Add vendor prefix to below selinux attributes
- ssr_diag - per_mgr - pd_mapper - ssr_setup - subsystem_ramdump Change-Id: I8fc13dd5ebb912f318def6d35ad0f9083d6472fe
This commit is contained in:
Smita Ghosh
committed by
Gerrit - the friendly Code Review server
Gerrit - the friendly Code Review server
parent
292669470b
commit
5eb1d86002
12
vendor/common/file_contexts
vendored
12
vendor/common/file_contexts
vendored
@@ -80,12 +80,12 @@
|
||||
/vendor/bin/thermal-engine u:object_r:thermal-engine_exec:s0
|
||||
/vendor/bin/sensors.qcom u:object_r:sensors_exec:s0
|
||||
/vendor/bin/sensors.qti u:object_r:sensors_exec:s0
|
||||
/vendor/bin/ssr_setup u:object_r:ssr_setup_exec:s0
|
||||
/vendor/bin/ssr_diag u:object_r:ssr_diag_exec:s0
|
||||
/vendor/bin/pm-service u:object_r:per_mgr_exec:s0
|
||||
/vendor/bin/pm-proxy u:object_r:per_proxy_exec:s0
|
||||
/vendor/bin/ssr_setup u:object_r:vendor_ssr_setup_exec:s0
|
||||
/vendor/bin/ssr_diag u:object_r:vendor_ssr_diag_exec:s0
|
||||
/vendor/bin/pm-service u:object_r:vendor_per_mgr_exec:s0
|
||||
/vendor/bin/pm-proxy u:object_r:vendor_per_proxy_exec:s0
|
||||
/vendor/bin/qseecomd u:object_r:tee_exec:s0
|
||||
/vendor/bin/subsystem_ramdump u:object_r:subsystem_ramdump_exec:s0
|
||||
/vendor/bin/subsystem_ramdump u:object_r:vendor_subsystem_ramdump_exec:s0
|
||||
/vendor/bin/adsprpcd u:object_r:adsprpcd_exec:s0
|
||||
/vendor/bin/cdsprpcd u:object_r:cdsprpcd_exec:s0
|
||||
/vendor/bin/irsc_util u:object_r:irsc_util_exec:s0
|
||||
@@ -101,7 +101,7 @@
|
||||
/vendor/bin/loc_launcher u:object_r:location_exec:s0
|
||||
/vendor/bin/lowi-server u:object_r:location_exec:s0
|
||||
/vendor/bin/xtra-daemon u:object_r:location_exec:s0
|
||||
/vendor/bin/pd-mapper u:object_r:pd_mapper_exec:s0
|
||||
/vendor/bin/pd-mapper u:object_r:vendor_pd_mapper_exec:s0
|
||||
/vendor/bin/imsqmidaemon u:object_r:ims_exec:s0
|
||||
/vendor/bin/imsdatadaemon u:object_r:ims_exec:s0
|
||||
/vendor/bin/ims_rtp_daemon u:object_r:hal_imsrtp_exec:s0
|
||||
|
||||
4
vendor/common/hal_gnss_qti.te
vendored
4
vendor/common/hal_gnss_qti.te
vendored
@@ -12,8 +12,8 @@ vndbinder_use(hal_gnss_qti)
|
||||
allow hal_gnss_qti sysfs_soc:dir r_dir_perms;
|
||||
allow hal_gnss_qti sysfs_soc:file r_file_perms;
|
||||
|
||||
binder_call(hal_gnss_qti, per_mgr)
|
||||
allow hal_gnss_qti per_mgr_service:service_manager find;
|
||||
binder_call(hal_gnss_qti, vendor_per_mgr)
|
||||
allow hal_gnss_qti vendor_per_mgr_service:service_manager find;
|
||||
|
||||
# /data/vendor/location
|
||||
allow hal_gnss_qti location_data_file:fifo_file { open read setattr write };
|
||||
|
||||
20
vendor/common/pd_services.te
vendored
20
vendor/common/pd_services.te
vendored
@@ -1,15 +1,15 @@
|
||||
type pd_mapper, domain;
|
||||
type vendor_pd_mapper, domain;
|
||||
|
||||
type pd_mapper_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(pd_mapper);
|
||||
type vendor_pd_mapper_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(vendor_pd_mapper);
|
||||
|
||||
allow pd_mapper self:capability { setgid setpcap setuid net_bind_service };
|
||||
allow vendor_pd_mapper self:capability { setgid setpcap setuid net_bind_service };
|
||||
|
||||
allow pd_mapper firmware_file:dir r_dir_perms;
|
||||
allow pd_mapper firmware_file:file r_file_perms;
|
||||
allow vendor_pd_mapper firmware_file:dir r_dir_perms;
|
||||
allow vendor_pd_mapper firmware_file:file r_file_perms;
|
||||
|
||||
allow pd_mapper self:socket create_socket_perms;
|
||||
allowxperm pd_mapper self:socket ioctl IPC_ROUTER_IOCTL_BIND_CONTROL_PORT;
|
||||
allow vendor_pd_mapper self:socket create_socket_perms;
|
||||
allowxperm vendor_pd_mapper self:socket ioctl IPC_ROUTER_IOCTL_BIND_CONTROL_PORT;
|
||||
|
||||
