xiaomi-unicorn1/android_device_qcom_sepolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

modifying boarconfig.mk to pick system side sepolicy.

Browse Source 
removing vendor sepolicy from sepolicy this project as
it is moved to sepolicy_vndr project.

Change-Id: I03f185b2ababf068ff337a7873acec2fe1a8f069
This commit is contained in:
Jaihind Yadav
2020-05-21 11:11:30 +05:30
committed by Gerrit - the friendly Code Review server
parent 41eda38a7c
commit 1f7641cb96
708 changed files with 0 additions and 37233 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
SEPolicy.mk
View File

@@ -29,44 +29,4 @@ PRODUCT_PRIVATE_SEPOLICY_DIRS := \
$(SEPOLICY_PATH)/generic/product/private \
$(SEPOLICY_PATH)/qva/product/private
ifeq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM)))
BOARD_SEPOLICY_DIRS := \
$(BOARD_SEPOLICY_DIRS) \
$(SEPOLICY_PATH) \
$(SEPOLICY_PATH)/generic/vendor/common \
$(SEPOLICY_PATH)/qva/vendor/common/sysmonapp \
$(SEPOLICY_PATH)/qva/vendor/ssg \
$(SEPOLICY_PATH)/qva/vendor/common
ifeq ($(TARGET_SEPOLICY_DIR),)
BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/generic/vendor/$(TARGET_BOARD_PLATFORM)
BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/$(TARGET_BOARD_PLATFORM)
else
BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/generic/vendor/$(TARGET_SEPOLICY_DIR)
BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/$(TARGET_SEPOLICY_DIR)
endif
ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/generic/vendor/test
BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/test
endif
endif
ifneq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM)))
BOARD_SEPOLICY_DIRS := \
$(BOARD_SEPOLICY_DIRS) \
$(SEPOLICY_PATH) \
$(SEPOLICY_PATH)/legacy/vendor/common/sysmonapp \
$(SEPOLICY_PATH)/legacy/vendor/ssg \
$(SEPOLICY_PATH)/legacy/vendor/common
ifeq ($(TARGET_SEPOLICY_DIR),)
BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/legacy/vendor/$(TARGET_BOARD_PLATFORM)
else
BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/legacy/vendor/$(TARGET_SEPOLICY_DIR)
endif
ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/legacy/vendor/test
endif
endif
endif

43
generic/vendor/common/adsprpcd.te vendored
View File

@@ -1,43 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_adsprpcd, domain;
type vendor_adsprpcd_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_adsprpcd)
allow vendor_adsprpcd ion_device:chr_file r_file_perms;
allow vendor_adsprpcd vendor_qdsp_device:chr_file r_file_perms;
allow vendor_adsprpcd vendor_xdsp_device:chr_file r_file_perms;
allow vendor_adsprpcd system_file:dir r_dir_perms;
r_dir_file(vendor_adsprpcd, adsprpcd_file)
get_prop(vendor_adsprpcd, vendor_adsprpc_prop)
allow vendor_adsprpcd vendor_persist_sensors_file:dir create_dir_perms;
allow vendor_adsprpcd vendor_persist_sensors_file:file create_file_perms;
allow vendor_adsprpcd mnt_vendor_file:dir r_dir_perms;

38
generic/vendor/common/app.te vendored
View File

@@ -1,38 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Allow all apps to open and send ioctl to qdsp device
allow appdomain vendor_qdsp_device:chr_file r_file_perms;
# For the camera app
get_prop(appdomain, vendor_camera_prop)
#Allow all apps to have read access to vendor_adsprpc_prop
get_prop(appdomain, vendor_adsprpc_prop)
# Allow all apps to open and send ioctl to npu device
allow appdomain vendor_npu_device:chr_file r_file_perms;

43
generic/vendor/common/atfwd.te vendored
View File

@@ -1,43 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_atfwd, domain;
type vendor_atfwd_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_atfwd)
allow vendor_atfwd self:socket create_socket_perms;
allow vendor_atfwd self:qipcrtr_socket create_socket_perms_no_ioctl;
allowxperm vendor_atfwd self:socket ioctl msm_sock_ipc_ioctls;
binder_call(vendor_atfwd, system_app);
r_dir_file(vendor_atfwd, vendor_sysfs_data);
set_prop(vendor_atfwd, vendor_radio_prop)
hwbinder_use(vendor_atfwd)
get_prop(vendor_atfwd, hwservicemanager_prop)

61
generic/vendor/common/attributes vendored
View File

@@ -1,61 +0,0 @@
# Copyright (c) 2016-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
attribute vendor_hal_hbtp;
attribute vendor_hal_hbtp_client;
attribute vendor_hal_hbtp_server;
attribute vendor_hal_qdutils_disp;
attribute vendor_hal_qdutils_disp_client;
attribute vendor_hal_qdutils_disp_server;
attribute vendor_hal_trustedui;
attribute vendor_hal_trustedui_client;
attribute vendor_hal_trustedui_server;
attribute vendor_hal_tui_comm;
attribute vendor_hal_tui_comm_client;
attribute vendor_hal_tui_comm_server;
attribute vendor_hal_display_color;
attribute vendor_hal_display_color_client;
attribute vendor_hal_display_color_server;
attribute vendor_hal_display_postproc;
attribute vendor_hal_display_postproc_client;
attribute vendor_hal_display_postproc_server;
# All types in /mnt/vendor/persist
attribute vendor_persist_type;
attribute vendor_hal_capabilityconfigstore_qti;
attribute vendor_hal_capabilityconfigstore_qti_client;
attribute vendor_hal_capabilityconfigstore_qti_server;
attribute vendor_hal_dataconnection_qti;
attribute vendor_hal_dataconnection_qti_client;
attribute vendor_hal_dataconnection_qti_server;

39
generic/vendor/common/audioadsprpcd.te vendored
View File

@@ -1,39 +0,0 @@
# Copyright (c) 2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_audioadsprpcd, domain;
type vendor_audioadsprpcd_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_audioadsprpcd)
allow vendor_audioadsprpcd ion_device:chr_file r_file_perms;
allow vendor_audioadsprpcd vendor_qdsp_device:chr_file r_file_perms;
allow vendor_audioadsprpcd vendor_xdsp_device:chr_file r_file_perms;
r_dir_file(vendor_audioadsprpcd, adsprpcd_file)
get_prop(vendor_audioadsprpcd, vendor_adsprpc_prop)
allow vendor_audioadsprpcd mnt_vendor_file:dir r_dir_perms;

34
generic/vendor/common/audioserver.te vendored
View File

@@ -1,34 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
binder_call(audioserver, bootanim)
# audio properties
get_prop(audioserver, vendor_audio_prop)
userdebug_or_eng(`
diag_use(audioserver)
')

29
generic/vendor/common/bluetooth.te vendored
View File

@@ -1,29 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Allow access to net_admin ioctls
allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
get_prop(bluetooth, vendor_bluetooth_prop)

35
generic/vendor/common/bootanim.te vendored
View File

@@ -1,35 +0,0 @@
# Copyright (c) 2018,2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow bootanim hwservicemanager:binder call;
# TODO(b/62954877). On Android Wear, bootanim reads the time
# during boot to display. It currently gets that time from a file
# in /data/system. This should be moved. In the meantime, suppress
# this denial on phones since this functionality is not used.
dontaudit bootanim system_data_file:dir read;
dontaudit bootanim vendor_hal_qspmhal_hwservice:hwservice_manager find;

41
generic/vendor/common/cameraserver.te vendored
View File

@@ -1,41 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow cameraserver gpu_device:chr_file rw_file_perms;
get_prop(cameraserver, vendor_camera_prop)
allow cameraserver vendor_sysfs_camera:file r_file_perms;
allow cameraserver vendor_sysfs_camera:dir search;
allow cameraserver system_file:dir r_dir_perms;
allow cameraserver system_server:unix_stream_socket { read write };
# TODO (b/37688918) Verify that this is actually needed and not a violation of treble
binder_call(cameraserver, mediacodec)
#allow cameraserver to read adsprpc_prop
get_prop(cameraserver, vendor_adsprpc_prop)

47
generic/vendor/common/cdsprpcd.te vendored
View File

@@ -1,47 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# vendor_cdsprpcd daemon
type vendor_cdsprpcd, domain;
type vendor_cdsprpcd_exec, exec_type, vendor_file_type, file_type;
# Started by init
init_daemon_domain(vendor_cdsprpcd)
# For reading dir/files on /dsp
r_dir_file(vendor_cdsprpcd, adsprpcd_file)
# For reading adsprpc_prop
get_prop(vendor_cdsprpcd, vendor_adsprpc_prop)
allow vendor_cdsprpcd vendor_qdsp_device:chr_file r_file_perms;
allow vendor_cdsprpcd vendor_xdsp_device:chr_file r_file_perms;
allow vendor_cdsprpcd ion_device:chr_file r_file_perms;
r_dir_file(vendor_cdsprpcd, vendor_sysfs_devfreq)
allow vendor_cdsprpcd vendor_sysfs_devfreq_l3cdsp:dir r_dir_perms;
allow vendor_cdsprpcd vendor_sysfs_devfreq_l3cdsp:file rw_file_perms;

37
generic/vendor/common/charger.te vendored
View File

@@ -1,37 +0,0 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow charger self:capability2 wake_alarm;
r_dir_file(charger, vendor_sysfs_battery_supply)
r_dir_file(charger, vendor_sysfs_usb_supply)
allow charger {
vendor_sysfs_battery_supply
vendor_sysfs_usb_supply
}:file w_file_perms;
dontaudit charger device:dir r_dir_perms;
dontaudit charger self:capability sys_admin;

41
generic/vendor/common/chre.te vendored
View File

@@ -1,41 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# This daemon loads the Context Hub Runtime Environment (CHRE) dynamic modules
# onto the SLPI using FastRPC, and exposes a sockets interface for clients on
# the applications processor to interact CHRE
type vendor_chre, domain;
type vendor_chre_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_chre)
r_dir_file(vendor_chre, adsprpcd_file)
#allow vendor_chre to read adsprpc_prop
get_prop(vendor_chre, vendor_adsprpc_prop)
allow vendor_chre ion_device:chr_file r_file_perms;
allow vendor_chre vendor_qdsp_device:chr_file r_file_perms;
allow vendor_chre vendor_xdsp_device:chr_file r_file_perms;
allow vendor_chre vendor_dsp_device:chr_file r_file_perms;

86
generic/vendor/common/cnd.te vendored
View File

@@ -1,86 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_cnd, domain;
type vendor_cnd_exec, exec_type, vendor_file_type, file_type;
file_type_auto_trans(vendor_cnd, socket_device, vendor_cnd_socket);
# vendor_cnd is started by init, type transit from init domain to vendor_cnd domain
init_daemon_domain(vendor_cnd)
#communicating with QTI wlan driver for WFC/ VTiWLAN quality
allow vendor_cnd self:capability net_bind_service;
unix_socket_send(vendor_cnd, wpa, hal_wifi_supplicant)
allow vendor_cnd wpa_data_file:dir w_dir_perms;
allow vendor_cnd wpa_data_file:sock_file create_file_perms;
#allow processing of VoWifi indications from modem over QMI while dozing
allow vendor_cnd self:capability2 block_suspend;
allow vendor_cnd self:udp_socket create_socket_perms;
allow vendor_cnd self:{
# Allow receiving NETLINK responses from WLAN driver.
netlink_socket
netlink_generic_socket
qipcrtr_socket
} create_socket_perms_no_ioctl;
allowxperm vendor_cnd self:udp_socket ioctl SIOCGIFMTU;
allow vendor_cnd vendor_sysfs_timestamp_switch:file r_file_perms;
allow vendor_cnd vendor_sysfs_data:file r_file_perms;
allow vendor_cnd proc_meminfo:file r_file_perms;
set_prop(vendor_cnd, vendor_cnd_prop)
# allow vendor_cnd to access vendor_cnd_data_file
allow vendor_cnd vendor_cnd_data_file:file create_file_perms;
allow vendor_cnd vendor_cnd_data_file:sock_file { unlink create setattr };
allow vendor_cnd vendor_cnd_data_file:dir rw_dir_perms;
# allow vendor_cnd to obtain wakelock
wakelock_use(vendor_cnd)
allow vendor_cnd vendor_ipa_vendor_data_file:dir r_dir_perms;
allow vendor_cnd vendor_ipa_vendor_data_file:file r_file_perms;
# To register vendor_cnd to hwbinder
add_hwservice(vendor_cnd, vendor_hal_datafactory_hwservice)
hwbinder_use(vendor_cnd)
get_prop(vendor_cnd, hwservicemanager_prop)
binder_call(vendor_cnd, vendor_dataservice_app)
binder_call(vendor_cnd, vendor_qtidataservices_app)
binder_call(vendor_cnd, vendor_ims)
binder_call(vendor_cnd, vendor_location)
r_dir_file(vendor_cnd, vendor_sysfs_ssr)
#diag
userdebug_or_eng(`
diag_use(vendor_cnd)
r_dir_file(vendor_cnd, vendor_sysfs_diag)
')

40
generic/vendor/common/dataservice_app.te vendored
View File

@@ -1,40 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
get_prop(vendor_dataservice_app, vendor_cnd_prop)
allow vendor_dataservice_app vendor_hal_imsrcsd_hwservice:hwservice_manager find;
allow vendor_dataservice_app vendor_hal_datafactory_hwservice:hwservice_manager find;
allow vendor_dataservice_app vendor_sysfs_data:file r_file_perms;
binder_call(vendor_dataservice_app, vendor_cnd)
# imsrcsd to bind with UceShimService.apk
binder_call(vendor_dataservice_app, vendor_hal_rcsservice)
hal_client_domain(vendor_dataservice_app , vendor_hal_perf)

68
generic/vendor/common/device.te vendored
View File

@@ -1,68 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_ab_block_device, dev_type;
type vendor_at_device, dev_type;
type vendor_avtimer_device, dev_type;
type vendor_bt_device, dev_type;
type vendor_bu21150_device, dev_type;
type vendor_citadel_device, dev_type;
type vendor_custom_ab_block_device, dev_type;
type vendor_diag_device, dev_type, mlstrustedobject;
type vendor_dsp_device, dev_type;
type vendor_xdsp_device, dev_type;
type vendor_easel_device, dev_type;
type vendor_hbtp_device, dev_type;
type vendor_hvdcp_device, dev_type;
type vendor_ipa_dev, dev_type;
type vendor_latency_device, dev_type;
type vendor_limits_block_device, dev_type;
type vendor_modem_block_device, dev_type;
type vendor_modem_efs_partition_device, dev_type;
type vendor_mdtp_device, dev_type;
type vendor_persist_block_device, dev_type;
type vendor_vm_data_block_device, dev_type;
type vendor_qsee_ipc_irq_spss_device, dev_type;
type vendor_qdsp_device, dev_type, mlstrustedobject;
type vendor_ramdump_device, dev_type;
type vendor_ramdump_microdump_modem_device, dev_type;
type vendor_rmnet_device, dev_type;
type vendor_gpt_block_device, dev_type;
type vendor_ramdump_block_device, dev_type;
type vendor_rpmb_device, dev_type;
type vendor_seemplog_device, dev_type;
type vendor_sg_device, dev_type;
type vendor_bsg_device, dev_type;
type vendor_smd_device, dev_type;
type vendor_spcom_device, dev_type;
type vendor_ssd_block_device, dev_type;
type vendor_ssr_device, dev_type;
type vendor_synx_device, dev_type;
type vendor_wlan_device, dev_type;
type vendor_xbl_block_device, dev_type;
type vendor_uefi_block_device, dev_type;
type vendor_qce_device, dev_type;
type vendor_npu_device, dev_type;

37
generic/vendor/common/diag-router.te vendored
View File

@@ -1,37 +0,0 @@
# Copyright (c) 2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_diag-router, domain;
type vendor_diag-router_exec, exec_type, vendor_file_type, file_type;
userdebug_or_eng(`
init_daemon_domain(vendor_diag-router)
allow vendor_diag-router functionfs:dir r_dir_perms;
allow vendor_diag-router functionfs:file rw_file_perms;
allow vendor_diag-router self:qipcrtr_socket create_socket_perms_no_ioctl;
allow vendor_diag-router vendor_mhi_diag_device:chr_file rw_file_perms;
allow { domain -coredomain -hal_configstore -vendor_init} vendor_diag-router:unix_stream_socket connectto;
')

70
generic/vendor/common/diag.te vendored
View File

@@ -1,70 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_diag, domain;
type vendor_diag_exec, exec_type, vendor_file_type, file_type;
userdebug_or_eng(`
domain_auto_trans(shell, vendor_diag_exec, vendor_diag)
#domain_auto_trans(adbd, vendor_diag_exec, vendor_diag)
allow vendor_diag {
vendor_diag_device
devpts
tty_device
# allow access to qseecom for drmdiagapp
tee_device
}:chr_file rw_file_perms;
allow vendor_diag {
shell
su
}:fd use;
allow vendor_diag {
cgroup
fuse
vendor_persist_drm_file
}:dir create_dir_perms;
allow vendor_diag port:tcp_socket name_connect;
allow vendor_diag self:capability { setuid net_raw sys_admin setgid };
allow vendor_diag self:capability2 syslog;
allow vendor_diag self:tcp_socket { create connect setopt};
wakelock_use(vendor_diag)
allow vendor_diag kernel:system syslog_mod;
# allow drmdiagapp access to drm related paths
allow vendor_diag mnt_vendor_file:dir r_dir_perms;
r_dir_file(vendor_diag, vendor_persist_data_file)
# Write to drm related pieces of persist partition
allow vendor_diag vendor_persist_drm_file:file create_file_perms;
# For DiagExample daemon
init_daemon_domain(vendor_diag)
net_domain(vendor_diag)
allow vendor_diag fuse:dir r_dir_perms;
allow vendor_diag fuse:file r_file_perms;
r_dir_file(vendor_diag, storage_file)
r_dir_file(vendor_diag, mnt_user_file)
')

61
generic/vendor/common/domain.te vendored
View File

@@ -1,61 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
userdebug_or_eng(`
allow domain vendor_diag_device:chr_file rw_file_perms;
')
# In order for /sys/kernel/debug/kgsl/proc/<pid>/mem
# to be created for memory tracking, the domain of
# the tracked process must have permission to search
# in /sys/kernel/debug/kgsl
allow domain vendor_debugfs_kgsl:dir search;
allow domain vendor_debugfs_ion:dir search;
get_prop(domain, vendor_gralloc_prop)
r_dir_file({domain - isolated_app}, vendor_sysfs_soc);
r_dir_file({domain - isolated_app}, vendor_sysfs_esoc);
r_dir_file({domain - isolated_app}, vendor_sysfs_ssr);
r_dir_file({domain - isolated_app}, sysfs_thermal);
get_prop(domain, vendor_public_vendor_default_prop)
dontaudit domain kernel:system module_request;
# For compliance testing test suite reads vendor_security_path_level
# Which is the public readable property “ ro.vendor.build.security_patch
get_prop(domain, vendor_security_patch_level_prop)
neverallow {
coredomain
-init
-ueventd
-vold
} vendor_persist_type: { dir file } *;
# Allow all context to read gpu model
allow { domain - isolated_app } vendor_sysfs_kgsl_gpu_model:file r_file_perms;

29
generic/vendor/common/dontaudit.te vendored
View File

@@ -1,29 +0,0 @@
# Copyright (c) 2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
dontaudit vendor_qti_init_shell self:capability dac_override;
dontaudit vendor_modprobe proc_cmdline:file read;

50
generic/vendor/common/fastbootd.te vendored
View File

@@ -1,50 +0,0 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#Allow fastbootd
recovery_only(`
allow fastbootd {
vendor_custom_ab_block_device
recovery_block_device
vendor_xbl_block_device
vendor_uefi_block_device
vendor_ssd_block_device
vendor_modem_block_device
vendor_mdtp_device
}:blk_file { rw_file_perms };
# Allow fastbootd to read /sys/class/power_supply directory
# and access to power supply, usb nodes.
allow fastbootd sysfs:dir r_dir_perms;
r_dir_file(fastbootd, vendor_sysfs_battery_supply)
r_dir_file(fastbootd, vendor_sysfs_usb_supply)
allow fastbootd {
vendor_sysfs_battery_supply
vendor_sysfs_usb_supply
}:file w_file_perms;
')

