal file
@@ -0,0 +1,36 @@
|
||||
# Allow additiional efs access
|
||||
allow rild bin_nv_data_efs_file:file create_file_perms;
|
||||
allow rild imei_efs_file:dir r_dir_perms;
|
||||
allow rild imei_efs_file:file r_file_perms;
|
||||
allow rild app_efs_file:dir r_dir_perms;
|
||||
allow rild app_efs_file:file r_file_perms;
|
||||
|
||||
# /dev/mbin0
|
||||
allow rild block_device:dir r_dir_perms;
|
||||
allow rild emmcblk_device:blk_file r_file_perms;
|
||||
|
||||
# /dev/umts_boot0, /dev/umts_ipc0
|
||||
allow rild mif_device:chr_file rw_file_perms;
|
||||
|
||||
# /sys/devices/virtual/misc/multipdp/waketime
|
||||
allow rild sysfs_multipdp_writable:file rw_file_perms;
|
||||
|
||||
# /proc/sys/net/ipv6/conf/*/accept_ra_defrtr
|
||||
allow rild proc_net:file rw_file_perms;
|
||||
|
||||
allow rild gpsd:dir r_dir_perms;
|
||||
allow rild gpsd:file r_file_perms;
|
||||
|
||||
# rild reads /proc/pid/cmdline of mediaserver
|
||||
allow rild mediaserver:dir { open read search getattr };
|
||||
allow rild mediaserver:file { open read getattr };
|
||||
|
||||
# /data/misc/radio/*
|
||||
allow rild radio_data_file:dir rw_dir_perms;
|
||||
allow rild radio_data_file:file create_file_perms;
|
||||
|
||||
# sdcard/SDET_PLMN/input/MNCMCC.txt
|
||||
allow rild storage_file:dir { r_dir_perms };
|
||||
allow rild storage_file:lnk_file { r_file_perms };
|
||||
allow rild mnt_user_file:dir { r_dir_perms };
|
||||
allow rild mnt_user_file:lnk_file { r_file_perms };
|
||||
6
sepolicy/sensorhubservice.te
Normal file
6
sepolicy/sensorhubservice.te
Normal file
@@ -0,0 +1,6 @@
|
||||
#### sensorhubservice
|
||||
#
|
||||
type sensorhubservice, domain;
|
||||
type sensorhubservice_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(sensorhubservice)
|
||||
2
sepolicy/service_contexts
Normal file
2
sepolicy/service_contexts
Normal file
@@ -0,0 +1,2 @@
|
||||
# HWC
|
||||
Exynos.HWCService u:object_r:surfaceflinger_service:s0
|
||||
2
sepolicy/system_app.te
Normal file
2
sepolicy/system_app.te
Normal file
@@ -0,0 +1,2 @@
|
||||
allow system_app sysfs_mdnie_writable:{ file lnk_file } rw_file_perms;
|
||||
allow system_app sysfs_mdnie_writable:dir search;
|
||||
28
sepolicy/system_server.te
Normal file
28
sepolicy/system_server.te
Normal file
@@ -0,0 +1,28 @@
|
||||
# /dev/mbin0
|
||||
allow system_server emmcblk_device:dir search;
|
||||
|
||||
# /efs
|
||||
allow system_server efs_file:dir r_dir_perms;
|
||||
|
||||
# /efs/gyro_cal_data
|
||||
allow system_server sensor_efs_file:file r_file_perms;
|
||||
|
||||
# /data/system/gps/.gps.interface.pipe.*
|
||||
type_transition system_server system_data_file:fifo_file gps_data_file ".flp.interface.pipe.to_gpsd";
|
||||
type_transition system_server system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_gpsd";
|
||||
type_transition system_server system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_jni";
|
||||
allow system_server gps_data_file:fifo_file create_file_perms;
|
||||
allow system_server gps_data_file:dir rw_dir_perms;
|
||||
|
||||
# /efs/prox_cal
|
||||
allow system_server efs_file:file r_file_perms;
|
||||
|
||||
# WifiMachine
|
||||
allow system_server self:capability { sys_module };
|
||||
allow system_server wifi_efs_file:dir r_dir_perms;
|
||||
allow system_server wifi_efs_file:file r_file_perms;
|
||||
|
||||
# mDNIE
|
||||
allow system_server sysfs_mdnie_writable:lnk_file rw_file_perms;
|
||||
allow system_server sysfs_mdnie_writable:dir rw_dir_perms;
|
||||
allow system_server sysfs_mdnie_writable:file rw_file_perms;
|
||||
4
sepolicy/tee.te
Normal file
4
sepolicy/tee.te
Normal file
@@ -0,0 +1,4 @@
|
||||
# mobicore
|
||||
|
||||
# Allow to create files and directories /data/app/mcRegistry
|
||||
file_type_auto_trans(tee, apk_data_file, tee_data_file);
|
||||
5
sepolicy/ueventd.te
Normal file
5
sepolicy/ueventd.te
Normal file
@@ -0,0 +1,5 @@
|
||||
# /dev/block/mmcblk0p[0-9]
|
||||
allow ueventd emmcblk_device:blk_file create_file_perms;
|
||||
|
||||
# /sys/devices/virtual/misc/multipdp/uevent
|
||||
allow ueventd sysfs_multipdp_writable:file rw_file_perms;
|
||||
2
sepolicy/uncrypt.te
Normal file
2
sepolicy/uncrypt.te
Normal file
@@ -0,0 +1,2 @@
|
||||
allow uncrypt emmcblk_device:blk_file w_file_perms;
|
||||
allow uncrypt emmcblk_device:dir r_dir_perms;
|
||||
5
sepolicy/vold.te
Normal file
5
sepolicy/vold.te
Normal file
@@ -0,0 +1,5 @@
|
||||
# /efs
|
||||
allow vold efs_file:dir r_dir_perms;
|
||||
# /dev/block/mmcblk0p[0-9]
|
||||
allow vold emmcblk_device:dir create_dir_perms;
|
||||
allow vold emmcblk_device:blk_file create_file_perms;
|
||||
8
sepolicy/wifiloader.te
Normal file
8
sepolicy/wifiloader.te
Normal file
@@ -0,0 +1,8 @@
|
||||
#### wifiloader
|
||||
#
|
||||
type wifiloader, domain;
|
||||
type wifiloader_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(wifiloader)
|
||||
|
||||
allow wifiloader proc:file r_file_perms;
|
||||
9
sepolicy/wpa.te
Normal file
9
sepolicy/wpa.te
Normal file
@@ -0,0 +1,9 @@
|
||||
# /dev/rfkill
|
||||
allow wpa rfkill_device:chr_file r_file_perms;
|
||||
|
||||
# /efs
|
||||
allow wpa efs_file:dir r_dir_perms;
|
||||
|
||||
# /efs/wifi
|
||||
allow wpa wifi_efs_file:dir r_dir_perms;
|
||||
allow wpa wifi_efs_file:file r_file_perms;
|
||||
Reference in New Issue
Block a user