allow pd_mapper sysfs_data:file r_file_perms;
|
||||
get_prop(pd_mapper, vendor_pd_locater_dbg_prop)
|
||||
allow vendor_pd_mapper sysfs_data:file r_file_perms;
|
||||
get_prop(vendor_pd_mapper, vendor_pd_locater_dbg_prop)
|
||||
|
||||
14
vendor/common/per_proxy.te
vendored
14
vendor/common/per_proxy.te
vendored
@@ -1,12 +1,12 @@
|
||||
# Policy for /system/bin/pm-proxy
|
||||
type per_proxy, domain;
|
||||
type per_proxy_exec, exec_type, vendor_file_type, file_type;
|
||||
type vendor_per_proxy, domain;
|
||||
type vendor_per_proxy_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(per_proxy)
|
||||
init_daemon_domain(vendor_per_proxy)
|
||||
|
||||
allow per_proxy per_mgr_service:service_manager find;
|
||||
allow vendor_per_proxy vendor_per_mgr_service:service_manager find;
|
||||
|
||||
r_dir_file(per_proxy, sysfs_ssr)
|
||||
r_dir_file(vendor_per_proxy, sysfs_ssr)
|
||||
|
||||
vndbinder_use(per_proxy)
|
||||
binder_call(per_proxy, per_mgr)
|
||||
vndbinder_use(vendor_per_proxy)
|
||||
binder_call(vendor_per_proxy, vendor_per_mgr)
|
||||
|
||||
38
vendor/common/peripheral_manager.te
vendored
38
vendor/common/peripheral_manager.te
vendored
@@ -1,32 +1,32 @@
|
||||
# Policy for pm-service and pm-proxy
|
||||
type per_mgr, domain;
|
||||
type per_mgr_exec, exec_type, vendor_file_type, file_type;
|
||||
type vendor_per_mgr, domain;
|
||||
type vendor_per_mgr_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(per_mgr);
|
||||
init_daemon_domain(vendor_per_mgr);
|
||||
|
||||
add_service(per_mgr, per_mgr_service)
|
||||
add_service(vendor_per_mgr, vendor_per_mgr_service)
|
||||
|
||||
vndbinder_use(per_mgr)
|
||||
binder_call(per_mgr, hal_gnss)
|
||||
binder_call(per_mgr, per_proxy)
|
||||
binder_call(per_mgr, wcnss_service)
|
||||
binder_call(per_mgr, rild)
|
||||
vndbinder_use(vendor_per_mgr)
|
||||
binder_call(vendor_per_mgr, hal_gnss)
|
||||
binder_call(vendor_per_mgr, vendor_per_proxy)
|
||||
binder_call(vendor_per_mgr, wcnss_service)
|
||||
binder_call(vendor_per_mgr, rild)
|
||||
|
||||
allow per_mgr self:capability net_bind_service;
|
||||
allow vendor_per_mgr self:capability net_bind_service;
|
||||
|
||||
allow per_mgr firmware_file:file r_file_perms;
|
||||
allow per_mgr firmware_file:dir search;
|
||||
allow vendor_per_mgr firmware_file:file r_file_perms;
|
||||
allow vendor_per_mgr firmware_file:dir search;
|
||||
|
||||
allow per_mgr self:socket create_socket_perms;
|
||||
allowxperm per_mgr self:socket ioctl msm_sock_ipc_ioctls;
|
||||
allow per_mgr ssr_device:chr_file { open read };
|
||||
allow vendor_per_mgr self:socket create_socket_perms;
|
||||
allowxperm vendor_per_mgr self:socket ioctl msm_sock_ipc_ioctls;
|
||||
allow vendor_per_mgr ssr_device:chr_file { open read };
|
||||
|
||||
# Needed by libmdmdetect to figure out the system configuration
|
||||
r_dir_file(per_mgr, sysfs_esoc)
|
||||
r_dir_file(vendor_per_mgr, sysfs_esoc)
|
||||
|
||||
# Needed by libmdmdetect to get subsystem info and to check their states
|
||||
r_dir_file(per_mgr, sysfs_ssr)
|
||||
allow per_mgr sysfs_data:file r_file_perms;
|
||||
r_dir_file(vendor_per_mgr, sysfs_ssr)
|
||||
allow vendor_per_mgr sysfs_data:file r_file_perms;
|
||||
|
||||
# Set the peripheral state property
|
||||
set_prop(per_mgr, per_mgr_state_prop);
|
||||
set_prop(vendor_per_mgr, vendor_per_mgr_state_prop);
|
||||
|
||||
2
vendor/common/property.te
vendored
2
vendor/common/property.te
vendored
@@ -15,7 +15,7 @@ type keymaster_prop, property_type;
|
||||
type modem_diag_prop, property_type;
|
||||
type msm_irqbalance_prop, property_type;
|
||||
type net_rmnet_prop, property_type;
|
||||
type per_mgr_state_prop, property_type;
|
||||
type vendor_per_mgr_state_prop, property_type;