52
generic/vendor/common/feature_enabler_client.te vendored
View File

@@ -1,52 +0,0 @@
# Copyright (c) 2019 - 2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_feature_enabler_client, domain;
type vendor_feature_enabler_client_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_feature_enabler_client)
allow vendor_feature_enabler_client tee_device:chr_file rw_file_perms;
allow vendor_feature_enabler_client ion_device:chr_file rw_file_perms;
allow vendor_feature_enabler_client vendor_smcinvoke_device:chr_file rw_file_perms;
unix_socket_connect(vendor_feature_enabler_client , vendor_ssgtzd, vendor_ssgtzd)
# Allow read permission to /mnt/vendor/persist/vendor_feature_enabler_client/*
allow vendor_feature_enabler_client mnt_vendor_file:dir search;
r_dir_file(vendor_feature_enabler_client, vendor_persist_feature_enabler_file)
# Allow read permission to /mnt/vendor/persist/data/*
r_dir_file(vendor_feature_enabler_client, vendor_persist_data_file)
# Binder access for featenab_client.service
vndbinder_use(vendor_feature_enabler_client)
allow vendor_feature_enabler_client vendor_qfeatenab_client_service:service_manager { add find };
#Allow access to display services and graphics_device for DRM
allow vendor_feature_enabler_client vendor_qdisplay_service:service_manager find;
hal_client_domain(vendor_feature_enabler_client, hal_graphics_composer)
allow vendor_feature_enabler_client graphics_device:chr_file rw_file_perms;

210
generic/vendor/common/file.te vendored
View File

@@ -1,210 +0,0 @@
# Copyright (c) 2018-2020 The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_sysfs_audio, fs_type, sysfs_type;
type vendor_sysfs_battery_supply, sysfs_type, fs_type;
type vendor_sysfs_bond0, fs_type, sysfs_type;
type vendor_sysfs_boot_adsp, sysfs_type, fs_type;
type vendor_sysfs_camera, sysfs_type, fs_type;
type vendor_sysfs_cpu_boost, fs_type, sysfs_type;
type vendor_sysfs_devfreq, fs_type, sysfs_type;
type vendor_sysfs_easel, sysfs_type, fs_type;
type vendor_sysfs_esoc, sysfs_type, fs_type;
type vendor_sysfs_fingerprint, sysfs_type, fs_type;
type vendor_sysfs_graphics, sysfs_type, fs_type;
type vendor_sysfs_kgsl, sysfs_type, fs_type;
type vendor_sysfs_kgsl_proc, sysfs_type, fs_type;
type vendor_hbtp_kernel_sysfs, sysfs_type, fs_type;
type vendor_sysfs_irqbalance, sysfs_type, fs_type;
type vendor_sysfs_laser, sysfs_type, fs_type;
type vendor_sysfs_mdss_mdp_caps, sysfs_type, fs_type;
type vendor_sysfs_devfreq_l3cdsp, fs_type, sysfs_type;
type vendor_sysfs_mmc_host, fs_type, sysfs_type;
type vendor_sysfs_msm_perf, fs_type, sysfs_type;
type vendor_sysfs_msm_power, fs_type, sysfs_type;
type vendor_sysfs_msm_stats, fs_type, sysfs_type;
type vendor_sysfs_msm_subsys_restart, sysfs_type, fs_type;
type vendor_sysfs_sensors, sysfs_type, fs_type;
type vendor_sysfs_sectouch, sysfs_type, fs_type;
type vendor_sysfs_soc, sysfs_type, fs_type;
type vendor_sysfs_scsi_host, fs_type, sysfs_type;
type vendor_sysfs_scsi_target, fs_type, sysfs_type;
type vendor_sysfs_slpi, fs_type, sysfs_type;
type vendor_sysfs_spmi_dev, sysfs_type, fs_type;
type vendor_sysfs_ssr, sysfs_type, fs_type;
type vendor_sysfs_ssr_toggle, sysfs_type, fs_type;
type vendor_sysfs_timestamp_switch, sysfs_type, fs_type;
type vendor_sysfs_touch, sysfs_type, fs_type;
type vendor_sysfs_uio_file, sysfs_type, fs_type;
type vendor_sysfs_usb_c, sysfs_type, fs_type;
type vendor_sysfs_usb_device, sysfs_type, fs_type;
type vendor_sysfs_usb_supply, sysfs_type, fs_type;
type vendor_sysfs_usbpd_device, sysfs_type, fs_type;
type vendor_sysfs_vadc_dev, sysfs_type, fs_type;
type vendor_sysfs_lcd, sysfs_type, fs_type;
type vendor_sysfs_adsp_ssr, sysfs_type, fs_type;
type vendor_debugfs_clk, debugfs_type, fs_type;
type vendor_debugfs_ion, debugfs_type, fs_type;
type vendor_debugfs_ipc, debugfs_type, fs_type;
type vendor_debugfs_kgsl, debugfs_type, fs_type;
type vendor_debugfs_rpm, debugfs_type, fs_type;
type vendor_debugfs_rmt_storage, debugfs_type, fs_type;
type vendor_debugfs_usb, debugfs_type, fs_type;
type vendor_debugfs_wlan, debugfs_type, fs_type;
type vendor_debugfs_mdp, debugfs_type, fs_type;
type vendor_debugfs_icnss, debugfs_type, fs_type;
# /proc
type vendor_proc_wifi_dbg, fs_type, proc_type;
type vendor_proc_audiod, fs_type, proc_type;
type vendor_proc_shs, fs_type, proc_type;
type vendor_qmuxd_socket, file_type;
type vendor_netmgrd_socket, file_type;
type vendor_port-bridge_socket, file_type;
type vendor_thermal_socket, file_type;
#Define the qti socket type
type vendor_dataqti_socket, file_type;
type vendor_ims_socket, file_type;
type vendor_ipacm_socket, file_type;
type vendor_cnd_socket, file_type;
type vendor_chre_socket, file_type;
type vendor_hal_bootctl_socket, file_type;
type vendor_location_socket, file_type;
type vendor_wifihal_socket, file_type;
type vendor_pps_socket, file_type;
# imshelper_app file types
type vendor_imshelper_app_data_file, file_type, data_file_type;
type firmware_file, file_type, contextmount_type, vendor_file_type;
type vendor_cnd_data_file, file_type, data_file_type;
type vendor_location_data_file, file_type, data_file_type;
type vendor_audio_data_file, file_type, data_file_type;
type vendor_radio_data_file, file_type, data_file_type;
type vendor_wifi_vendor_log_data_file, file_type, data_file_type;
# for mount /persist
typeattribute mnt_vendor_file vendor_persist_type;
type vendor_persist_file, file_type, vendor_persist_type;
type vendor_persist_data_file, file_type , vendor_persist_type;
type vendor_persist_display_file, file_type;
type vendor_persist_drm_file, file_type, vendor_persist_type;
type vendor_persist_elabel_file, file_type, vendor_persist_type;
type vendor_persist_haptics_file, file_type, vendor_persist_type;
type vendor_persist_rfs_file, file_type, vendor_persist_type;
type vendor_persist_rfs_shared_hlos_file, file_type, vendor_persist_type;
type vendor_persist_sensors_file, file_type, vendor_persist_type;
type vendor_persist_time_file, file_type, vendor_persist_type;
type vendor_persist_audio_file, file_type, vendor_persist_type;
type vendor_persist_bluetooth_file, file_type, vendor_persist_type;
type vendor_persist_alarm_file, file_type, vendor_persist_type;
type vendor_persist_feature_enabler_file, file_type, vendor_persist_type;
type vendor_netmgr_data_file, file_type, data_file_type;
type vendor_netmgr_recovery_data_file, file_type, data_file_type;
type vendor_qmipriod_data_file, file_type, data_file_type;
type vendor_ipa_vendor_data_file, file_type, data_file_type;
type vendor_shsusr_data_file, file_type, data_file_type;
type vendor_tombstone_data_file, file_type, data_file_type;
type vendor_camera_data_file, file_type, data_file_type;
type vendor_display_vendor_data_file, file_type, data_file_type;
type vendor_nfc_vendor_data_file, file_type, data_file_type;
type vendor_radio_vendor_data_file, file_type, data_file_type, mlstrustedobject;
type vendor_ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
type vendor_modem_dump_file, file_type, data_file_type;
type vendor_sensors_vendor_data_file, file_type, data_file_type;
type vendor_port_bridge_data_file, file_type, data_file_type;
type bt_firmware_file, file_type, contextmount_type, vendor_file_type;
type vendor_firmware_file, vendor_file_type, file_type;
type vendor_mdmhelperdata_data_file, file_type, data_file_type;
type vendor_mbn_data_file, file_type, data_file_type;
#vendor capability configstore hal
type vendor_capabilityconfigstore_data_file, file_type, data_file_type;
#widevine data file
type vendor_mediadrm_vendor_data_file, file_type, data_file_type;
#time-services data file
type vendor_time_data_file, file_type, data_file_type;
#data sysfs files
type vendor_sysfs_data, fs_type, sysfs_type;
#diag sysfs files
type vendor_sysfs_diag, fs_type, sysfs_type;
type vendor_hexagon_halide_file, vendor_file_type, file_type;
# vendor media files
type vendor_media_data_file, file_type, data_file_type;
type adsprpcd_file, file_type, mlstrustedobject, vendor_file_type;
# vm system files
type vendor_vm_system_file, file_type, vendor_file_type;
type vendor_hbtp_log_file, file_type, data_file_type;
type vendor_hbtp_cfg_file, file_type, vendor_file_type;
#tloc data files
type vendor_tlocd_data_file, file_type, data_file_type;
#qseecom
type vendor_data_qsee_file, file_type, data_file_type;
#TUI Files
type vendor_tui_data_file, file_type, data_file_type;
# SFS listener data file
type vendor_data_tzstorage_file, file_type, data_file_type;
#NNHAL files
type vendor_hal_neuralnetworks_data_file, file_type, data_file_type;
#BT Files
type vendor_bt_data_file, file_type, data_file_type;
type vendor_sysfs_usb_controller, sysfs_type, fs_type;
#for qdss
type vendor_sysfs_qdss_dev, sysfs_type, fs_type;
#Define the qdcmss socket type
type vendor_qdcmsocket_socket, file_type;
type vendor_sysfs_mhi, sysfs_type, fs_type;
type vendor_sysfs_suspend, fs_type, sysfs_type;
# kgsl gpu model file type for sysfs access
type vendor_sysfs_kgsl_gpu_model, sysfs_type, fs_type;
type vendor_sysfs_kgsl_gpuclk, sysfs_type, fs_type;

487
generic/vendor/common/file_contexts vendored
View File

@@ -1,487 +0,0 @@
# Copyright (c) 2018-2020 The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# dev nodes
/dev/btpower u:object_r:vendor_bt_device:s0
/dev/diag u:object_r:vendor_diag_device:s0
/dev/kgsl-3d0 u:object_r:gpu_device:s0
/dev/rtc0 u:object_r:rtc_device:s0
/dev/smd.* u:object_r:vendor_smd_device:s0
/dev/msm_npu u:object_r:vendor_npu_device:s0
# TODO: does ttyMSM0 need to be more specific
/dev/ttyMSM0 u:object_r:tty_device:s0
/dev/ipa u:object_r:vendor_ipa_dev:s0
/dev/wwan_ioctl u:object_r:vendor_ipa_dev:s0
/dev/ipaNatTable u:object_r:vendor_ipa_dev:s0
/dev/cpu_dma_latency u:object_r:vendor_latency_device:s0
/dev/dpl_ctrl u:object_r:vendor_rmnet_device:s0
/dev/rmnet_ctrl.* u:object_r:vendor_rmnet_device:s0
/dev/at_.* u:object_r:vendor_at_device:s0
/dev/video([0-9])+ u:object_r:video_device:s0
/dev/cvp* u:object_r:video_device:s0
/dev/media([0-9])+ u:object_r:video_device:s0
/dev/v4l-subdev.* u:object_r:video_device:s0
/dev/qseecom u:object_r:tee_device:s0
/dev/qsee_ipc_irq_spss u:object_r:vendor_qsee_ipc_irq_spss_device:s0
/dev/seemplog u:object_r:vendor_seemplog_device:s0
/dev/spcom u:object_r:vendor_spcom_device:s0
/dev/jpeg[0-9]* u:object_r:video_device:s0
/dev/adsprpc-smd u:object_r:vendor_qdsp_device:s0
/dev/adsprpc-smd-secure u:object_r:vendor_xdsp_device:s0
/dev/sdsprpc-smd u:object_r:vendor_dsp_device:s0
/dev/wcd-dsp-glink u:object_r:audio_device:s0
/dev/wcd_dsp0_control u:object_r:audio_device:s0
/dev/wcd-spi-ac-client u:object_r:audio_device:s0
/dev/msm_.* u:object_r:audio_device:s0
/dev/avtimer u:object_r:vendor_avtimer_device:s0
/dev/subsys_.* u:object_r:vendor_ssr_device:s0
/dev/ramdump_.* u:object_r:vendor_ramdump_device:s0
/dev/ramdump_microdump_modem u:object_r:vendor_ramdump_microdump_modem_device:s0
/dev/hbtp_input u:object_r:vendor_hbtp_device:s0
/dev/hbtp_vm u:object_r:vendor_hbtp_device:s0
/dev/sg[0-9]+ u:object_r:vendor_sg_device:s0
/dev/ufs-bsg.* u:object_r:vendor_bsg_device:s0
/dev/0:0:0:49476 u:object_r:vendor_bsg_device:s0
/dev/sensors u:object_r:sensors_device:s0
/dev/mnh_sm u:object_r:vendor_easel_device:s0
/dev/easelcomm-client u:object_r:vendor_easel_device:s0
/dev/citadel0 u:object_r:vendor_citadel_device:s0
/dev/jdi-bu21150 u:object_r:vendor_bu21150_device:s0
/dev/usb_ext_chg u:object_r:vendor_hvdcp_device:s0
/dev/synx_device u:object_r:vendor_synx_device:s0
/dev/ipa_odl_ctl u:object_r:vendor_ipa_dev:s0
/dev/ipa_adpl u:object_r:vendor_ipa_dev:s0
# dev socket nodes
/dev/socket/chre u:object_r:vendor_chre_socket:s0
/dev/socket/oemlock u:object_r:vendor_hal_bootctl_socket:s0
/dev/socket/ims_qmid u:object_r:vendor_ims_socket:s0
/dev/socket/ims_datad u:object_r:vendor_ims_socket:s0
/dev/socket/ipacm_log_file u:object_r:vendor_ipacm_socket:s0
/dev/socket/cnd u:object_r:vendor_cnd_socket:s0
/dev/socket/thermal-send-client u:object_r:vendor_thermal_socket:s0
/dev/socket/thermal-recv-client u:object_r:vendor_thermal_socket:s0
/dev/socket/thermal-recv-passive-client u:object_r:vendor_thermal_socket:s0
/dev/socket/thermal-send-rule u:object_r:vendor_thermal_socket:s0
/dev/socket/netmgr(/.*)? u:object_r:vendor_netmgrd_socket:s0
/dev/socket/port-bridge(/.*)? u:object_r:vendor_port-bridge_socket:s0
/dev/socket/qti_dpm_uds_file u:object_r:vendor_dataqti_socket:s0
/dev/socket/location(/.*)? u:object_r:vendor_location_socket:s0
/dev/socket/wifihal(/.*)? u:object_r:vendor_wifihal_socket:s0
/dev/socket/pps u:object_r:vendor_pps_socket:s0
/dev/nq-nci u:object_r:nfc_device:s0
/dev/ttyHS0 u:object_r:hci_attach_dev:s0
/dev/wlan u:object_r:vendor_wlan_device:s0
/dev/socket/qmux_radio(/.*)? u:object_r:vendor_qmuxd_socket:s0
/data/vendor/modem_config(/.*)? u:object_r:vendor_mbn_data_file:s0
/dev/socket/qdcmsocket u:object_r:vendor_qdcmsocket_socket:s0
/dev/qce u:object_r:vendor_qce_device:s0
# Block device holding the GPT, where the A/B attributes are stored.
/dev/block/sda u:object_r:vendor_gpt_block_device:s0
# Block devices for the drive that holds the xbl_a and xbl_b partitions.
/dev/block/sd[bc]1? u:object_r:vendor_xbl_block_device:s0
# Block device for hal_bootctl
/dev/block/sde u:object_r:boot_block_device:s0
# Block device for ZRAM
/dev/block/zram0 u:object_r:swap_block_device:s0
# files in /vendor
/vendor/firmware(/.*)? u:object_r:vendor_firmware_file:s0
/vendor/bt_firmware(/.*)? u:object_r:vendor_firmware_file:s0
/vendor/bin/ATFWD-daemon u:object_r:vendor_atfwd_exec:s0
/vendor/bin/hw/android\.hardware\.vr@1\.0-service.crosshatch u:object_r:hal_vr_default_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:hal_fingerprint_default_exec:s0
/vendor/bin/thermal-engine u:object_r:vendor_thermal-engine_exec:s0
/vendor/bin/sensors.qcom u:object_r:vendor_sensors_exec:s0
/vendor/bin/sensors.qti u:object_r:vendor_sensors_exec:s0
/vendor/bin/ssr_setup u:object_r:vendor_ssr_setup_exec:s0
/vendor/bin/ssr_diag u:object_r:vendor_ssr_diag_exec:s0
/vendor/bin/pm-service u:object_r:vendor_per_mgr_exec:s0
/vendor/bin/pm-proxy u:object_r:vendor_per_proxy_exec:s0
/vendor/bin/qseecomd u:object_r:tee_exec:s0
/vendor/bin/subsystem_ramdump u:object_r:vendor_subsystem_ramdump_exec:s0
/vendor/bin/adsprpcd u:object_r:vendor_adsprpcd_exec:s0
/vendor/bin/cdsprpcd u:object_r:vendor_cdsprpcd_exec:s0
/vendor/bin/audioadsprpcd u:object_r:vendor_audioadsprpcd_exec:s0
/vendor/bin/irsc_util u:object_r:vendor_irsc_util_exec:s0
/vendor/bin/rmt_storage u:object_r:vendor_rmt_storage_exec:s0
/vendor/bin/tftp_server u:object_r:vendor_rfs_access_exec:s0
/vendor/bin/cnss-daemon u:object_r:vendor_wcnss_service_exec:s0
/vendor/bin/cnss_diag u:object_r:vendor_wcnss_service_exec:s0
/vendor/bin/diag_mdlog u:object_r:vendor_qlogd_exec:s0
/vendor/bin/netmgrd u:object_r:vendor_netmgrd_exec:s0
/vendor/bin/qmipriod u:object_r:vendor_qmipriod_exec:s0
/vendor/bin/shsusrd u:object_r:vendor_shsusrd_exec:s0
/vendor/bin/port-bridge u:object_r:vendor_port-bridge_exec:s0
/vendor/bin/qti u:object_r:vendor_qti_exec:s0
/vendor/bin/loc_launcher u:object_r:vendor_location_exec:s0
/vendor/bin/lowi-server u:object_r:vendor_location_exec:s0
/vendor/bin/xtra-daemon u:object_r:vendor_location_exec:s0
/vendor/bin/pd-mapper u:object_r:vendor_pd_mapper_exec:s0
/vendor/bin/imsqmidaemon u:object_r:vendor_ims_exec:s0
/vendor/bin/imsdatadaemon u:object_r:vendor_ims_exec:s0
/vendor/bin/ims_rtp_daemon u:object_r:vendor_hal_imsrtp_exec:s0
/vendor/bin/ipacm u:object_r:hal_tetheroffload_default_exec:s0
/vendor/bin/ipacm-diag u:object_r:hal_tetheroffload_default_exec:s0
/vendor/bin/cnd u:object_r:vendor_cnd_exec:s0
/vendor/bin/oemlock_provision u:object_r:hal_bootctl_default_exec:s0
/vendor/bin/oemlock-bridge u:object_r:hal_bootctl_default_exec:s0
/vendor/bin/diag-router u:object_r:vendor_diag-router_exec:s0
/(vendor|system/vendor)/bin/msm_irqbalance u:object_r:vendor_msm_irqbalanced_exec:s0
/vendor/bin/hw/android\.hardware\.usb@1\.1-service.crosshatch u:object_r:hal_usb_default_exec:s0
/vendor/bin/chre u:object_r:vendor_chre_exec:s0
/vendor/bin/time_daemon u:object_r:vendor_time_daemon_exec:s0
/vendor/bin/imsrcsd u:object_r:vendor_hal_rcsservice_exec:s0
/vendor/bin/tloc_daemon u:object_r:vendor_tlocd_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.2-service u:object_r:hal_power_default_exec:s0
/vendor/bin/hw/qcrild u:object_r:rild_exec:s0
/vendor/bin/hw/qcrilNrd u:object_r:rild_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.0-service.widevine u:object_r:vendor_hal_drm_widevine_exec:s0
/vendor/bin/hw/android\.hardware\.vibrator@1\.1-service.crosshatch u:object_r:hal_vibrator_default_exec:s0
/vendor/bin/hw/android\.hardware\.keymaster@3\.0-service-qti u:object_r:vendor_hal_keymaster_qti_exec:s0
/vendor/bin/hw/android\.hardware\.keymaster@4\.0-service-qti u:object_r:vendor_hal_keymaster_qti_exec:s0
/vendor/bin/hw/android\.hardware\.keymaster@4\.1-service-qti u:object_r:vendor_hal_keymaster_qti_exec:s0
/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti u:object_r:vendor_hal_gatekeeper_qti_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@.*-service-qti u:object_r:vendor_hal_gnss_qti_exec:s0
/vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti u:object_r:hal_bluetooth_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.1-service.widevine u:object_r:vendor_hal_drm_widevine_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.2-service.widevine u:object_r:vendor_hal_drm_widevine_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.2-service-lazy.widevine u:object_r:vendor_hal_drm_widevine_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.3-service.widevine u:object_r:vendor_hal_drm_widevine_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.3-service-lazy.widevine u:object_r:vendor_hal_drm_widevine_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator@1\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.composer@1\.0-service u:object_r:hal_graphics_composer_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.composer-service u:object_r:hal_graphics_composer_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.tui_comm@1\.0-service-qti u:object_r:vendor_hal_tui_comm_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qdutils_disp@1\.0-service-qti u:object_r:vendor_hal_qdutils_disp_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.trustedui@1\.0-service-qti u:object_r:vendor_hal_trustedui_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.capabilityconfigstore@1\.0-service u:object_r:vendor_hal_capabilityconfigstore_qti_default_exec:s0
/(vendor|system/vendor)/bin/power_off_alarm u:object_r:vendor_power_off_alarm_exec:s0
/(vendor|system/vendor)/bin/grep u:object_r:vendor_toolbox_exec:s0
/vendor/bin/hw/vendor\.display\.color@1\.0-service u:object_r:vendor_hal_display_color_default_exec:s0
/vendor/bin/hw/vendor\.qti\.media\.c2@1\.0-service u:object_r:mediacodec_exec:s0
/vendor/bin/hw/hardware\.google\.media\.c2@1\.0-service-software u:object_r:mediacodec_exec:s0
/vendor/bin/feature_enabler_client u:object_r:vendor_feature_enabler_client_exec:s0
/(vendor|system/vendor)/bin/qdcmss u:object_r:vendor_qdcm-ss_exec:s0
###############################################
# same-process HAL files and their dependencies
#
/vendor/lib(64)?/hw/gralloc\.qcom\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl-qti-display\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@1\.0\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@1\.1\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@2\.0\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapperextensions@1\.0\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapperextensions@1\.1\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@3\.0-impl-qti-display\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@3\.0\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@4\.0-impl-qti-display\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@4\.0\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libcamxexternalformatutils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgralloccore\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgrallocutils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libqdMetaData\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgralloc\.qti\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libqservice\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libqdutils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libadreno_utils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgsl\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/vulkan\.adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libEGL_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv1_CM_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv2_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libadreno_app_profiles\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libdrmutils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0
# /vendor/app/TimeService/TimeService.apk
/vendor/lib(64)?/libTimeService\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libtime_genoff\.so u:object_r:same_process_hal_file:s0
# hbtp dependencies
/vendor/lib(64)?/libhbtpitsjni\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libhbtpdbgclientjni\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libhbtpjni\.so u:object_r:same_process_hal_file:s0
# framework detect libs libvndfwk_detect_jni.qti and libqti_vndfwk_detect
/vendor/lib(64)?/libvndfwk_detect_jni\.qti\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libqti_vndfwk_detect\.so u:object_r:same_process_hal_file:s0
# NPU files
/vendor/lib(64)?/libnpu\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libhta_controller\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libhta_hexagon_runtime\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/unnhal-acc-hta\.so u:object_r:same_process_hal_file:s0
# RenderScript dependencies.
# To test: run cts -m CtsRenderscriptTestCases
/vendor/lib(64)?/libRSDriver_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libCB\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libllvm-qgl\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libbccQTI\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libllvm-qcom\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/librs_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/librs_adreno_sha1\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libqti-perfd-client\.so u:object_r:same_process_hal_file:s0
# TODO(b/36895509): remove the following 2 lines once this bug is resolved
# needed by radio
/vendor/lib(64)?/libimsmedia_jni\.so u:object_r:same_process_hal_file:s0
# libGLESv2_adreno depends on this
/vendor/lib(64)?/libllvm-glnext\.so u:object_r:same_process_hal_file:s0
# libOpenCL and its dependencies
/vendor/lib(64)?/libOpenCL\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libq3dtools_adreno\.so u:object_r:same_process_hal_file:s0
# Loaded by native loader (zygote) for all processes
/vendor/lib(64)?/libadsprpc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libcdsprpc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libsdsprpc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libmdsprpc\.so u:object_r:same_process_hal_file:s0
/vendor/lib/dsp/fastrpc_shell_0 u:object_r:same_process_hal_file:s0
# Fastcv libs
/vendor/lib(64)?/libfastcvdsp_stub\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libfastcvadsp_stub\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libfastcvopt\.so u:object_r:same_process_hal_file:s0
# data files
/data/vendor/netmgr(/.*)? u:object_r:vendor_netmgr_data_file:s0
/data/vendor/netmgr/recovery(/.*)? u:object_r:vendor_netmgr_recovery_data_file:s0
/data/vendor/qmipriod(/.*)? u:object_r:vendor_qmipriod_data_file:s0
/data/vendor/shsusr(/.*)? u:object_r:vendor_shsusr_data_file:s0
/data/vendor/location(/.*)? u:object_r:vendor_location_data_file:s0
/data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0
/data/vendor/display(/.*)? u:object_r:vendor_display_vendor_data_file:s0
/data/vendor/nfc(/.*)? u:object_r:vendor_nfc_vendor_data_file:s0
/data/vendor/radio(/.*)? u:object_r:vendor_radio_vendor_data_file:s0
/data/vendor/wifi/wlan_logs(/.*)? u:object_r:vendor_wifi_vendor_log_data_file:s0
/data/vendor/ramdump(/.*)? u:object_r:vendor_ramdump_vendor_data_file:s0
/data/vendor/ssrdump(/.*)? u:object_r:vendor_ramdump_vendor_data_file:s0
/data/vendor/modem_dump(/.*)? u:object_r:vendor_modem_dump_file:s0
/data/vendor/ipa(/.*)? u:object_r:vendor_ipa_vendor_data_file:s0
/data/vendor/sensors(/.*)? u:object_r:vendor_sensors_vendor_data_file:s0
/data/vendor/port_bridge(/.*)? u:object_r:vendor_port_bridge_data_file:s0
/data/vendor/tloc(/.*)? u:object_r:vendor_tlocd_data_file:s0
/data/vendor/connectivity(/.*)? u:object_r:vendor_cnd_data_file:s0
/data/vendor/misc/qsee(/.*)? u:object_r:vendor_data_qsee_file:s0
/data/vendor/tui(/.*)? u:object_r:vendor_tui_data_file:s0
/data/vendor/tzstorage(/.*)? u:object_r:vendor_data_tzstorage_file:s0
/data/vendor/tombstones(/.*)? u:object_r:vendor_tombstone_data_file:s0
/data/vendor/time(/.*)? u:object_r:vendor_time_data_file:s0
/data/vendor/mdmhelperdata(/.*)? u:object_r:vendor_mdmhelperdata_data_file:s0
/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0
# audio_data_file
/data/vendor/audio(/.*)? u:object_r:vendor_audio_data_file:s0
# /
/tombstones u:object_r:rootfs:s0
/vendor/dsp(/.*)? u:object_r:adsprpcd_file:s0
/vendor/vm-system(/.*)? u:object_r:vendor_vm_system_file:s0
# /persist
/mnt/vendor/persist/data(/.*)? u:object_r:vendor_persist_data_file:s0
/mnt/vendor/persist/display(/.*)? u:object_r:vendor_persist_display_file:s0
/mnt/vendor/persist/drm(/.*)? u:object_r:vendor_persist_drm_file:s0
/mnt/vendor/persist/elabel(/.*)? u:object_r:vendor_persist_elabel_file:s0
/mnt/vendor/persist/haptics(/.*)? u:object_r:vendor_persist_haptics_file:s0
/mnt/vendor/persist/hlos_rfs(/.*)? u:object_r:vendor_persist_rfs_shared_hlos_file:s0
/mnt/vendor/persist/rfs(/.*)? u:object_r:vendor_persist_rfs_file:s0
/mnt/vendor/persist/sensors(/.*)? u:object_r:vendor_persist_sensors_file:s0
/mnt/vendor/persist/time(/.*)? u:object_r:vendor_persist_time_file:s0
/mnt/vendor/persist/audio(/.*)? u:object_r:vendor_persist_audio_file:s0
/mnt/vendor/persist/feature_enabler_client(/.*)? u:object_r:vendor_persist_feature_enabler_file:s0
# graphics device
/dev/mdss_rotator u:object_r:graphics_device:s0
/dev/dri/card0 u:object_r:graphics_device:s0
/dev/dri/controlD64 u:object_r:graphics_device:s0
/dev/dri/renderD128 u:object_r:graphics_device:s0
#TODO: move this to genfs_context or target based file_context
# sysfs_leds
/sys/devices/platform/soc/[a-f0-9]+.qcom,spmi/spmi-0/spmi0-0[0-9]/[a-f0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,haptics@c000/leds/vibrator(/.*)? u:object_r:sysfs_leds:s0
# vendor_sysfs_devfreq
/sys/devices(/platform)?/soc/soc:qcom,l3-cpu[0-9]/devfreq/soc:qcom,l3-cpu[0-9](/.*)? u:object_r:vendor_sysfs_devfreq:s0
#vendor_sysfs_data
/sys/devices/virtual/xt_hardidletimer/timers(/.*)? u:object_r:vendor_sysfs_data:s0
/sys/devices/virtual/xt_idletimer/timers(/.*)? u:object_r:vendor_sysfs_data:s0
#persist_bluetooth_file
/mnt/vendor/persist/bluetooth(/.*)? u:object_r:vendor_persist_bluetooth_file:s0
#power off alarm file
/mnt/vendor/persist/alarm(/.*)? u:object_r:vendor_persist_alarm_file:s0
/(vendor|system/vendor)/bin/hbtp_daemon u:object_r:vendor_hbtp_exec:s0
/(vendor|system/vendor)/bin/sscrpcd u:object_r:vendor_sensors_exec:s0
# vendor_sysfs_graphics
/sys/class/graphics/fb0/mdp/caps u:object_r:vendor_sysfs_graphics:s0
/sys/class/thermal(/.*)? u:object_r:sysfs_thermal:s0
/sys/devices/virtual/graphics/fb([0-3])+/idle_time u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/dynamic_fps u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/product_description u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/vendor_name u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/hdcp/tp u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_panel_status u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/hpd u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/res_info u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/s3d_mode u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_panel_info u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_type u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_split u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/show_blank_event u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/bl_event u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/ad_event u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/ad_bl_event u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/hist_event u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/vsync_event u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/lineptr_event u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/idle_notify u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_thermal_level u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/idle_power_collapse u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/mode u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/name u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/connected u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_cmd_autorefresh_en u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/mdp/bw_mode_bitmap u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/edid_modes u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/hdcp2p2(/.*) u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/scan_info u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/edid_3d_modes u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_dfps_mode u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_src_split_info u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/hdr_stream u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/cec(/.*) u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msmfb_b10(/.*) u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/modes u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/edid_raw_data u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/packpattern u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/dyn_pu u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/ad u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/pp_bl_event u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/rotator/mdss_rotator/caps u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/hdcp/msm_hdcp/min_level_change u:object_r:vendor_sysfs_graphics:s0
/sys/class/lcd_bias/secure_mode u:object_r:vendor_sysfs_graphics:s0
/sys/class/leds/wled/secure_mode u:object_r:vendor_sysfs_graphics:s0
/sys/devices/platform/vfb.([0-3])+/graphics/fb([0-3])+/modes u:object_r:vendor_sysfs_graphics:s0
/sys/devices/platform/vfb.([0-3])+/graphics/fb([0-3])+/mode u:object_r:vendor_sysfs_graphics:s0
/sys/module/drm/parameters/vblankoffdelay u:object_r:vendor_sysfs_graphics:s0
/sys/devices/platform/soc/[a-f0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/modes u:object_r:vendor_sysfs_graphics:s0
/sys/devices/platform/soc/[a-f0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/status u:object_r:vendor_sysfs_graphics:s0
/sys/class/graphics/fb([0-3])+/mdp/caps u:object_r:vendor_sysfs_graphics:s0
/sys/class/graphics/fb([0-3])+/ad u:object_r:vendor_sysfs_graphics:s0
/sys/devices(/platform)?/soc/[0-9a-f]+.qcom,spmi/spmi-[0-9]+/spmi[0-9]+-[0-9]+/[0-9a-f]+.qcom,spmi:qcom,pmi[0-9]+@[0-9]+:qcom,leds@[a-f0-9]+(/.*)? u:object_r:vendor_sysfs_graphics:s0
/sys/devices/platform/soc/ae00000.qcom,mdss_mdp/backlight(/.*)? u:object_r:vendor_sysfs_graphics:s0
/sys/devices/virtual/switch/hdmi(/.*)? u:object_r:vendor_sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,mdss_mdp/[a-f0-9]+.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight(/.*)? u:object_r:vendor_sysfs_graphics:s0
/sys/devices/soc.0/[a-f0-9]+.qcom,mdss_mdp/qcom,mdss_fb_primary.+[a-f0-9]/leds/lcd-backlight(/.*)? u:object_r:vendor_sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,mdss_mdp/caps u:object_r:vendor_sysfs_graphics:s0
/sys/devices/soc/[a-f0-9]+.qcom,mdss_mdp/bw_mode_bitmap u:object_r:vendor_sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,mdss_mdp/bw_mode_bitmap u:object_r:vendor_sysfs_graphics:s0
/sys/devices/soc.0/[a-f0-9]+.qcom,mdss_mdp/bw_mode_bitmap u:object_r:vendor_sysfs_graphics:s0
/sys/devices/soc.0/[a-f0-9]+.qcom,mdss_mdp/caps u:object_r:vendor_sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,mdss_cam/video4linux/video[0-33]/name(/.*)? u:object_r:vendor_sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,mdss_rotator/video4linux/video[0-33]/name(/.*)? u:object_r:vendor_sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,mdss_rotator/caps u:object_r:vendor_sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,vidc/video4linux/video[0-33]/name(/.*)? u:object_r:vendor_sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,cci/[a-f0-9]+.qcom,cci:qcom,camera@[0-2]/video4linux/video[0-33]/name(/.*)? u:object_r:vendor_sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.sdhci/mmc_host/mmc0/clk_scaling(/.*)? u:object_r:vendor_sysfs_mmc_host:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.ufshc/clkscale_enable u:object_r:vendor_sysfs_scsi_host:s0
/sys/devices(/platform)?/soc/[a-f0-9]+/host0/scsi_host/host0(/.*)? u:object_r:vendor_sysfs_scsi_host:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.ufshc/host0/target0:0:0/0:0:0:[0-9]+/scsi_generic(/.*)? u:object_r:vendor_sysfs_scsi_target:s0
/data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0
/data/vendor/mediadrm(/.*)? u:object_r:vendor_mediadrm_vendor_data_file:s0
/data/vendor/nnhal(/.*)? u:object_r:vendor_hal_neuralnetworks_data_file:s0
# Moved to target specfic folder so removing this from common file
#/sys/devices(/platform)?/soc/[a-f0-9\.:]+,[a-f0-9\-\_]+/subsys[0-9]+/name u:object_r:vendor_sysfs_ssr:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0(/.*)? u:object_r:vendor_sysfs_kgsl:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/devfreq/[a-f0-9]+.qcom,kgsl-3d0(/.*)? u:object_r:vendor_sysfs_kgsl:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_model u:object_r:vendor_sysfs_kgsl_gpu_model:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpuclk u:object_r:vendor_sysfs_kgsl_gpuclk:s0
/sys/devices/soc/[a-f0-9]+.ssusb/power_supply/usb(/.*)? u:object_r:vendor_sysfs_usb_supply:s0
/data/(misc|vendor)/hbtp(/.*)? u:object_r:vendor_hbtp_log_file:s0
/vendor/etc/hbtp/* u:object_r:vendor_hbtp_cfg_file:s0
/sys/devices/soc/qpnp-vadc-[0-9]+(/.*)? u:object_r:vendor_sysfs_vadc_dev:s0
#Android NN Driver
/vendor/bin/hw/android\.hardware\.neuralnetworks@1\.3-service-qti u:object_r:vendor_hal_neuralnetworks_default_exec:s0
/(vendor|system/vendor)/bin/init\.class_main\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.crda\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.mdm\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.class_core\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.coex\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.crashdata\.sh u:object_r:vendor_init-qcom-crashdata-sh_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.debug\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.debug-sdm660\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.debug-sdm670\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.early_boot\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.efs\.sync\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.post_boot\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qti\.dcvs\.sh u:object_r:vendor_init-qti-dcvs-sh_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.sdio\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.sensors\.sh u:object_r:vendor_init-qcom-sensors-sh_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.syspart_fixup\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.usb\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.wifi\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qti\.ims\.sh u:object_r:vendor_init-qti-ims-sh_exec:s0
/(vendor|system/vendor)/bin/qca6234-service.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qti\.kernel\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.kernel\.post_boot\.sh u:object_r:vendor_qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qti\.qcv\.sh u:object_r:vendor_qti_init_shell_exec:s0
#Limits sysfs node
/sys/module/msm_isense_cdsp/data u:object_r:sysfs_thermal:s0
/(vendor|system/vendor)/bin/vendor_modprobe\.sh u:object_r:vendor_modinstall-sh_exec:s0

29
generic/vendor/common/fsck.te vendored
View File

@@ -1,29 +0,0 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow fsck vendor_persist_block_device:blk_file rw_file_perms;

144
generic/vendor/common/genfs_contexts vendored
View File

@@ -1,144 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
genfscon proc /debug/fwdump u:object_r:vendor_proc_wifi_dbg:s0
genfscon proc /debugdriver/driverdump u:object_r:vendor_proc_wifi_dbg:s0
genfscon proc /ath_pktlog/cld u:object_r:vendor_proc_wifi_dbg:s0
genfscon proc /shs u:object_r:vendor_proc_shs:s0
genfscon sysfs /android_touch u:object_r:vendor_sysfs_touch:s0
genfscon sysfs /devices/virtual/input/ftm4_touch u:object_r:vendor_sysfs_touch:s0
#genfscon sysfs /class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
genfscon sysfs /kernel/irq_helper/irq_blacklist_on u:object_r:vendor_sysfs_irqbalance:s0
genfscon sysfs /kernel/wcd_cpe0 u:object_r:vendor_sysfs_audio:s0
genfscon sysfs /class/uio u:object_r:sysfs_uio:s0
genfscon sysfs /devices/soc/soc:bt_wcn3990 u:object_r:sysfs_bluetooth_writable:s0
genfscon sysfs /class/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,cpubw/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu0/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu2/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu4/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu6/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu0/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu2/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu4/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu6/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,mincpubw/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,llccbw/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/soc/soc:qcom,cpubw/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/soc/soc:qcom,memlat-cpu0/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/soc/soc:qcom,memlat-cpu2/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/soc/soc:qcom,memlat-cpu4/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/soc/soc:qcom,memlat-cpu6/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/soc/soc:qcom,mincpubw/devfreq u:object_r:vendor_sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/ae00000.qcom.qcom,mdss_mdp/caps u:object_r:vendor_sysfs_mdss_mdp_caps:s0
genfscon sysfs /devices/platform/soc/c17a000.i2c/i2c-6/6-005a/leds u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/soc/c1b5000.i2c/i2c-7/7-0030/leds u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/c900000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pmi8998@3:qcom,leds@d000/leds u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws@1e08000 u:object_r:vendor_sysfs_data:s0
genfscon sysfs /devices/platform/soc/0.qcom,rmtfs_sharedmem/uio u:object_r:vendor_sysfs_uio_file:s0
genfscon sysfs /devices/platform/soc/soc:fp_fpc1020 u:object_r:vendor_sysfs_fingerprint:s0
genfscon sysfs /devices/virtual/wahoo_laser u:object_r:vendor_sysfs_laser:s0
genfscon sysfs /module/cpu_boost u:object_r:vendor_sysfs_cpu_boost:s0
genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_thermal:s0
genfscon sysfs /class/thermal u:object_r:sysfs_thermal:s0
genfscon sysfs /class/lcd_bias u:object_r:vendor_sysfs_lcd:s0
genfscon sysfs /module/msm_thermal u:object_r:sysfs_thermal:s0
genfscon sysfs /devices/platform/battery_current_limit u:object_r:sysfs_thermal:s0
genfscon sysfs /module/diagchar/parameters/timestamp_switch u:object_r:vendor_sysfs_timestamp_switch:s0
genfscon sysfs /module/msm_performance u:object_r:vendor_sysfs_msm_perf:s0
genfscon sysfs /module/lpm_levels u:object_r:vendor_sysfs_msm_power:s0
genfscon sysfs /module/lpm_stats u:object_r:vendor_sysfs_msm_stats:s0
genfscon sysfs /devices/virtual/graphics/fb0 u:object_r:vendor_sysfs_graphics:s0
genfscon sysfs /devices/virtual/graphics/fb1 u:object_r:vendor_sysfs_graphics:s0
genfscon sysfs /devices/soc/8c0000.qcom,msm-cam u:object_r:vendor_sysfs_camera:s0
genfscon sysfs /devices/soc0 u:object_r:vendor_sysfs_soc:s0
genfscon sysfs /devices/soc/caa0000.qcom,jpeg u:object_r:vendor_sysfs_camera:s0
genfscon sysfs /devices/soc/caa4000.qcom,fd u:object_r:vendor_sysfs_camera:s0
genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qpnp,fg/power_supply/bms/capacity u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/battery/capacity u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /bus/msm_subsys u:object_r:vendor_sysfs_ssr:s0
genfscon sysfs /module/subsystem_restart u:object_r:vendor_sysfs_msm_subsys_restart:s0
genfscon sysfs /kernel/boot_adsp/boot u:object_r:vendor_sysfs_boot_adsp:s0
genfscon sysfs /kernel/boot_slpi u:object_r:vendor_sysfs_slpi:s0
genfscon sysfs /devices/soc/c1b7000.i2c/i2c-9/9-0008 u:object_r:vendor_sysfs_easel:s0
genfscon sysfs /class/typec u:object_r:vendor_sysfs_usb_c:s0
genfscon sysfs /class/typec/usbc0 u:object_r:vendor_sysfs_usb_c:s0
genfscon sysfs /devices/soc/a800000.ssusb/a800000.dwc3/xhci-hcd.0.auto/usb1 u:object_r:vendor_sysfs_usb_device:s0
genfscon sysfs /devices/soc/a800000.ssusb/a800000.dwc3/xhci-hcd.0.auto/usb2 u:object_r:vendor_sysfs_usb_device:s0
genfscon sysfs /devices/platform/soc/a600000.ssusb/mode u:object_r:vendor_sysfs_usb_device:s0
genfscon sysfs /devices/platform/soc/a800000.ssusb/mode u:object_r:vendor_sysfs_usb_device:s0
genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qcom,usb-pdphy@1700/usbpd0/typec u:object_r:vendor_sysfs_usb_c:s0
genfscon sysfs /module/diagchar u:object_r:vendor_sysfs_diag:s0
genfscon sysfs /devices/virtual/kgsl u:object_r:vendor_sysfs_kgsl:s0
genfscon sysfs /class/kgsl u:object_r:vendor_sysfs_kgsl:s0
genfscon sysfs /devices/virtual/kgsl/kgsl/proc u:object_r:vendor_sysfs_kgsl_proc:s0
genfscon sysfs /devices/virtual/workqueue/kgsl-events/cpumask u:object_r:vendor_sysfs_kgsl:s0
genfscon sysfs /devices/virtual/workqueue/kgsl-events/nice u:object_r:vendor_sysfs_kgsl:s0
genfscon sysfs /devices/virtual/workqueue/kgsl-workqueue/cpumask u:object_r:vendor_sysfs_kgsl:s0
genfscon sysfs /devices/virtual/workqueue/kgsl-workqueue/nice u:object_r:vendor_sysfs_kgsl:s0
genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:vendor_sysfs_graphics:s0
genfscon sysfs /class/sensors u:object_r:vendor_sysfs_sensors:s0
genfscon sysfs /bus/esoc u:object_r:vendor_sysfs_esoc:s0
genfscon sysfs /devices/soc/soc:hbtp/secure_touch u:object_r:vendor_hbtp_kernel_sysfs:s0
genfscon sysfs /devices/soc/soc:hbtp/secure_touch_enable u:object_r:vendor_hbtp_kernel_sysfs:s0
genfscon sysfs /devices/soc/soc:hbtp/secure_touch_userspace u:object_r:vendor_hbtp_kernel_sysfs:s0
genfscon sysfs /kernel/hbtp/display_pwr u:object_r:vendor_hbtp_kernel_sysfs:s0
genfscon sysfs /devices/virtual/net/bond0/bonding/queue_id u:object_r:vendor_sysfs_bond0:s0
genfscon sysfs /devices/virtual/net/bond0/queues/rx-0/rps_cpus u:object_r:vendor_sysfs_bond0:s0
genfscon sysfs /firmware/devicetree/base/cpus u:object_r:sysfs_devices_system_cpu:s0
genfscon sysfs /bus/spmi/devices u:object_r:vendor_sysfs_spmi_dev:s0
genfscon sysfs /power/mem_sleep u:object_r:vendor_sysfs_suspend:s0
genfscon sysfs /kernel/boot_adsp/ssr u:object_r:vendor_sysfs_adsp_ssr:s0
genfscon debugfs /kgsl/proc u:object_r:vendor_debugfs_kgsl:s0
genfscon debugfs /clk/debug_suspend u:object_r:vendor_debugfs_clk:s0
genfscon debugfs /wlan0 u:object_r:vendor_debugfs_wlan:s0
genfscon debugfs /rpm_stats u:object_r:vendor_debugfs_rpm:s0
genfscon debugfs /rpm_master_stats u:object_r:vendor_debugfs_rpm:s0
genfscon debugfs /ion u:object_r:vendor_debugfs_ion:s0
genfscon debugfs /ipc_logging u:object_r:vendor_debugfs_ipc:s0
genfscon debugfs /system_stats u:object_r:vendor_debugfs_rpm:s0
genfscon debugfs /tcpm/usbpd0 u:object_r:vendor_debugfs_usb:s0
genfscon debugfs /pd_engine/usbpd0 u:object_r:vendor_debugfs_usb:s0
genfscon debugfs /ipc_logging/smblib/log u:object_r:vendor_debugfs_usb:s0
genfscon debugfs /msm_ipc_router u:object_r:vendor_debugfs_ipc:s0
genfscon debugfs /mdp u:object_r:vendor_debugfs_mdp:s0
genfscon debugfs /rmt_storage u:object_r:vendor_debugfs_rmt_storage:s0
genfscon debugfs /icnss u:object_r:vendor_debugfs_icnss:s0

30
generic/vendor/common/gmscore_app.te vendored
View File

@@ -1,30 +0,0 @@
# Copyright (c) 2020, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
dontaudit gmscore_app vendor_hal_qspmhal_default:binder {call};
unix_socket_connect(gmscore_app, vendor_dpmtcm, vendor_dpmd);

36
generic/vendor/common/hal_alarm_qti_default.te vendored
View File

@@ -1,36 +0,0 @@
# Copyright (c) 2017, 2019 The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_hal_alarm_qti_default, domain;
hal_server_domain(vendor_hal_alarm_qti_default, vendor_hal_alarm_qti)
type vendor_hal_alarm_qti_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_hal_alarm_qti_default)
allow vendor_hal_alarm_qti_default rtc_device:chr_file r_file_perms;

30
generic/vendor/common/hal_atfwd.te vendored
View File

@@ -1,30 +0,0 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
binder_call(vendor_atfwd, vendor_qtelephony);
allow vendor_atfwd vendor_hal_atfwd_hwservice:hwservice_manager find;

61
generic/vendor/common/hal_audio_default.te vendored
View File

@@ -1,61 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
userdebug_or_eng(`
allow hal_audio vendor_diag_device:chr_file rw_file_perms;
allow hal_audio_default debugfs:dir r_dir_perms;
')
hal_client_domain(hal_audio_default, vendor_hal_perf)
hal_client_domain(hal_audio_default, hal_power)
# read-only permission to obtain the calibration data
r_dir_file(hal_audio_default, vendor_persist_audio_file);
allow hal_audio_default mnt_vendor_file:dir search;
#Allow access to firmware
allow hal_audio firmware_file:dir r_dir_perms;
allow hal_audio firmware_file:file r_file_perms;
# Allow hal_audio to read soundcard state under /proc/asound
allow hal_audio vendor_proc_audiod:file r_file_perms;
allow hal_audio_default vendor_audio_data_file:dir rw_dir_perms;
allow hal_audio_default vendor_audio_data_file:file create_file_perms;
#Allow hal audio to use Binder IPC
vndbinder_use(hal_audio)
#allow acess to wcd_cpe
allow hal_audio vendor_sysfs_audio:file rw_file_perms;
allow hal_audio vendor_sysfs_audio:dir r_dir_perms ;
# audio properties
get_prop(hal_audio, vendor_audio_prop)
#to read bluetooth prop
get_prop(hal_audio, vendor_bluetooth_prop)

61
generic/vendor/common/hal_bluetooth_default.te vendored
View File

@@ -1,61 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow hal_bluetooth_default vendor_bt_device:chr_file rw_file_perms;
# talk to system_server to set priority
allow hal_bluetooth fwk_scheduler_hwservice:hwservice_manager find;
allow hal_bluetooth system_server:binder call;
# bluetooth properties
set_prop(hal_bluetooth, vendor_bluetooth_prop)
#For bluetooth firmware
r_dir_file(hal_bluetooth_default, bt_firmware_file)
allow hal_bluetooth_default vendor_persist_bluetooth_file:dir rw_dir_perms;
allow hal_bluetooth_default vendor_persist_bluetooth_file:file create_file_perms;
#For QMI socket
allow hal_bluetooth_default self:{ qipcrtr_socket } create_socket_perms_no_ioctl;
userdebug_or_eng(`
diag_use(hal_bluetooth)
allow hal_bluetooth_default vendor_ramdump_vendor_data_file:file create_file_perms;
allow hal_bluetooth_default vendor_ramdump_vendor_data_file:dir create_dir_perms;
allow hal_bluetooth_default proc_sysrq:file rw_file_perms;
allow hal_bluetooth_default vendor_debugfs_ipc:file rw_file_perms;
allow hal_bluetooth_default vendor_debugfs_ipc:dir rw_dir_perms;
allow hal_bluetooth_default vendor_bt_data_file:dir ra_dir_perms;
allow hal_bluetooth_default vendor_bt_data_file:file create_file_perms;
allow hal_bluetooth_default self:{ socket } create_socket_perms_no_ioctl;
')
r_dir_file(hal_bluetooth_default, mnt_vendor_file)
# Access lbsoc_helper to bluetooth
use_libsoc_helper(hal_bluetooth_default)

75
generic/vendor/common/hal_bootctl.te vendored
View File

@@ -1,75 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# These are the permissions required to use the boot_control HAL implemented
# here: hardware/qcom/bootctrl/boot_control.c
# Getting and setting GPT attributes for the bootloader iterates over all the
# partition names in the block_device directory /dev/block/.../by-name
allow hal_bootctl block_device:dir r_dir_perms;
#Opening /dev directory from bootctl to query /dev/ufs-bsg* filename
allow hal_bootctl device:dir r_dir_perms;
# Edit the attributes stored in the GPT.
allow hal_bootctl vendor_gpt_block_device:blk_file rw_file_perms;
allow hal_bootctl root_block_device:blk_file rw_file_perms;
# Allow boot_control_hal to get attributes on all the A/B partitions.
allow hal_bootctl boot_block_device:blk_file rw_file_perms;
allow hal_bootctl vendor_ab_block_device:blk_file getattr;
allow hal_bootctl vendor_xbl_block_device:blk_file getattr;
allow hal_bootctl vendor_modem_block_device:blk_file getattr;
allow hal_bootctl system_block_device:blk_file getattr;
allow hal_bootctl vendor_custom_ab_block_device:blk_file getattr;
allow hal_bootctl vendor_ab_block_device:blk_file getattr;
allow hal_bootctl recovery_block_device:blk_file getattr;
allow hal_bootctl vendor_mdtp_device:blk_file getattr;
allow hal_bootctl_server misc_block_device:blk_file rw_file_perms;
# Access /dev/sgN or /dev/ufs-bsg* devices (generic SCSI) to write the
# A/B slot selection for the XBL partition. Allow also to issue a
# UFS_IOCTL_QUERY or SG_IO ioctl.
allow hal_bootctl vendor_sg_device:chr_file rw_file_perms;
allow hal_bootctl vendor_bsg_device:chr_file rw_file_perms;
# The sys_rawio denial message is benign, and shows up due to a capability()
# call made by the scsi driver to check for CAP_SYS_RAWIO. Not having this
# does not result in a error
dontaudit hal_bootctl self:capability sys_rawio;
#scsi driver does a capability check (CAP_SYS_RAWIO) when bootctl does
# an ioctl to /dev/ufs-bsg .Adding this rule to avoid ioctl error.
allow hal_bootctl_server self:capability { sys_rawio };
# Read the sysfs to lookup what /dev/sgN device
# corresponds to the XBL partitions.
allow hal_bootctl vendor_sysfs_scsi_target:dir r_dir_perms;
# Write to the XBL devices.
allow hal_bootctl vendor_xbl_block_device:blk_file rw_file_perms;
# Read dir permission for dt_firmware
allow hal_bootctl sysfs_dt_firmware_android:dir r_dir_perms;

70
generic/vendor/common/hal_camera.te vendored
View File

@@ -1,70 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# This is needed to get priority for Camera process
allow hal_camera self:capability sys_nice;
# This is mandatory to open Camera Service
hal_client_domain(hal_camera_default, hal_graphics_allocator)
# This is needed to get performance boost
hal_client_domain(hal_camera_default, vendor_hal_perf)
set_prop(hal_camera, vendor_camera_prop)
# ignore spurious denial
dontaudit hal_camera graphics_device:dir search;
allow hal_camera vendor_camera_data_file:dir rw_dir_perms;
allow hal_camera vendor_camera_data_file:file create_file_perms;
unix_socket_connect(hal_camera, vendor_thermal, vendor_thermal-engine)
userdebug_or_eng(`
allow hal_camera vendor_diag_device:chr_file rw_file_perms;
')
# access hexagon
allow hal_camera vendor_qdsp_device:chr_file r_file_perms;
#Allow camera to access synx device
allow hal_camera vendor_synx_device:chr_file rw_file_perms;
#needed for full_treble
hal_client_domain(hal_camera_default, hal_graphics_composer)
r_dir_file(hal_camera_default, vendor_sysfs_graphics)
#allow camera to access /dsp
r_dir_file(hal_camera, adsprpcd_file);
#allow camera to access adsprpc_prop
get_prop(hal_camera, vendor_adsprpc_prop)
# This is needed to access GPU
allow hal_camera_default gpu_device:chr_file rw_file_perms;
# Postproc Service
hal_attribute_hwservice(hal_camera, vendor_hal_camera_postproc_hwservice);

27
generic/vendor/common/hal_camera_default.te vendored
View File

@@ -1,27 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
vndbinder_use(hal_camera_default);

29
generic/vendor/common/hal_contexthub.te vendored
View File

@@ -1,29 +0,0 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Allow context hub HAL to communicate with daemon via socket
unix_socket_connect(hal_contexthub, vendor_chre, vendor_chre)

56
generic/vendor/common/hal_display_color.te vendored
View File

@@ -1,56 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Define domain
type vendor_hal_display_color_default, domain;
hal_server_domain(vendor_hal_display_color_default, vendor_hal_display_color)
type vendor_hal_display_color_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_hal_display_color_default)
# Allow hwbinder call from hal client to server
binder_call(vendor_hal_display_color_client, vendor_hal_display_color_server)
binder_call(platform_app, vendor_hal_display_color_server)
# Add hwservice related rules
add_hwservice(vendor_hal_display_color_server, vendor_hal_display_color_hwservice)
allow vendor_hal_display_color_client vendor_hal_display_color_hwservice:hwservice_manager find;
allow platform_app vendor_hal_display_color_hwservice:hwservice_manager find;
# Rule for display color to access graphics composer process
unix_socket_connect(vendor_hal_display_color, vendor_pps, hal_graphics_composer_default);
# Rule for vndbinder usage
allow vendor_hal_display_color vendor_qdisplay_service:service_manager find;
vndbinder_use(vendor_hal_display_color);
binder_call(vendor_hal_display_color, hal_graphics_composer)
#Add rules for postproc hal
add_hwservice(vendor_hal_display_color_server, vendor_hal_display_postproc_hwservice)
allow vendor_hal_display_postproc_client vendor_hal_display_postproc_hwservice:hwservice_manager find;
# Set vendor_qdcmss property
set_prop(vendor_hal_display_color, vendor_qdcmss_prop);

27
generic/vendor/common/hal_drm_default.te vendored
View File

@@ -1,27 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow hal_drm_default vndbinder_device:chr_file rw_file_perms;

49
generic/vendor/common/hal_drm_widevine.te vendored
View File

@@ -1,49 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# define SELinux domain
type vendor_hal_drm_widevine, domain;
hal_server_domain(vendor_hal_drm_widevine, hal_drm)
type vendor_hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_hal_drm_widevine)
allow vendor_hal_drm_widevine mediacodec:fd use;
allow vendor_hal_drm_widevine { appdomain -isolated_app }:fd use;
allow vendor_hal_drm_widevine vendor_qce_device:chr_file rw_file_perms;
#Allow access to smcinvoke device
allow vendor_hal_drm_widevine vendor_smcinvoke_device:chr_file rw_file_perms;
# The QTI DRM-HAL implementation uses a vendor-binder service provided
# by the HWC HAL.
vndbinder_use(vendor_hal_drm_widevine);
allow vendor_hal_drm_widevine vendor_qdisplay_service:service_manager { find };
#binder_call(vendor_hal_drm_widevine, hal_graphics_composer)
hal_client_domain(vendor_hal_drm_widevine, hal_graphics_composer);
allow vendor_hal_drm_widevine vendor_mediadrm_vendor_data_file:dir create_dir_perms;
allow vendor_hal_drm_widevine vendor_mediadrm_vendor_data_file:file create_file_perms;

35
generic/vendor/common/hal_gatekeeper_qti.te vendored
View File

@@ -1,35 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_hal_gatekeeper_qti, domain;
hal_server_domain(vendor_hal_gatekeeper_qti, hal_gatekeeper)
type vendor_hal_gatekeeper_qti_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_hal_gatekeeper_qti)
dontaudit vendor_hal_gatekeeper_qti firmware_file:dir search;
get_prop(vendor_hal_gatekeeper_qti, vendor_tee_listener_prop)

64
generic/vendor/common/hal_gnss_qti.te vendored
View File

@@ -1,64 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# generic/vendor_hal_gnss_qti.te - generic sepolicy rules for vendor_location hidl
type vendor_hal_gnss_qti, domain;
hal_server_domain(vendor_hal_gnss_qti, hal_gnss)
type vendor_hal_gnss_qti_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_hal_gnss_qti)
# vendor binder
use_vendor_per_mgr(vendor_hal_gnss_qti)
# /data/vendor/vendor_location
allow vendor_hal_gnss_qti vendor_location_data_file:fifo_file { open read setattr write };
allow vendor_hal_gnss_qti vendor_location_data_file:dir create_dir_perms;
allow vendor_hal_gnss_qti vendor_location_data_file:file create_file_perms;
# /dev/socket/vendor_location
allow vendor_hal_gnss_qti vendor_location_socket:sock_file create_file_perms;
allow vendor_hal_gnss_qti vendor_location_socket:dir rw_dir_perms;
allow vendor_hal_gnss_qti vendor_location:unix_stream_socket connectto;
allow vendor_hal_gnss_qti vendor_location:unix_dgram_socket sendto;
# Allow Gnss HAL to get updates from health hal
hal_client_domain(vendor_hal_gnss_qti, hal_health)
# Most HALs are not allowed to use network sockets. QTI library
# libqdi is used across multiple processes which are clients of
# netmgrd including the GNSS HAL. libqdi first attempts to get the network
# interface using an IOCTL on a UDP INET socket, which isn't allowed here.
# If that fails, it falls back to using libc's if_nameindex() which requires
# a netlink route socket, which HALs may use. Due to the initial
# attempt to use a UDP socket, we still see a selinux denial,
# but it is safe to ignore.
# TODO (b/37730994) Remove udp_socket requirement from
# libqdi and have all its clients use netlink route
# sockets.
dontaudit vendor_hal_gnss_qti self:udp_socket create;

91
generic/vendor/common/hal_graphics_composer_default.te vendored
View File

@@ -1,91 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Binder access (for display.qservice)
vndbinder_use(hal_graphics_composer_default)
hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator);
allow hal_graphics_composer_default vendor_qdisplay_service:service_manager { add find };
allow hal_graphics_composer_default vendor_persist_display_file:dir search;
allow hal_graphics_composer_default vendor_persist_display_file:file r_file_perms;
# Allow reading/writing to '/mnt/vendor/persist/display/*'
allow hal_graphics_composer_default vendor_persist_display_file:dir rw_dir_perms;
allow hal_graphics_composer_default vendor_persist_display_file:file create_file_perms;
allow hal_graphics_composer vendor_sysfs_graphics:dir r_dir_perms;
allow hal_graphics_composer vendor_sysfs_graphics:file rw_file_perms;
allow hal_graphics_composer_default mnt_vendor_file:dir search;
allow hal_graphics_composer oemfs:dir r_dir_perms;
get_prop(hal_graphics_composer, vendor_display_prop)
allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;
r_dir_file(hal_graphics_composer_default, sysfs_leds)
# TODO(b/37666508): Remove the following line upon resolution of the bug
allow hal_graphics_composer_default video_device:chr_file rw_file_perms;
allow hal_graphics_composer_default graphics_device:chr_file rw_file_perms;
# HWC_UeventThread
allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
# Allow ion_device read/write permission
allow hal_graphics_composer_default ion_device:chr_file rw_file_perms;
# Access /sys/devices/virtual/graphics/fb0
r_dir_file(hal_graphics_composer_default, sysfs_type)
# Allow reading/writing to '/data/vendor/display/*'
allow hal_graphics_composer_default vendor_display_vendor_data_file:dir create_dir_perms;
allow hal_graphics_composer_default vendor_display_vendor_data_file:file create_file_perms;
userdebug_or_eng(`
allow hal_graphics_composer_default vendor_debugfs_mdp:dir r_dir_perms;
allow hal_graphics_composer_default vendor_debugfs_mdp:file r_file_perms;
')
userdebug_or_eng(`
# Allow read to /sys/kernel/debug/*
allow hal_graphics_composer vendor_qti_display_debugfs:dir r_dir_perms;
allow hal_graphics_composer vendor_qti_display_debugfs:file r_file_perms;
allow hal_graphics_composer_default vendor_qti_display_debugfs:dir r_dir_perms;
allow hal_graphics_composer_default vendor_qti_display_debugfs:file r_file_perms;
')
# Allow sensor service access
allow hal_graphics_composer fwk_sensor_hwservice:hwservice_manager find;
binder_call(hal_graphics_composer, system_server)
# allow composer to register display config
add_hwservice(hal_graphics_composer_server, vendor_hal_display_config_hwservice);
# allow composer client to find display config service.
allow hal_graphics_composer_client vendor_hal_display_config_hwservice:hwservice_manager find;
# Allow qdcmss socket access
unix_socket_connect(hal_graphics_composer_default, vendor_qdcmsocket, vendor_qdcm-ss)

36
generic/vendor/common/hal_health.te vendored
View File

@@ -1,36 +0,0 @@
# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
r_dir_file(hal_health, vendor_sysfs_battery_supply);
r_dir_file(hal_health, vendor_sysfs_usb_supply);
allow hal_health hal_health_default:dir search;
allow hal_health {
vendor_sysfs_battery_supply
vendor_sysfs_usb_supply
}:file rw_file_perms;

52
generic/vendor/common/hal_imsrtp.te vendored
View File

@@ -1,52 +0,0 @@
# Copyright (c) 2018,2020 The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#vendor_ims rtp service
type vendor_hal_imsrtp, domain;
type vendor_hal_imsrtp_exec, exec_type, vendor_file_type, file_type;
# Started by init
init_daemon_domain(vendor_hal_imsrtp)
net_domain(vendor_hal_imsrtp)
hwbinder_use(vendor_hal_imsrtp)
get_prop(vendor_hal_imsrtp, hwservicemanager_prop)
add_hwservice(vendor_hal_imsrtp, vendor_hal_imsrtp_hwservice)
allow vendor_hal_imsrtp self: qipcrtr_socket create_socket_perms_no_ioctl;
unix_socket_connect(vendor_hal_imsrtp, vendor_ims, vendor_ims)
allow vendor_hal_imsrtp vendor_sysfs_timestamp_switch:file r_file_perms;
allow vendor_hal_imsrtp self:capability net_bind_service;
allow vendor_hal_imsrtp vendor_sysfs_timestamp_switch:file r_file_perms;
allow vendor_hal_imsrtp ion_device:chr_file r_file_perms;
allow vendor_hal_imsrtp vendor_sysfs_data:file r_file_perms;
r_dir_file(vendor_hal_imsrtp, vendor_sysfs_diag)
get_prop(vendor_hal_imsrtp, vendor_ims_prop)
binder_call(vendor_hal_imsrtp, vendor_qtelephony)

35
generic/vendor/common/hal_keymaster_qti.te vendored
View File

@@ -1,35 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_hal_keymaster_qti, domain;
hal_server_domain(vendor_hal_keymaster_qti, hal_keymaster)
type vendor_hal_keymaster_qti_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_hal_keymaster_qti)
dontaudit vendor_hal_keymaster_qti firmware_file:dir search;
get_prop(vendor_hal_keymaster_qti, vendor_tee_listener_prop)

28
generic/vendor/common/hal_light.te vendored
View File

@@ -1,28 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow hal_light vendor_sysfs_graphics:dir search;
allow hal_light vendor_sysfs_graphics:file rw_file_perms;

31
generic/vendor/common/hal_memtrack_default.te vendored
View File

@@ -1,31 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#Acess to kgsl memory /sys/class/kgsl/kgsl/proc/<pid>/mtrack
r_dir_file(hal_memtrack_default, vendor_sysfs_kgsl_proc);
allow hal_memtrack_default vendor_sysfs_kgsl:dir search;

47
generic/vendor/common/hal_neuralnetworks.te vendored
View File

@@ -1,47 +0,0 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_hal_neuralnetworks_default, domain;
hal_server_domain(vendor_hal_neuralnetworks_default, hal_neuralnetworks)
hal_client_domain(vendor_hal_neuralnetworks_default, hal_graphics_allocator)
type vendor_hal_neuralnetworks_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_hal_neuralnetworks_default)
allow vendor_hal_neuralnetworks_default fwk_sensor_hwservice:hwservice_manager find;
allow vendor_hal_neuralnetworks_default vendor_qdsp_device:chr_file r_file_perms;
allow vendor_hal_neuralnetworks_default vendor_xdsp_device:chr_file r_file_perms;
allow vendor_hal_neuralnetworks_default ion_device:chr_file r_file_perms;
allow vendor_hal_neuralnetworks_default app_data_file:file { read getattr map };
allow vendor_hal_neuralnetworks_default shell_data_file:file { read getattr map };
allow vendor_hal_neuralnetworks_default vendor_hal_neuralnetworks_data_file:dir create_dir_perms;
allow vendor_hal_neuralnetworks_default vendor_hal_neuralnetworks_data_file:{ file fifo_file } create_file_perms;
allow vendor_hal_neuralnetworks_default gpu_device:chr_file rw_file_perms;
allow vendor_hal_neuralnetworks_default vendor_npu_device:chr_file r_file_perms;
r_dir_file(vendor_hal_neuralnetworks_default, adsprpcd_file)

30
generic/vendor/common/hal_power_default.te vendored
View File

@@ -1,30 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow hal_power_default vendor_hbtp_kernel_sysfs:file rw_file_perms;
hal_client_domain(hal_power_default, vendor_hal_perf)

42
generic/vendor/common/hal_qdutils_disp_qti.te vendored
View File

@@ -1,42 +0,0 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_hal_qdutils_disp_qti, domain;
hal_server_domain(vendor_hal_qdutils_disp_qti, vendor_hal_qdutils_disp)
type vendor_hal_qdutils_disp_qti_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(vendor_hal_qdutils_disp_qti)
binder_call(vendor_hal_qdutils_disp_client, vendor_hal_qdutils_disp_server)
binder_call(vendor_hal_qdutils_disp_server, vendor_hal_qdutils_disp_client)
add_hwservice(vendor_hal_qdutils_disp_server, vendor_hal_qdutils_disp_hwservice)
allow vendor_hal_qdutils_disp_client vendor_hal_qdutils_disp_hwservice:hwservice_manager find;
vndbinder_use(vendor_hal_qdutils_disp_qti);
allow vendor_hal_qdutils_disp_qti vendor_qdisplay_service:service_manager find;
#hal_client_domain(vendor_hal_qdutils_disp_qti, hal_display_config);
hal_client_domain(vendor_hal_qdutils_disp_qti, hal_graphics_composer);

71
generic/vendor/common/hal_rcsservice.te vendored
View File

@@ -1,71 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_hal_rcsservice, domain;
type vendor_hal_rcsservice_exec, exec_type, vendor_file_type, file_type;
# Started by init
init_daemon_domain(vendor_hal_rcsservice)
net_domain(vendor_hal_rcsservice)
get_prop(vendor_hal_rcsservice, vendor_ims_prop)
set_prop(vendor_hal_rcsservice, vendor_ims_prop)
# To register imsrcsd to hwBinder
hwbinder_use(vendor_hal_rcsservice)
# add IUceSerive and IService to Hidl interface
add_hwservice(vendor_hal_rcsservice, vendor_hal_imsrcsd_hwservice)
add_hwservice(vendor_hal_rcsservice, vendor_hal_imscallinfo_hwservice)
#add imsfactory to HIDl interface
add_hwservice(vendor_hal_rcsservice, vendor_hal_imsfactory_hwservice)
get_prop(vendor_hal_rcsservice, hwservicemanager_prop)
allow vendor_hal_rcsservice vendor_sysfs_timestamp_switch:file r_file_perms;
allow vendor_hal_rcsservice vendor_sysfs_data:file r_file_perms;
allow vendor_hal_rcsservice self: { socket qipcrtr_socket } create_socket_perms_no_ioctl;
#required for socket creation
unix_socket_connect(vendor_hal_rcsservice, vendor_ims, vendor_ims)
# imsrcsd to bind with UceShimService.apk
binder_call(vendor_hal_rcsservice, vendor_dataservice_app)
# imsrcsd needs read/write access to devpts
allow vendor_hal_rcsservice devpts:chr_file rw_file_perms;
# allow imsrcsd capabilities
wakelock_use(vendor_hal_rcsservice)
allow vendor_hal_rcsservice self:capability net_bind_service;
allow vendor_hal_rcsservice self:capability2 wake_alarm;
#diag
userdebug_or_eng(`
diag_use(vendor_hal_rcsservice)
binder_call(vendor_hal_rcsservice, radio)
')
set_prop(vendor_hal_rcsservice, vendor_ctl_vendor_imsrcsservice_prop)

65
generic/vendor/common/hal_sensors_default.te vendored
View File

@@ -1,65 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# read factory calibration and sensor configuration data
allow hal_sensors_default mnt_vendor_file:dir search;
r_dir_file(hal_sensors_default, vendor_persist_sensors_file)
get_prop(hal_sensors_default, vendor_sensors_prop)
# Access to tests from userdebug/eng builds
userdebug_or_eng(`
diag_use(hal_sensors_default)
get_prop(hal_sensors_default, vendor_sensors_dbg_prop)
allow hal_sensors_default vendor_sysfs_timestamp_switch:file r_file_perms;
')
allow hal_sensors_default vendor_qdsp_device:chr_file r_file_perms;
allow hal_sensors_default vendor_xdsp_device:chr_file r_file_perms;
allow hal_sensors vendor_sysfs_data:file r_file_perms;
allow hal_sensors vendor_sysfs_sensors:dir r_dir_perms;
allow hal_sensors vendor_sysfs_sensors:file rw_file_perms;
allow hal_sensors vendor_sysfs_sensors:lnk_file read;
#following to set the ssr
allow hal_sensors_default vendor_sysfs_slpi:dir search;
allow hal_sensors_default vendor_sysfs_slpi:file w_file_perms;
allow hal_sensors_default vendor_sysfs_adsp_ssr:file w_file_perms;
allow hal_sensors_default vendor_persist_sensors_file:dir rw_dir_perms;
allow hal_sensors_default vendor_persist_sensors_file:file create_file_perms;
allow hal_sensors_default mnt_vendor_file:dir rw_dir_perms;
allow hal_sensors_default mnt_vendor_file:file create_file_perms;
#interact with the sensors low power island (SLPI) CPU
allow hal_sensors_default self:{ socket qipcrtr_socket } create_socket_perms;
allowxperm hal_sensors_default self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
allow hal_sensors_default system_server:fd use;
hal_client_domain(hal_sensors_default, hal_graphics_allocator)
# allow to read adsprpc related properties
get_prop(hal_sensors_default, vendor_adsprpc_prop)

28
generic/vendor/common/hal_telephony.te vendored
View File

@@ -1,28 +0,0 @@
#Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
#met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
set_prop(hal_telephony_server, vendor_radio_prop);

40
generic/vendor/common/hal_tetheroffload_default.te vendored
View File

@@ -1,40 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow hal_tetheroffload_default vendor_ipa_dev:chr_file rw_file_perms;
allow hal_tetheroffload_default vendor_ipacm_socket:sock_file w_file_perms;
allow hal_tetheroffload_default vendor_ipa_vendor_data_file:dir w_dir_perms;
allow hal_tetheroffload_default vendor_ipa_vendor_data_file:file create_file_perms;
#add_hwservice(hal_tetheroffload_default, hal_tetheroffload_hwservice)
#diag
userdebug_or_eng(`
r_dir_file(hal_tetheroffload_default, vendor_sysfs_diag)
allow hal_tetheroffload_default vendor_sysfs_timestamp_switch:file r_file_perms;
')

28
generic/vendor/common/hal_thermal_default.te vendored
View File

@@ -1,28 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow hal_thermal_default sysfs_thermal:lnk_file read;
allow hal_thermal_default proc_stat:file { getattr open read };

51
generic/vendor/common/hal_trustedui_qti.te vendored
View File

@@ -1,51 +0,0 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_hal_trustedui_qti, domain;
hal_server_domain(vendor_hal_trustedui_qti, vendor_hal_trustedui)
type vendor_hal_trustedui_qti_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(vendor_hal_trustedui_qti)
binder_call(vendor_hal_trustedui_client, vendor_hal_trustedui_server)
binder_call(vendor_hal_trustedui_server, vendor_hal_trustedui_client)
hal_attribute_hwservice(vendor_hal_trustedui, vendor_hal_trustedui_hwservice)
hal_client_domain(vendor_hal_trustedui_qti, hal_graphics_allocator);
hal_client_domain(vendor_hal_trustedui_qti, hal_graphics_composer);
hal_client_domain(vendor_hal_trustedui_qti, vendor_hal_systemhelper);
allow vendor_hal_trustedui_qti vendor_sysfs_sectouch:file rw_file_perms;
allow vendor_hal_trustedui_qti vendor_tui_data_file:file rw_file_perms;
allow vendor_hal_trustedui_qti vendor_tui_data_file:dir r_dir_perms;
allow vendor_hal_trustedui_qti ion_device:chr_file r_file_perms;
allow vendor_hal_trustedui_qti surfaceflinger:fd use;
allow vendor_hal_trustedui_qti tee_device:chr_file rw_file_perms;
binder_call(vendor_hal_trustedui_qti, vendor_systemhelper_app)

39
generic/vendor/common/hal_tui_comm_qti.te vendored
View File

@@ -1,39 +0,0 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_hal_tui_comm_qti, domain;
hal_server_domain(vendor_hal_tui_comm_qti, vendor_hal_tui_comm)
type vendor_hal_tui_comm_qti_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(vendor_hal_tui_comm_qti)
binder_call(vendor_hal_tui_comm_client, vendor_hal_tui_comm_server)
binder_call(vendor_hal_tui_comm_server, vendor_hal_tui_comm_client)
add_hwservice(vendor_hal_tui_comm_server, vendor_hal_tui_comm_hwservice)
allow vendor_hal_tui_comm_client vendor_hal_tui_comm_hwservice:hwservice_manager find;
hal_client_domain(vendor_hal_tui_comm_qti, hal_graphics_allocator);

31
generic/vendor/common/hal_usb_default.te vendored
View File

@@ -1,31 +0,0 @@
# Copyright (c) 2017, 2019 The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow hal_usb_default vendor_sysfs_usbpd_device:dir r_dir_perms;
allow hal_usb_default vendor_sysfs_usbpd_device:lnk_file r_file_perms;
allow hal_usb_default vendor_sysfs_usbpd_device:file rw_file_perms;
r_dir_file(hal_usb_default, vendor_sysfs_usb_supply);

32
generic/vendor/common/hal_vibrator_default.te vendored
View File

@@ -1,32 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
r_dir_file(hal_vibrator_default, sysfs_leds)
allow hal_vibrator_default sysfs_leds:file rw_file_perms;
# read-only permission to obtain the calibration data
r_dir_file(hal_vibrator_default, vendor_persist_haptics_file)
allow hal_vibrator_default mnt_vendor_file:dir search;

53
generic/vendor/common/hal_wifi.te vendored
View File

@@ -1,53 +0,0 @@
#Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
#met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
# allow hal_wifi to write into /proc/debugdriver/driverdump
r_dir_file(hal_wifi_default, vendor_proc_wifi_dbg)
# write to files owned by location daemon
allow hal_wifi_default vendor_location_socket:dir search;
allow hal_wifi_default vendor_location:unix_dgram_socket sendto;
# Connect to vendor_location via vendor_location socket.
unix_socket_connect(hal_wifi, vendor_location, vendor_location)
allow hal_wifi_default vendor_wifihal_socket:dir rw_dir_perms;
allow hal_wifi_default vendor_wifihal_socket:sock_file create_file_perms;
# Write wlan driver/fw version into property
set_prop(hal_wifi_default, vendor_wifi_version)
# allow hal_wifi to write into /proc/sys/net/ipv4
allow hal_wifi proc_net:file write;
# allow hal_wifi to write into /data/vendor/tombstones/wifi
userdebug_or_eng(`
allow hal_wifi_server vendor_tombstone_data_file:dir rw_dir_perms;
allow hal_wifi_server vendor_tombstone_data_file:file create_file_perms;
')

28
generic/vendor/common/hal_wifi_default.te vendored
View File

@@ -1,28 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow hal_wifi vendor_wlan_device:chr_file rw_file_perms;

32
generic/vendor/common/hal_wifi_hostapd.te vendored
View File

@@ -1,32 +0,0 @@
#Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
#met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
userdebug_or_eng(`
allow hal_wifi_hostapd vendor_wifi_vendor_log_data_file:dir search;
')

43
generic/vendor/common/hal_wifi_supplicant.te vendored
View File

@@ -1,43 +0,0 @@
#Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
#met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
# Allow access to create socket and ioctl.
allow hal_wifi_supplicant_default self:socket create_socket_perms;
# ioctlcmd=c304, c302
allowxperm hal_wifi_supplicant_default self:socket ioctl msm_sock_ipc_ioctls;
allow hal_wifi_supplicant_default wpa_data_file:dir create_dir_perms;
allow hal_wifi_supplicant_default wpa_data_file:dir w_dir_perms;
allow hal_wifi_supplicant_default wpa_data_file:file create_file_perms;
# Permission for wpa socket which IMS use to communicate
# # Allow wpa_supplicant to send back wifi information to cnd
allow hal_wifi_supplicant_default { vendor_cnd vendor_ims vendor_mutualex}:unix_dgram_socket sendto;
# # Allow wpa_supplicant to send back wifi information to vendor_location
allow hal_wifi_supplicant_default vendor_location:unix_dgram_socket sendto;

83
generic/vendor/common/hbtp.te vendored
View File

@@ -1,83 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Policies for vendor_hbtp (host based touch processing)
type vendor_hbtp, domain;
type vendor_hbtp_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_hbtp)
hal_server_domain(vendor_hbtp, vendor_hal_hbtp)
# Allow access for /dev/vendor_hbtp_input and /dev/jdi-bu21150
allow vendor_hbtp { vendor_hbtp_device vendor_qdsp_device vendor_dsp_device vendor_bu21150_device vendor_xdsp_device }:chr_file rw_file_perms;
allow vendor_hbtp vendor_hbtp_log_file:dir rw_dir_perms;
allow vendor_hbtp vendor_hbtp_log_file:file create_file_perms;
allow vendor_hbtp vendor_hbtp_cfg_file:dir r_dir_perms;
allow vendor_hbtp vendor_hbtp_cfg_file:file r_file_perms;
allow vendor_hbtp firmware_file:dir r_dir_perms;
allow vendor_hbtp firmware_file:file r_file_perms;
allow vendor_hbtp vendor_firmware_file:dir r_dir_perms;
allow vendor_hbtp vendor_firmware_file:file r_file_perms;
allow vendor_hbtp vendor_sysfs_usb_supply:file r_file_perms;
allow vendor_hbtp vendor_sysfs_usb_supply:dir r_dir_perms;
allow vendor_hbtp vendor_hbtp_kernel_sysfs:file rw_file_perms;
allow vendor_hbtp vendor_sysfs_graphics:file r_file_perms;
allow vendor_hbtp vendor_sysfs_graphics:dir r_dir_perms;
allow vendor_hbtp vendor_sysfs_battery_supply:file r_file_perms;
allow vendor_hbtp vendor_sysfs_battery_supply:dir r_dir_perms;
allow vendor_hbtp ion_device:chr_file r_file_perms;
allow vendor_hbtp self:netlink_kobject_uevent_socket { create read setopt bind };
# Allow the service to access wakelock sysfs
allow vendor_hbtp sysfs_wake_lock:file r_file_perms;
# Allow the service to change to system from root
allow vendor_hbtp self:capability { setgid setuid sys_nice };
# Allow load touch driver as touchPD
r_dir_file(vendor_hbtp, adsprpcd_file)
#allow the service to read adsprpc_prop
get_prop(vendor_hbtp, vendor_adsprpc_prop)
# Allow the service to access wakelock capability
wakelock_use(vendor_hbtp)
# Allow hwbinder call from hal client to server and vice-versa
binder_call(vendor_hal_hbtp_client, vendor_hal_hbtp_server)
binder_call(vendor_hal_hbtp_server, vendor_hal_hbtp_client)
# Allow hwservice related rules
add_hwservice(vendor_hal_hbtp_server, vendor_hal_hbtp_hwservice)
allow vendor_hal_hbtp_client vendor_hal_hbtp_hwservice:hwservice_manager find;
hal_client_domain(vendor_hbtp, hal_allocator);

35
generic/vendor/common/healthd.te vendored
View File

@@ -1,35 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow healthd self:capability2 wake_alarm;
r_dir_file(healthd, vendor_sysfs_battery_supply)
r_dir_file(healthd, vendor_sysfs_usb_supply)
r_dir_file(healthd, sysfs_thermal);
allow healthd {
vendor_sysfs_battery_supply
vendor_sysfs_usb_supply
}:file rw_file_perms;

44
generic/vendor/common/hwservice.te vendored
View File

@@ -1,44 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_hal_cne_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_cacert_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_dataconnection_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_iwlan_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_display_config_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_imsrcsd_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_imsrtp_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_imscallinfo_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_ipacm_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_hbtp_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_perf_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_tui_comm_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_qdutils_disp_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_trustedui_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_display_color_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_display_postproc_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_camera_postproc_hwservice, hwservice_manager_type, protected_hwservice;

64
generic/vendor/common/hwservice_contexts vendored
View File

@@ -1,64 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
com.qualcomm.qti.ant::IAntHci u:object_r:hal_bluetooth_hwservice:s0
com.dsi.ant::IAnt u:object_r:hal_bluetooth_hwservice:s0
vendor.qti.hardware.data.iwlan::IIWlan u:object_r:vendor_hal_iwlan_hwservice:s0
com.qualcomm.qti.uceservice::IUceService u:object_r:vendor_hal_imsrcsd_hwservice:s0
com.qualcomm.qti.imscmservice::IImsCmService u:object_r:vendor_hal_imsrcsd_hwservice:s0
vendor.qti.ims.callinfo::IService u:object_r:vendor_hal_imscallinfo_hwservice:s0
vendor.qti.imsrtpservice::IRTPService u:object_r:vendor_hal_imsrtp_hwservice:s0
vendor.qti.data.factory::IFactory u:object_r:vendor_hal_datafactory_hwservice:s0
vendor.qti.ims.factory::IImsFactory u:object_r:vendor_hal_imsfactory_hwservice:s0
vendor.qti.hardware.data.connection::IDataConnection u:object_r:vendor_hal_dataconnection_hwservice:s0
vendor.qti.hardware.cacert::IService u:object_r:vendor_hal_cacert_hwservice:s0
vendor.display.config::IDisplayConfig u:object_r:vendor_hal_display_config_hwservice:s0
vendor.display.color::IDisplayColor u:object_r:vendor_hal_display_color_hwservice:s0
vendor.display.postproc::IDisplayPostproc u:object_r:vendor_hal_display_postproc_hwservice:s0
vendor.qti.hardware.data.iwlan::IIWlan u:object_r:vendor_hal_iwlan_hwservice:s0
vendor.qti.hardware.capabilityconfigstore::ICapabilityConfigStore u:object_r:vendor_hal_capabilityconfigstore_qti_hwservice:s0
vendor.qti.hardware.improvetouch.touchcompanion::ITouchCompanion u:object_r:vendor_hal_hbtp_hwservice:s0
vendor.qti.hardware.improvetouch.gesturemanager::IGestureManager u:object_r:vendor_hal_hbtp_hwservice:s0
vendor.qti.hardware.improvetouch.blobmanager::IBlobManager u:object_r:vendor_hal_hbtp_hwservice:s0
vendor.qti.hardware.perf::IPerf u:object_r:vendor_hal_perf_hwservice:s0
vendor.qti.hardware.radio.atcmdfwd::IAtCmdFwd u:object_r:vendor_hal_atfwd_hwservice:s0
vendor.qti.hardware.radio.qcrilhook::IQtiOemHook u:object_r:hal_telephony_hwservice:s0
vendor.qti.hardware.radio.am::IQcRilAudio u:object_r:hal_telephony_hwservice:s0
vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo u:object_r:hal_telephony_hwservice:s0
vendor.qti.hardware.radio.lpa::IUimLpa u:object_r:hal_telephony_hwservice:s0
vendor.qti.hardware.radio.ims::IImsRadio u:object_r:hal_telephony_hwservice:s0
vendor.qti.hardware.radio.uim::IUim u:object_r:hal_telephony_hwservice:s0
vendor.qti.hardware.radio.uim_remote_client::IUimRemoteServiceClient u:object_r:hal_telephony_hwservice:s0
vendor.qti.hardware.radio.uim_remote_server::IUimRemoteServiceServer u:object_r:hal_telephony_hwservice:s0
vendor.qti.hardware.display.allocator::IQtiAllocator u:object_r:hal_graphics_allocator_hwservice:s0
vendor.qti.hardware.display.composer::IQtiComposer u:object_r:hal_graphics_composer_hwservice:s0
vendor.qti.hardware.tui_comm::ITuiComm u:object_r:vendor_hal_tui_comm_hwservice:s0
vendor.qti.hardware.qdutils_disp::IQdutilsDisp u:object_r:vendor_hal_qdutils_disp_hwservice:s0
vendor.qti.hardware.trustedui::ITrustedUI u:object_r:vendor_hal_trustedui_hwservice:s0
vendor.qti.hardware.trustedui::ITrustedInput u:object_r:vendor_hal_trustedui_hwservice:s0
android.hardware.media.c2::IConfigurable u:object_r:hal_codec2_hwservice:s0
vendor.qti.hardware.display.mapper::IQtiMapper u:object_r:hal_graphics_mapper_hwservice:s0
vendor.qti.hardware.camera.postproc::IPostProcService u:object_r:vendor_hal_camera_postproc_hwservice:s0

63
generic/vendor/common/ims.te vendored
View File

@@ -1,63 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_ims, domain;
type vendor_ims_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_ims)
net_domain(vendor_ims)
get_prop(vendor_ims, hwservicemanager_prop)
set_prop(vendor_ims, vendor_ims_prop)
get_prop(vendor_ims, vendor_ims_prop)
get_prop(vendor_ims, vendor_cnd_prop)
allow vendor_ims vendor_sysfs_timestamp_switch:file r_file_perms;
allow vendor_ims vendor_sysfs_data:file r_file_perms;
allow vendor_ims self:capability net_bind_service;
allow vendor_ims ion_device:chr_file r_file_perms;
unix_socket_connect(vendor_ims, vendor_cnd, vendor_cnd)
allow vendor_ims self:socket create_socket_perms_no_ioctl;
allow vendor_ims vendor_ims_socket:sock_file write;
allow vendor_ims self:{ qipcrtr_socket } create_socket_perms_no_ioctl;
allow vendor_ims self:{ netlink_generic_socket } create_socket_perms_no_ioctl;
netmgr_socket(vendor_ims);
allowxperm vendor_ims self:udp_socket ioctl RMNET_IOCTL_EXTENDED;
allow vendor_ims self:tipc_socket { create_socket_perms_no_ioctl };
#diag
userdebug_or_eng(`
diag_use(vendor_ims)
')
hwbinder_use(vendor_ims)
allow vendor_ims vendor_hal_cne_hwservice:hwservice_manager find;
allow vendor_ims vendor_hal_datafactory_hwservice:hwservice_manager find;
binder_call(vendor_ims, vendor_cnd)

37
generic/vendor/common/imshelper_app.te vendored
View File

@@ -1,37 +0,0 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_imshelper_app, domain;
app_domain(vendor_imshelper_app);
unix_socket_connect(vendor_imshelper_app, vendor_ims, vendor_ims)
allow vendor_imshelper_app app_api_service:service_manager find;
#allow qsee_svc_app vendor_imshelper_app_data_file:dir create_dir_perms;
#allow qsee_svc_app vendor_imshelper_app_data_file:file create_file_perms;
allow vendor_imshelper_app system_app_data_file:dir { getattr search };
allow vendor_imshelper_app vendor_radio_data_file:dir { getattr search };

37
generic/vendor/common/init-qcom-crashdata-sh.te vendored
View File

@@ -1,37 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_init-qcom-crashdata-sh, domain;
type vendor_init-qcom-crashdata-sh_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_init-qcom-crashdata-sh)
allow vendor_init-qcom-crashdata-sh vendor_shell_exec:file rx_file_perms;
allow vendor_init-qcom-crashdata-sh vendor_toolbox_exec:file rx_file_perms;
set_prop(vendor_init-qcom-crashdata-sh, vendor_crash_cnt_prop)
set_prop(vendor_init-qcom-crashdata-sh, vendor_crash_detect_prop)

43
generic/vendor/common/init-qcom-sensors-sh.te vendored
View File

@@ -1,43 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_init-qcom-sensors-sh, domain;
type vendor_init-qcom-sensors-sh_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_init-qcom-sensors-sh)
allow vendor_init-qcom-sensors-sh vendor_shell_exec:file rx_file_perms;
allow vendor_init-qcom-sensors-sh vendor_toolbox_exec:file rx_file_perms;
r_dir_file(vendor_init-qcom-sensors-sh, mnt_vendor_file)
r_dir_file(vendor_init-qcom-sensors-sh, vendor_persist_sensors_file)
allow vendor_init-qcom-sensors-sh vendor_persist_sensors_file:file setattr;
allow vendor_init-qcom-sensors-sh vendor_persist_sensors_file:dir setattr;
allow vendor_init-qcom-sensors-sh sensors_device:chr_file r_file_perms;
set_prop(vendor_init-qcom-sensors-sh, vendor_sensors_prop)

41
generic/vendor/common/init-qti-dcvs-sh.te vendored
View File

@@ -1,41 +0,0 @@
# Copyright (c) 2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_init-qti-dcvs-sh, domain;
type vendor_init-qti-dcvs-sh_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(vendor_init-qti-dcvs-sh)
allow vendor_init-qti-dcvs-sh vendor_shell_exec:file rx_file_perms;
# execute toybox/toolbox
allow vendor_init-qti-dcvs-sh self:perf_event { open cpu };
neverallow vendor_init-qti-dcvs-sh self:perf_event ~{ open cpu };
allow vendor_init-qti-dcvs-sh sysfs:dir { open read };
allow vendor_init-qti-dcvs-sh vendor_sysfs_devfreq:dir r_dir_perms;
allow vendor_init-qti-dcvs-sh vendor_sysfs_devfreq:file w_file_perms;

40
generic/vendor/common/init-qti-ims-sh.te vendored
View File

@@ -1,40 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_init-qti-ims-sh, domain;
type vendor_init-qti-ims-sh_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_init-qti-ims-sh)
allow vendor_init-qti-ims-sh vendor_shell_exec:file rx_file_perms;
allow vendor_init-qti-ims-sh vendor_toolbox_exec:file rx_file_perms;
set_prop(vendor_init-qti-ims-sh, vendor_ims_prop)
get_prop(vendor_init-qti-ims-sh, vendor_ims_prop)
# for ro.build.product
get_prop(vendor_init-qti-ims-sh, exported2_default_prop)

83
generic/vendor/common/init.te vendored
View File

@@ -1,83 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow init {
adsprpcd_file
cache_file
mnt_vendor_file
storage_file
vendor_vm_system_file
}:dir mounton;
# symlink /sdcard to backing block
allow init tmpfs:lnk_file create;
allow init tty_device:chr_file rw_file_perms;
allow init mnt_vendor_file:dir mounton;
allow init vendor_ab_block_device:lnk_file relabelto;
#Allow init to mount non-hlos partitions in A/B builds
allow init { bt_firmware_file vendor_firmware_file firmware_file } :dir mounton;
allow init { bt_firmware_file firmware_file }:filesystem { relabelfrom mount };
allow { bt_firmware_file firmware_file }self:filesystem associate;
dontaudit init kernel:system module_request;
allow init sysfs_leds:lnk_file r_file_perms;
allow init socket_device:sock_file create_file_perms;
#Needed for restorecon. Init already has these permissions
#for generic block devices, but is unable to access those
#which have a custom lable added by us.
allow init {
vendor_custom_ab_block_device
boot_block_device
vendor_xbl_block_device
vendor_ssd_block_device
vendor_modem_block_device
vendor_mdtp_device
vendor_vm_data_block_device
}:{ blk_file lnk_file } relabelto;
#Allow /sys access to write zram disksize
allow init sysfs_zram:dir r_dir_perms;
allow init sysfs_zram:file r_file_perms;
allow init vendor_sysfs_boot_adsp:file w_file_perms;
allow init bt_firmware_file:filesystem getattr;
allow init firmware_file:filesystem getattr;
# Search and write access for vendor_sysfs_graphics for backlight in recovery
recovery_only(`
allow init vendor_sysfs_graphics:file w_file_perms;
allow init vendor_sysfs_graphics:dir search;
allow init vendor_sysfs_usb_device:file w_file_perms;
')

187
generic/vendor/common/init_shell.te vendored
View File

@@ -1,187 +0,0 @@
# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Restricted domain for shell processes spawned by init.
# Normally these are shell commands or scripts invoked via sh
# from an init*.rc file. No service should ever run in this domain.
type vendor_qti_init_shell, domain;
type vendor_qti_init_shell_exec, exec_type, vendor_file_type,file_type;
init_daemon_domain(vendor_qti_init_shell)
domain_auto_trans(init, vendor_shell_exec, vendor_qti_init_shell)
# For executing init shell scripts (init.qcom.early_boot.sh)
allow vendor_qti_init_shell vendor_qti_init_shell_exec:file { rx_file_perms entrypoint };
#execute init scripts
allow vendor_qti_init_shell vendor_shell_exec:file {rx_file_perms entrypoint };
allow vendor_qti_init_shell vendor_toolbox_exec:file rx_file_perms;
# For getting idle_time value
# this is needed for dynamic_fps and bw_mode_bitmap
allow vendor_qti_init_shell vendor_sysfs_graphics:file {rw_file_perms setattr};
allow vendor_qti_init_shell mnt_vendor_file:dir w_dir_perms;
allow vendor_qti_init_shell mnt_vendor_file:file create_file_perms;
allow vendor_qti_init_shell vendor_smd_device:chr_file rw_file_perms;
# Run helpers from / or /system without changing domain.
allow vendor_qti_init_shell { rootfs vendor_shell_exec }:file execute_no_trans;
allow vendor_qti_init_shell gpu_device:chr_file getattr;
allow vendor_qti_init_shell vendor_sysfs_cpu_boost:dir r_dir_perms;
allow vendor_qti_init_shell vendor_sysfs_cpu_boost:file rw_file_perms;
# for insmod of iris ko, this is needed.
# fowner and fsetid are needed for chmod display nodes.
allow vendor_qti_init_shell self:capability {
sys_module
net_admin
chown
fowner
fsetid
sys_admin
};
set_prop(vendor_qti_init_shell, vendor_ctl_netmgrd_prop)
set_prop(vendor_qti_init_shell, vendor_ctl_port-bridge_prop)
set_prop(vendor_qti_init_shell, vendor_ctl_qcrild_prop)
set_prop(vendor_qti_init_shell, vendor_ipacm-diag_prop)
set_prop(vendor_qti_init_shell, vendor_ipacm_prop)
set_prop(vendor_qti_init_shell, vendor_msm_irqbalance_prop)
set_prop(vendor_qti_init_shell, vendor_dataqti_prop)
set_prop(vendor_qti_init_shell, vendor_display_prop)
set_prop(vendor_qti_init_shell, vendor_alarm_boot_prop)
set_prop(vendor_qti_init_shell, vendor_gralloc_prop)
set_prop(vendor_qti_init_shell, vendor_usb_prop)
set_prop(vendor_qti_init_shell, vendor_system_prop)
set_prop(vendor_qti_init_shell, vendor_mpctl_prop)
set_prop(vendor_qti_init_shell, vendor_radio_prop)
set_prop(vendor_qti_init_shell, vendor_audio_prop)
get_prop(vendor_qti_init_shell, exported3_radio_prop)
set_prop(vendor_qti_init_shell, vendor_gpu_prop)
set_prop(vendor_qti_init_shell, vendor_sensors_prop)
allow vendor_qti_init_shell {
sysfs_devices_system_cpu
sysfs_lowmemorykiller
vendor_sysfs_mmc_host
vendor_sysfs_process_reclaim
}:file w_file_perms;
r_dir_file(vendor_qti_init_shell, sysfs_type)
r_dir_file(vendor_qti_init_shell, vendor_sysfs_devfreq)
allow vendor_qti_init_shell vendor_sysfs_devfreq:file w_file_perms;
allow vendor_qti_init_shell vendor_sysfs_soc:file write;
allow vendor_qti_init_shell sysfs:{ dir file lnk_file } relabelfrom;
allow vendor_qti_init_shell sysfs_devices_system_cpu: { dir file lnk_file } relabelto;
# To start sensors for DSPS enabled platforms
r_dir_file(vendor_qti_init_shell, mnt_vendor_file)
r_dir_file(vendor_qti_init_shell, vendor_persist_bluetooth_file)
allow vendor_qti_init_shell { proc proc_net}:file write;
allow vendor_qti_init_shell proc_net:file r_file_perms;
allow vendor_qti_init_shell graphics_device:dir create_dir_perms;
allow vendor_qti_init_shell graphics_device:lnk_file create_file_perms;
#insmod of ko from scripts need kernel key search
allow vendor_qti_init_shell kernel:key search;
allow vendor_qti_init_shell cgroup:dir add_name;
# To allow copy for mbn files
r_dir_file(vendor_qti_init_shell, firmware_file)
# /dev/block/zram0
allow vendor_qti_init_shell block_device:dir r_dir_perms;
allow vendor_qti_init_shell swap_block_device:blk_file rw_file_perms;
#For configfs permission
allow vendor_qti_init_shell configfs:dir r_dir_perms;
allow vendor_qti_init_shell configfs:file rw_file_perms;
#Allow /sys access to write zram disksize
allow vendor_qti_init_shell sysfs_zram:dir r_dir_perms;
allow vendor_qti_init_shell sysfs_zram:file rw_file_perms;
# To get GPU frequencies and set attributes
allow vendor_qti_init_shell vendor_sysfs_kgsl:file { r_file_perms setattr };
allow vendor_qti_init_shell proc:file r_file_perms;
allow vendor_qti_init_shell rootfs:file r_file_perms;
allow vendor_qti_init_shell vendor_radio_vendor_data_file:dir create_dir_perms;
allow vendor_qti_init_shell vendor_radio_vendor_data_file:file create_file_perms;
allow vendor_qti_init_shell vendor_mbn_data_file:dir create_dir_perms;
allow vendor_qti_init_shell vendor_mbn_data_file:file create_file_perms;
set_prop(vendor_qti_init_shell, vendor_ctl_vendor_hbtp_prop)
# rules for vm_bms
allow vendor_qti_init_shell {
vendor_sysfs_battery_supply
vendor_sysfs_usb_supply
vendor_sysfs_usbpd_device
}:dir r_dir_perms;
allow vendor_qti_init_shell {
vendor_sysfs_battery_supply
vendor_sysfs_usb_supply
vendor_sysfs_usbpd_device
}:file rw_file_perms;
allow vendor_qti_init_shell vendor_sysfs_battery_supply:file setattr;
allow vendor_qti_init_shell vendor_sysfs_usb_supply:file setattr;
allow vendor_qti_init_shell vendor_sysfs_usbpd_device:file setattr;
allow vendor_qti_init_shell sysfs_devices_system_cpu:file w_file_perms;
allow vendor_qti_init_shell vendor_sysfs_msm_power:file rw_file_perms;
allow vendor_qti_init_shell vendor_msm_irqbalanced_exec:file getattr;
set_prop(vendor_qti_init_shell, vendor_alarm_boot_prop)
set_prop(vendor_qti_init_shell, vendor_wifi_prop)
# To read /proc/meminfo
allow vendor_qti_init_shell proc_meminfo:file r_file_perms;
allow vendor_qti_init_shell vendor_sysfs_suspend:file w_file_perms;
# Set ro.vendor.qti.soc_id to soc_id in QCV init script
set_prop(vendor_qti_init_shell, vendor_soc_id_prop);
# Set ro.vendor.qti.soc_name to soc_name in QCV init script
set_prop(vendor_qti_init_shell, vendor_soc_name_prop);
# Get persist.console.silent.config for kernel console log level
get_prop(vendor_qti_init_shell, vendor_console_log_level_prop)
set_prop(vendor_qti_init_shell,vendor_dcvs_prop)

39
generic/vendor/common/ioctl_defines vendored
View File

@@ -1,39 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# socket ioctls
define(`RMNET_IOCTL_EXTENDED', `0x000089FD')
# socket ioctls defined in the kernel in include/uapi/linux/msm_ipc.h
define(`IPC_ROUTER_IOCTL_GET_VERSION', `0x0000c300')
define(`IPC_ROUTER_IOCTL_GET_MTU', `0x0000c301')
define(`IPC_ROUTER_IOCTL_LOOKUP_SERVER', `0x0000c302')
define(`IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE', `0x0000c303')
define(`IPC_ROUTER_IOCTL_BIND_CONTROL_PORT', `0x0000c304')
define(`IPC_ROUTER_IOCTL_CONFIG_SEC_RULES', `0x0000c305')
#mmc ioctls defined in the kernel in include/uapi/linux/mmc/ioctl.h
define(`MMC_IOC_MULTI_CMD', `0xc008b301')

93
generic/vendor/common/ioctl_macros vendored
View File

@@ -1,93 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
define(`gpu_ioctls', `{
IOCTL_KGSL_DEVICE_GETPROPERTY
IOCTL_KGSL_DEVICE_WAITTIMESTAMP_CTXTID
IOCTL_KGSL_DRAWCTXT_CREATE
IOCTL_KGSL_DRAWCTXT_DESTROY
IOCTL_KGSL_MAP_USER_MEM
IOCTL_KGSL_SHAREDMEM_FREE
IOCTL_KGSL_SETPROPERTY
IOCTL_KGSL_TIMESTAMP_EVENT
IOCTL_KGSL_PERFCOUNTER_GET
IOCTL_KGSL_PERFCOUNTER_PUT
IOCTL_KGSL_SYNCSOURCE_CREATE
IOCTL_KGSL_SYNCSOURCE_DESTROY
IOCTL_KGSL_SYNCSOURCE_CREATE_FENCE
IOCTL_KGSL_SYNCSOURCE_SIGNAL_FENCE
IOCTL_KGSL_GPUOBJ_ALLOC
IOCTL_KGSL_GPUOBJ_FREE
IOCTL_KGSL_GPUOBJ_INFO
IOCTL_KGSL_GPUOBJ_IMPORT
IOCTL_KGSL_GPUOBJ_SYNC
IOCTL_KGSL_GPU_COMMAND
}')
define(`msm_sock_ipc_ioctls', `{
IPC_ROUTER_IOCTL_GET_VERSION
IPC_ROUTER_IOCTL_GET_MTU
IPC_ROUTER_IOCTL_LOOKUP_SERVER
IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE
IPC_ROUTER_IOCTL_BIND_CONTROL_PORT
IPC_ROUTER_IOCTL_CONFIG_SEC_RULES
}')
define(`msm_sock_qrtr_ioctls', `{
TIOCOUTQ
}')
define(`rmnet_sock_ioctls', `{
SIOCDEVPRIVATE_1
SIOCDEVPRIVATE_2
SIOCDEVPRIVATE_3
SIOCDEVPRIVATE_4
SIOCDEVPRIVATE_5
SIOCDEVPRIVATE_6
SIOCDEVPRIVATE_7
SIOCDEVPRIVATE_8
SIOCDEVPRIVATE_9
SIOCDEVPRIVATE_A
SIOCDEVPRIVATE_B
SIOCDEVPRIVATE_C
SIOCDEVPRIVATE_D
}')
define(`wlan_sock_ioctls', `{
SIOCSIWPRIV
SIOCIWFIRSTPRIV_15
}')
define(`lowi_server_ioctls', `{
SIOCGIFINDEX
SIOCGIFHWADDR
SIOCGIFFLAGS
SIOCIWFIRSTPRIV_05
SIOCIWFIRSTPRIV_11
SIOCIWFIRSTPRIV_13
SIOCDEVPRIVATE_1
}')

69
generic/vendor/common/ipacm.te vendored
View File

@@ -1,69 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# General definitions
type vendor_ipacm, domain;
type vendor_ipacm-diag, domain;
type vendor_ipacm_exec, exec_type, vendor_file_type, file_type;
type vendor_ipacm-diag_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_ipacm)
init_daemon_domain(vendor_ipacm-diag)
# associate netdomain to use for accessing internet sockets
net_domain(vendor_ipacm)
hal_server_domain(vendor_ipacm, hal_tetheroffload)
userdebug_or_eng(`
# Allow using the logging file between vendor_ipacm and vendor_ipacm-diag
unix_socket_send(vendor_ipacm, vendor_ipacm, vendor_ipacm-diag)
')
# Allow operations with /dev/ipa, /dev/wwan_ioctl and /dev/ipaNatTable
allow hal_tetheroffload vendor_ipa_dev:chr_file rw_file_perms;
# Allow UDP socket create and ioctl
allow hal_tetheroffload self:udp_socket create_socket_perms;
allowxperm vendor_ipacm self:udp_socket ioctl SIOCGIFNAME;
# Allow receiving NETLINK messages
allow hal_tetheroffload self:netlink_route_socket { nlmsg_read nlmsg_readpriv create_socket_perms_no_ioctl };
# Allow receiving NETLINK messages
allow hal_tetheroffload self:{
netlink_socket
# Allow querying the network stack via IOCTLs
netlink_generic_socket
} create_socket_perms_no_ioctl;
# Allow creating and modifying the PID file
allow hal_tetheroffload vendor_ipa_vendor_data_file:dir w_dir_perms;
allow hal_tetheroffload vendor_ipa_vendor_data_file:file create_file_perms;
# To register vendor_ipacm to hwbinder
#add_hwservice(vendor_ipacm, hal_vendor_ipacm_hwservice)
#binder_call(vendor_ipacm, system_server)

33
generic/vendor/common/irsc_util.te vendored
View File

@@ -1,33 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_irsc_util, domain;
type vendor_irsc_util_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_irsc_util)
allow vendor_irsc_util self:socket create_socket_perms;
allowxperm vendor_irsc_util self:socket ioctl msm_sock_ipc_ioctls;

43
generic/vendor/common/kernel.te vendored
View File

@@ -1,43 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# for diag over socket
userdebug_or_eng(`
allow kernel self:socket create;
allow kernel self:qipcrtr_socket create;
allow kernel vendor_debugfs_wlan:dir search;
allow kernel vendor_debugfs_ipc:dir search;
allow kernel debugfs_mmc:dir search;
')
# Access firmware_file
r_dir_file(kernel, firmware_file)
# access vendor_firmware_file
r_dir_file(kernel, vendor_firmware_file)
dontaudit kernel kernel:system module_request;

99
generic/vendor/common/location.te vendored
View File

@@ -1,99 +0,0 @@
# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# generic/vendor_location.te - sepolicy rules for generic vendor_location modules
# loc_launcher service
# which launches various other services supporting GPS & Wifi-RTT (LOWI) vendor_location
type vendor_location, domain;
type vendor_location_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_location)
allow vendor_location self:capability { setgid setuid };
hwbinder_use(vendor_location)
get_prop(vendor_location, hwservicemanager_prop)
get_prop(vendor_location, vendor_cnd_prop)
#xtra-daemon access to qcc properties
get_prop(vendor_location, vendor_qcc_prop)
allow vendor_location fwk_sensor_hwservice:hwservice_manager find;
binder_call(vendor_location, system_server)
binder_call(vendor_location, vendor_cnd)
# Enable standard network access (for XTRA download)
net_domain(vendor_location)
# required for xtra-daemon, slim-daemon.
allow vendor_location self:qipcrtr_socket create_socket_perms_no_ioctl;
dontaudit vendor_location kernel:system module_request;
# execute permission for vendor_location daemons in /vendor/bin/
allow vendor_location vendor_location_exec:file rx_file_perms;
# /data/vendor/vendor_location
allow vendor_location vendor_location_data_file:dir create_dir_perms;
allow vendor_location vendor_location_data_file:file create_file_perms;
# /dev/socket/vendor_location
allow vendor_location vendor_location_socket:sock_file create_file_perms;
allow vendor_location vendor_location_socket:dir rw_dir_perms;
allow vendor_location vendor_hal_gnss_qti:unix_dgram_socket sendto;
# permission for read execute vendor_location daemons in userdebug mode.
userdebug_or_eng(`
allow shell vendor_location_exec:file rx_file_perms;
')
## lowi-server
##############
# some additional network access
allow vendor_location self:netlink_generic_socket create_socket_perms_no_ioctl;
allow vendor_location self:netlink_socket create_socket_perms_no_ioctl;
allowxperm vendor_location self:udp_socket ioctl lowi_server_ioctls;
allow vendor_location hal_wifi:unix_stream_socket { read write };
# /data/vendor/wifi
allow vendor_location vendor_wifi_vendor_data_file:dir search;
# /data/vendor/wifi/wpa
allow vendor_location wpa_data_file:dir rw_dir_perms;
allow vendor_location wpa_data_file:sock_file create_file_perms;
allow vendor_location hal_wifi_supplicant_default:unix_dgram_socket sendto;
# /dev/socket/wifihal
allow vendor_location vendor_wifihal_socket:dir search;
unix_socket_send(vendor_location, vendor_wifihal, hal_wifi_default);
## xtra-daemon
##############
allow vendor_location {vendor_hal_cacert_hwservice vendor_hal_datafactory_hwservice vendor_hal_cne_hwservice}:hwservice_manager find;
binder_call(vendor_location, vendor_qtidataservices_app)

74
generic/vendor/common/mdm_helper.te vendored
View File

@@ -1,74 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#Policy for vendor_mdm_helper
#vendor_mdm_helper - vendor_mdm_helper domain
type vendor_mdm_helper, domain;
type vendor_mdm_helper_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_mdm_helper);
#block_suspend capability is needed by kickstart(ks)
wakelock_use(vendor_mdm_helper)
#Needed to power on the peripheral
allow vendor_mdm_helper vendor_ssr_device:chr_file r_file_perms;
#Needed to access the esoc device to control the mdm
allow vendor_mdm_helper vendor_esoc_device:dir r_dir_perms;
allow vendor_mdm_helper vendor_esoc_device:chr_file rw_file_perms;
#Needed in order to run kickstart
allow vendor_mdm_helper vendor_shell_exec:file rx_file_perms;
allow vendor_mdm_helper vendor_mdm_helper_exec :file x_file_perms;
#Rampdump config
#
# User variant
# Probe for write access to vendor tombstones as the
# presense of tombstones on subsystem does not correlate
# to Android user/userdebug config
allow vendor_mdm_helper vendor_tombstone_data_file:dir r_dir_perms;
dontaudit vendor_mdm_helper vendor_tombstone_data_file:dir write;
# Userdebug/eng variant
userdebug_or_eng(`
allow vendor_mdm_helper vendor_tombstone_data_file:dir create_dir_perms;
allow vendor_mdm_helper vendor_tombstone_data_file:file create_file_perms;
')
#Ramdump config END
#Needed to kill its own forked process on efs sync
allow vendor_mdm_helper self:capability kill;
#Needed by ks in order to access the efs sync partitions.
allow vendor_mdm_helper block_device:dir r_dir_perms;
allow vendor_mdm_helper vendor_efs_boot_dev:blk_file rw_file_perms;
#Needed in order to access the firmware partition
r_dir_file(vendor_mdm_helper, firmware_file)
#Needed to allow boot over PCIe
allow vendor_mdm_helper vendor_mhi_device:chr_file rw_file_perms;

39
generic/vendor/common/mediacodec.te vendored
View File

@@ -1,39 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow mediacodec system_file:dir r_dir_perms;
userdebug_or_eng(`
allow mediacodec dumpstate:fd use;
')
#Allow mediacodec to access vendor_media_data_file files
allow mediacodec vendor_media_data_file:dir create_dir_perms;
allow mediacodec vendor_media_data_file:file create_file_perms;
#Allow mediacodec to access configstore
hal_client_domain(mediacodec, vendor_hal_capabilityconfigstore_qti)
#allow mediacodec to read adsprpc_prop
get_prop(mediacodec, vendor_adsprpc_prop)

40
generic/vendor/common/msm_irqbalanced.te vendored
View File

@@ -1,40 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_msm_irqbalanced, domain;
type vendor_msm_irqbalanced_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_msm_irqbalanced)
allow vendor_msm_irqbalanced cgroup:dir { create add_name };
allow vendor_msm_irqbalanced { proc sysfs_devices_system_cpu }:file w_file_perms;
# access smp_affinity
allow vendor_msm_irqbalanced proc:file r_file_perms;
allow vendor_msm_irqbalanced proc_interrupts:file r_file_perms;
allow vendor_msm_irqbalanced proc_stat:file r_file_perms;
# irq_blacklist_on
allow vendor_msm_irqbalanced vendor_sysfs_irqbalance:file r_file_perms;

28
generic/vendor/common/mtp.te vendored
View File

@@ -1,28 +0,0 @@
#Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
#met:
#* Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#* Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#* Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow mtp self:pppox_socket create_socket_perms_no_ioctl;

28
generic/vendor/common/netd.te vendored
View File

@@ -1,28 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
dontaudit netd kernel:system module_request;
dontaudit netd self:capability sys_module;

88
generic/vendor/common/netmgrd.te vendored
View File

@@ -1,88 +0,0 @@
# Copyright (c) 2018, 2020 The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_netmgrd, domain;
type vendor_netmgrd_exec, exec_type, vendor_file_type, file_type;
net_domain(vendor_netmgrd)
init_daemon_domain(vendor_netmgrd)
allow vendor_netmgrd vendor_netmgrd_socket:dir w_dir_perms;
allow vendor_netmgrd vendor_netmgrd_socket:sock_file create_file_perms;
allow vendor_netmgrd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write };
allow vendor_netmgrd self:netlink_generic_socket create_socket_perms_no_ioctl;
allow vendor_netmgrd self:netlink_route_socket nlmsg_write;
allow vendor_netmgrd self:netlink_socket create_socket_perms_no_ioctl;
allow vendor_netmgrd self:socket create_socket_perms;
allowxperm vendor_netmgrd self:socket ioctl msm_sock_ipc_ioctls;
allowxperm vendor_netmgrd self:udp_socket ioctl priv_sock_ioctls;
allow vendor_netmgrd self:tipc_socket { create_socket_perms_no_ioctl };
#Allow connections to qmipriod
unix_socket_connect(vendor_netmgrd, vendor_netmgrd, vendor_qmipriod);
allow vendor_netmgrd sysfs_net:dir r_dir_perms;
allow vendor_netmgrd sysfs_net:file rw_file_perms;
allow vendor_netmgrd vendor_sysfs_data:file r_file_perms;
wakelock_use(vendor_netmgrd)
#Allow netutils usage
domain_auto_trans(vendor_netmgrd, netutils_wrapper_exec, netutils_wrapper)
use_netutils(vendor_netmgrd)
#Allow diag logging
allow vendor_netmgrd vendor_sysfs_timestamp_switch:file { read open };
userdebug_or_eng(`
r_dir_file(vendor_netmgrd, vendor_sysfs_diag)
allow vendor_netmgrd vendor_debugfs_ipc:dir search;
')
#Ignore if device loading for private IOCTL failed
dontaudit vendor_netmgrd kernel:system { module_request };
allow vendor_netmgrd proc_net:file rw_file_perms;
allow vendor_netmgrd vendor_netmgr_data_file:dir rw_dir_perms;
allow vendor_netmgrd vendor_netmgr_data_file:file create_file_perms;
allow vendor_netmgrd vendor_netmgr_recovery_data_file:file create_file_perms;
allow vendor_netmgrd vendor_netmgr_recovery_data_file:dir rw_dir_perms;
get_prop(vendor_netmgrd, hwservicemanager_prop)
hwbinder_use(vendor_netmgrd)
binder_call(vendor_netmgrd, netd)
allow vendor_netmgrd system_net_netd_hwservice:hwservice_manager find;
# Allow netmgrd to use shsusrd properties
set_prop(vendor_netmgrd, vendor_data_shsusr_prop)
set_prop(vendor_netmgrd, vendor_data_qmipriod_prop)
allow vendor_netmgrd self:capability { net_admin net_raw setgid setpcap setuid kill };
allow vendor_netmgrd vendor_toolbox_exec:file rx_file_perms;
dontaudit vendor_netmgrd kernel:system module_request;
dontaudit vendor_netmgrd self:system module_request;

28
generic/vendor/common/netutils_wrapper.te vendored
View File

@@ -1,28 +0,0 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
dontaudit netutils_wrapper self:capability sys_module;
dontaudit netutils_wrapper system_file:dir write;

41
generic/vendor/common/pd_services.te vendored
View File

@@ -1,41 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_pd_mapper, domain;
type vendor_pd_mapper_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_pd_mapper);
allow vendor_pd_mapper self:capability { setgid setpcap setuid net_bind_service };
allow vendor_pd_mapper firmware_file:dir r_dir_perms;
allow vendor_pd_mapper firmware_file:file r_file_perms;
allow vendor_pd_mapper self:socket create_socket_perms;
allowxperm vendor_pd_mapper self:socket ioctl IPC_ROUTER_IOCTL_BIND_CONTROL_PORT;
allow vendor_pd_mapper vendor_sysfs_data:file r_file_perms;
get_prop(vendor_pd_mapper, vendor_pd_locater_dbg_prop)

36
generic/vendor/common/per_proxy.te vendored
View File

@@ -1,36 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Policy for /system/bin/pm-proxy
type vendor_per_proxy, domain;
type vendor_per_proxy_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_per_proxy)
allow vendor_per_proxy vendor_per_mgr_service:service_manager find;
vndbinder_use(vendor_per_proxy)
binder_call(vendor_per_proxy, vendor_per_mgr)

58
generic/vendor/common/peripheral_manager.te vendored
View File

@@ -1,58 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Policy for pm-service and pm-proxy
type vendor_per_mgr, domain;
type vendor_per_mgr_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_per_mgr);
add_service(vendor_per_mgr, vendor_per_mgr_service)
vndbinder_use(vendor_per_mgr)
binder_call(vendor_per_mgr, hal_gnss)
binder_call(vendor_per_mgr, vendor_per_proxy)
binder_call(vendor_per_mgr, vendor_wcnss_service)
binder_call(vendor_per_mgr, rild)
allow vendor_per_mgr self:capability net_bind_service;
allow vendor_per_mgr firmware_file:file r_file_perms;
allow vendor_per_mgr firmware_file:dir search;
allow vendor_per_mgr self:socket create_socket_perms;
allowxperm vendor_per_mgr self:socket ioctl msm_sock_ipc_ioctls;
allow vendor_per_mgr vendor_ssr_device:chr_file { open read };
# Needed by libmdmdetect to get subsystem info and to check their states
allow vendor_per_mgr vendor_sysfs_data:file r_file_perms;
# Set the peripheral state property
set_prop(vendor_per_mgr, vendor_per_mgr_state_prop);
userdebug_or_eng(`
allow vendor_per_mgr vendor_debugfs_ipc:dir search;
')

28
generic/vendor/common/platform_app.te vendored
View File

@@ -1,28 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#allow embms app to access vendor radio property
get_prop(radio, vendor_radio_prop)

54
generic/vendor/common/port-bridge.te vendored
View File

@@ -1,54 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_port-bridge, domain;
type vendor_port-bridge_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_port-bridge)
userdebug_or_eng(`
domain_auto_trans(shell, vendor_port-bridge_exec, vendor_netmgrd)
#domain_auto_trans(adbd, vendor_port-bridge_exec, netmgrd)
diag_use(vendor_port-bridge)
')
# Allow operations on different types of sockets
allow vendor_port-bridge vendor_port-bridge:netlink_kobject_uevent_socket { create bind read };
allow vendor_port-bridge {
# Allow operations on mhi transport
vendor_mhi_device
# Allow operations on ATCoP g-link transport
vendor_at_device
}:chr_file rw_file_perms;
#access ipa sysfs node
allow vendor_port-bridge vendor_sysfs_data:file r_file_perms;
allow vendor_port-bridge vendor_port_bridge_data_file:file create_file_perms;
allow vendor_port-bridge vendor_port_bridge_data_file:dir w_dir_perms;
allow vendor_port-bridge vendor_port-bridge_socket:dir w_dir_perms;
allow vendor_port-bridge vendor_port-bridge_socket:sock_file create_file_perms;

38
generic/vendor/common/power_off_alarm.te vendored
View File

@@ -1,38 +0,0 @@
# Copyright (c) 2017-2019 Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_power_off_alarm, domain;
type vendor_power_off_alarm_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_power_off_alarm)
allow vendor_power_off_alarm rtc_device:chr_file r_file_perms;
allow vendor_power_off_alarm kmsg_device:chr_file w_file_perms;
allow vendor_power_off_alarm self:capability2 wake_alarm;
set_prop(vendor_power_off_alarm, powerctl_prop)

51
generic/vendor/common/poweroffalarm_app.te vendored
View File

@@ -1,51 +0,0 @@
# Copyright (c) 2017-2019 The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_poweroffalarm_app, domain;
app_domain(vendor_poweroffalarm_app);
allow vendor_poweroffalarm_app app_api_service:service_manager find;
allow vendor_poweroffalarm_app mnt_vendor_file:dir r_dir_perms;
allow vendor_poweroffalarm_app vendor_persist_alarm_file:dir rw_dir_perms;
allow vendor_poweroffalarm_app vendor_persist_alarm_file:file create_file_perms;
hal_client_domain(vendor_poweroffalarm_app, vendor_hal_alarm_qti);
hal_client_domain(vendor_poweroffalarm_app, vendor_hal_perf);
binder_call(vendor_poweroffalarm_app, vendor_hal_alarm_qti_default);
allow vendor_poweroffalarm_app system_app_data_file:dir create_dir_perms;
allow vendor_poweroffalarm_app system_app_data_file:{ file lnk_file } create_file_perms;
allow vendor_poweroffalarm_app surfaceflinger_service:service_manager find;
allow vendor_poweroffalarm_app audioserver_service:service_manager find;
allow vendor_poweroffalarm_app mediaserver_service:service_manager find;
get_prop(vendor_poweroffalarm_app, vendor_alarm_boot_prop);
#get_prop(vendor_poweroffalarm_app, vendor_iop_prop)

32
generic/vendor/common/ppp.te vendored
View File

@@ -1,32 +0,0 @@
#Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
#met:
#* Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#* Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#* Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# allow VPN connection via L2TP
allow ppp mtp:pppox_socket rw_socket_perms;
# ioctls needed for VPN
allowxperm ppp mtp:pppox_socket ioctl ppp_ioctls;

32
generic/vendor/common/priv_app.te vendored
View File

@@ -1,32 +0,0 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
hal_client_domain(priv_app, vendor_hal_perf)
# TODO(b/123050471): this grants renderscript exec permissions to the
# priv_app domain
allow priv_app rs_exec:file rx_file_perms;

112
generic/vendor/common/property.te vendored
View File

@@ -1,112 +0,0 @@
# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
vendor_internal_prop(vendor_ctl_netmgrd_prop);
vendor_internal_prop(vendor_ctl_port-bridge_prop);
vendor_internal_prop(vendor_ctl_qcrild_prop);
vendor_restricted_prop(vendor_camera_prop);
vendor_restricted_prop(vendor_cnd_prop);
vendor_internal_prop(vendor_crash_cnt_prop);
vendor_internal_prop(vendor_crash_detect_prop);
vendor_restricted_prop(vendor_ims_prop);
vendor_internal_prop(vendor_ipacm_prop);
vendor_internal_prop(vendor_ipacm-diag_prop);
vendor_internal_prop(vendor_modem_diag_prop);
vendor_internal_prop(vendor_msm_irqbalance_prop);
vendor_restricted_prop(vendor_per_mgr_state_prop);
vendor_internal_prop(vendor_dataqti_prop);
vendor_internal_prop(vendor_dataqdp_prop);
vendor_internal_prop(vendor_ramdump_prop);
vendor_internal_prop(vendor_sensors_prop);
vendor_restricted_prop(vendor_tee_listener_prop);
vendor_restricted_prop(vendor_display_prop);
vendor_internal_prop(vendor_usb_prop);
vendor_restricted_prop(vendor_radio_prop);
#Needed for ubwc support
vendor_restricted_prop(vendor_gralloc_prop);
vendor_internal_prop(vendor_system_prop);
#imsrcsservice
vendor_restricted_prop(vendor_ctl_vendor_imsrcsservice_prop);
# HBTP
vendor_internal_prop(vendor_ctl_vendor_hbtp_prop);
# Bluetooth props
vendor_restricted_prop(vendor_bluetooth_prop);
#time service
vendor_internal_prop(vendor_time_service_prop);
# Audio props
vendor_restricted_prop(vendor_audio_prop);
# shsusrd props
vendor_restricted_prop(vendor_data_shsusr_prop);
vendor_restricted_prop(vendor_data_qmipriod_prop);
#ss-restart
vendor_internal_prop(vendor_ssr_prop);
#ss-services (PD)
vendor_internal_prop(vendor_pd_locater_dbg_prop);
#capabilityconfigstore hal (CCHAL)
vendor_internal_prop(vendor_cap_configstore_dbg_prop);
#rmt_storage
vendor_internal_prop(vendor_ctl_vendor_rmt_storage_prop);
vendor_restricted_prop(vendor_gpu_prop);
vendor_restricted_prop(vendor_public_vendor_default_prop);
# alarm property
vendor_restricted_prop(vendor_alarm_boot_prop);
#wlan-vendor prop
vendor_internal_prop(vendor_wifi_prop);
#qdcmss property
vendor_internal_prop(vendor_qdcmss_prop);
#adsprpc props
vendor_restricted_prop(vendor_adsprpc_prop);
# Wifi version recorder
vendor_internal_prop(vendor_wifi_version);
# QCV properties for storing soc_id and soc_name
vendor_internal_prop(vendor_soc_id_prop);
vendor_internal_prop(vendor_soc_name_prop);
#kernel console log level
vendor_internal_prop(vendor_console_log_level_prop)
vendor_internal_prop(vendor_dcvs_prop)

138
generic/vendor/common/property_contexts vendored
View File

@@ -1,138 +0,0 @@
# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
persist.vendor.service.bdroid. u:object_r:vendor_bluetooth_prop:s0
persist.vendor.bluetooth. u:object_r:vendor_bluetooth_prop:s0
ro.vendor.bluetooth. u:object_r:vendor_bluetooth_prop:s0
persist.vendor.bluetooth.a2dp. u:object_r:vendor_bluetooth_prop:s0
persist.vendor.qcom.bluetooth. u:object_r:vendor_bluetooth_prop:s0
vendor.qcom.bluetooth. u:object_r:vendor_bluetooth_prop:s0
vendor.wc_transport. u:object_r:vendor_bluetooth_prop:s0
ctl.vendor.msm_irqbalance u:object_r:vendor_msm_irqbalance_prop:s0
ctl.vendor.netmgrd u:object_r:vendor_ctl_netmgrd_prop:s0
ctl.vendor.port-bridge u:object_r:vendor_ctl_port-bridge_prop:s0
ctl.vendor.qcrild u:object_r:vendor_ctl_qcrild_prop:s0
ctl.vendor.ipacm u:object_r:vendor_ipacm_prop:s0
ctl.vendor.ipacm-diag u:object_r:vendor_ipacm-diag_prop:s0
ctl.vendor.dataqti u:object_r:vendor_dataqti_prop:s0
ctl.vendor.sensors u:object_r:vendor_sensors_prop:s0
persist.vendor.sensors. u:object_r:vendor_sensors_prop:s0
ro.vendor.sensors. u:object_r:vendor_sensors_prop:s0
vendor.audio. u:object_r:vendor_audio_prop:s0
vendor.voice. u:object_r:vendor_audio_prop:s0
persist.vendor.audio. u:object_r:vendor_audio_prop:s0
ro.vendor.audio. u:object_r:vendor_audio_prop:s0
ro.vendor.alarm_boot u:object_r:vendor_alarm_boot_prop:s0
ro.boot.alarmboot u:object_r:vendor_alarm_boot_prop:s0
vendor.debug.camera. u:object_r:vendor_camera_prop:s0
persist.vendor.camera. u:object_r:vendor_camera_prop:s0
persist.vendor.sys.crash_rcu u:object_r:vendor_ramdump_prop:s0
persist.vendor.sys.modem.diag. u:object_r:vendor_modem_diag_prop:s0
persist.vendor.sys.cnd u:object_r:vendor_cnd_prop:s0
persist.vendor.cne.feature u:object_r:vendor_cnd_prop:s0
persist.vendor.cnd.wqe u:object_r:vendor_cnd_prop:s0
persist.vendor.cne.logging.qxdm u:object_r:vendor_cnd_prop:s0
persist.vendor.crash.cnt u:object_r:vendor_crash_cnt_prop:s0
persist.vendor.crash.detect u:object_r:vendor_crash_detect_prop:s0
persist.vendor.data.dont_use_epc u:object_r:vendor_dataqdp_prop:s0
persist.vendor.data.dont_use_npflag u:object_r:vendor_dataqdp_prop:s0
persist.vendor.data.profile_update u:object_r:vendor_dataqdp_prop:s0
vendor.sys.listeners.registered u:object_r:vendor_tee_listener_prop:s0
vendor.sys.modem.diag. u:object_r:vendor_modem_diag_prop:s0
vendor.usb. u:object_r:vendor_usb_prop:s0
vendor.wlan.driver.version u:object_r:vendor_wifi_version:s0
vendor.wlan.firmware.version u:object_r:vendor_wifi_version:s0
persist.vendor.usb. u:object_r:vendor_usb_prop:s0
ro.vendor.usb. u:object_r:vendor_usb_prop:s0
vendor.display. u:object_r:vendor_display_prop:s0
ro.vendor.display. u:object_r:vendor_display_prop:s0
persist.vendor.display. u:object_r:vendor_display_prop:s0
vendor.gralloc. u:object_r:vendor_gralloc_prop:s0
vendor.peripheral. u:object_r:vendor_per_mgr_state_prop:s0
vendor.ims. u:object_r:vendor_ims_prop:s0
ro.vendor.build.software.version u:object_r:vendor_ims_prop:s0
persist.vendor.ims. u:object_r:vendor_ims_prop:s0
persist.vendor.qti.telephony.vt_cam_interface u:object_r:vendor_ims_prop:s0
ctl.vendor.imsrcsservice u:object_r:vendor_ctl_vendor_imsrcsservice_prop:s0
# HBTP
ctl.vendor.hbtp u:object_r:vendor_ctl_vendor_hbtp_prop:s0
#time service
persist.vendor.delta_time.enable u:object_r:vendor_time_service_prop:s0
vendor.debug.time_services.enable u:object_r:vendor_time_service_prop:s0
#Atel
persist.vendor.radio u:object_r:vendor_radio_prop:s0
vendor.radio u:object_r:vendor_radio_prop:s0
ro.vendor.ril. u:object_r:vendor_radio_prop:s0
ro.vendor.radio u:object_r:vendor_radio_prop:s0
persist.vendor.sys. u:object_r:vendor_system_prop:s0
#ss-restart
persist.vendor.ssr. u:object_r:vendor_ssr_prop:s0
#ss-services (PD)
persist.vendor.pd_locater_debug u:object_r:vendor_pd_locater_dbg_prop:s0
#capabilityconfigstore (CCHAL)
persist.vendor.cap_configstore_debug u:object_r:vendor_cap_configstore_dbg_prop:s0
#rmt_storage
ctl.vendor.rmt_storage u:object_r:vendor_ctl_vendor_rmt_storage_prop:s0
#GPU Available frequencies
vendor.gpu.available_frequencies u:object_r:vendor_gpu_prop:s0
# vendor_public_vendor_default_prop
ro.vendor.graphics.memory u:object_r:vendor_public_vendor_default_prop:s0
vendor.debug.egl.changepixelformat u:object_r:vendor_public_vendor_default_prop:s0
vendor.debug.prerotation.disable u:object_r:vendor_public_vendor_default_prop:s0
vendor.debug.egl.swapinterval u:object_r:vendor_public_vendor_default_prop:s0
vendor.debug.egl.profiler u:object_r:vendor_public_vendor_default_prop:s0
# shsusrd loading
persist.vendor.data.shsusr_load u:object_r:vendor_data_shsusr_prop:s0
persist.vendor.data.qmipriod_load u:object_r:vendor_data_qmipriod_prop:s0
#vendor-wlan
vendor.wlan. u:object_r:vendor_wifi_prop:s0
#qdcm socket service
vendor.display.qdcm_socket_service u:object_r:vendor_qdcmss_prop:s0
#vendor-adsprpc
vendor.fastrpc. u:object_r:vendor_adsprpc_prop:s0
# QCV properties for storing soc_id and soc_name
ro.vendor.qti.soc_id u:object_r:vendor_soc_id_prop:s0
ro.vendor.qti.soc_name u:object_r:vendor_soc_name_prop:s0
#kernel console log level
persist.console.silent.config u:object_r:vendor_console_log_level_prop:s0
vendor.dcvs.prop u:object_r:vendor_dcvs_prop:s0

39
generic/vendor/common/qdcm-ss.te vendored
View File

@@ -1,39 +0,0 @@
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_qdcm-ss, domain;
type vendor_qdcm-ss_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_qdcm-ss)
# Rule for IPC communication
allow vendor_qdcm-ss vendor_qdisplay_service:service_manager find;
vndbinder_use(vendor_qdcm-ss)
hal_client_domain(vendor_qdcm-ss, hal_graphics_composer)
# Allow adbd to connect to qdcm
unix_socket_connect(adbd, vendor_qdcmsocket, vendor_qdcm-ss);

41
generic/vendor/common/qlogd.te vendored
View File

@@ -1,41 +0,0 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_qlogd, domain;
type vendor_qlogd_exec, exec_type, vendor_file_type, file_type;
userdebug_or_eng(`
# make transition from init to its domain
init_daemon_domain(vendor_qlogd)
allow vendor_qlogd vendor_diag_device:chr_file rw_file_perms;
allow vendor_qlogd vendor_qlogd_exec:file rx_file_perms;
allow vendor_qlogd vendor_radio_vendor_data_file:file create_file_perms;
allow vendor_qlogd vendor_radio_vendor_data_file:dir create_dir_perms;
set_prop(vendor_qlogd, vendor_modem_diag_prop)
')

Some files were not shown because too many files have changed in this diff Show More