|
||||
type post_boot_prop, property_type;
|
||||
type vendor_dataqti_prop, property_type;
|
||||
type ramdump_prop, property_type;
|
||||
|
||||
2
vendor/common/property_contexts
vendored
2
vendor/common/property_contexts
vendored
@@ -47,7 +47,7 @@ sys.qcom.thermalcfg u:object_r:thermal_prop:s0
|
||||
sys.time.set u:object_r:sys_time_prop:s0
|
||||
vendor.usb. u:object_r:vendor_usb_prop:s0
|
||||
persist.vendor.usb. u:object_r:vendor_usb_prop:s0
|
||||
vendor.peripheral. u:object_r:per_mgr_state_prop:s0
|
||||
vendor.peripheral. u:object_r:vendor_per_mgr_state_prop:s0
|
||||
vendor.ims. u:object_r:ims_prop:s0
|
||||
wc_transport. u:object_r:wc_prop:s0
|
||||
ctl.vendor.imsrcsservice u:object_r:ctl_vendor_imsrcsservice_prop:s0
|
||||
|
||||
4
vendor/common/rild.te
vendored
4
vendor/common/rild.te
vendored
@@ -1,4 +1,4 @@
|
||||
binder_call(rild, per_mgr)
|
||||
binder_call(rild, vendor_per_mgr)
|
||||
|
||||
vndbinder_use(rild)
|
||||
|
||||
@@ -7,7 +7,7 @@ unix_socket_connect(rild, netmgrd, netmgrd)
|
||||
|
||||
allow rild vendor_file:file { execute_no_trans lock ioctl };
|
||||
|
||||
allow rild per_mgr_service:service_manager find;
|
||||
allow rild vendor_per_mgr_service:service_manager find;
|
||||
|
||||
add_hwservice(rild, vnd_ims_radio_hwservice)
|
||||
add_hwservice(rild, vnd_qcrilhook_hwservice)
|
||||
|
||||
6
vendor/common/ssr_diag.te
vendored
6
vendor/common/ssr_diag.te
vendored
@@ -1,4 +1,4 @@
|
||||
type ssr_diag, domain;
|
||||
type ssr_diag_exec, exec_type, vendor_file_type, file_type;
|
||||
type vendor_ssr_diag, domain;
|
||||
type vendor_ssr_diag_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(ssr_diag);
|
||||
init_daemon_domain(vendor_ssr_diag);
|
||||
|
||||
18
vendor/common/ssr_setup.te
vendored
18
vendor/common/ssr_setup.te
vendored
@@ -1,16 +1,16 @@
|
||||
type ssr_setup, domain;
|
||||
type ssr_setup_exec, exec_type, vendor_file_type, file_type;
|
||||
type vendor_ssr_setup, domain;
|
||||
type vendor_ssr_setup_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(ssr_setup);
|
||||
init_daemon_domain(vendor_ssr_setup);
|
||||
|
||||
# Required to discover esoc's
|
||||
r_dir_file(ssr_setup, sysfs_esoc)
|
||||
r_dir_file(vendor_ssr_setup, sysfs_esoc)
|
||||
|
||||
# Required to enable/disable ssr
|
||||
r_dir_file(ssr_setup, sysfs_ssr)
|
||||
allow ssr_setup sysfs_ssr:lnk_file w_file_perms;
|
||||
allow ssr_setup sysfs_ssr_toggle:file rw_file_perms;
|
||||
r_dir_file(vendor_ssr_setup, sysfs_ssr)
|
||||
allow vendor_ssr_setup sysfs_ssr:lnk_file w_file_perms;
|
||||
allow vendor_ssr_setup sysfs_ssr_toggle:file rw_file_perms;
|
||||
|
||||
allow ssr_setup sysfs_data:file r_file_perms;
|
||||
allow vendor_ssr_setup sysfs_data:file r_file_perms;
|
||||
|
||||
get_prop(ssr_setup, vendor_ssr_prop)
|
||||
get_prop(vendor_ssr_setup, vendor_ssr_prop)
|
||||
|
||||
22
vendor/common/subsystem_ramdump.te
vendored
22
vendor/common/subsystem_ramdump.te
vendored
@@ -1,20 +1,20 @@
|
||||
type subsystem_ramdump_exec, exec_type, vendor_file_type, file_type;
|
||||
type vendor_subsystem_ramdump_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
userdebug_or_eng(`
|
||||
type subsystem_ramdump, domain;
|
||||
type vendor_subsystem_ramdump, domain;
|
||||
|
||||
init_daemon_domain(subsystem_ramdump);
|
||||
init_daemon_domain(vendor_subsystem_ramdump);
|
||||
|
||||
allow subsystem_ramdump device:dir r_dir_perms;
|
||||
allow subsystem_ramdump ramdump_device:chr_file r_file_perms;
|
||||
allow vendor_subsystem_ramdump device:dir r_dir_perms;
|
||||
allow vendor_subsystem_ramdump ramdump_device:chr_file r_file_perms;
|
||||
|
||||
r_dir_file(subsystem_ramdump, sysfs_type);
|
||||
r_dir_file(vendor_subsystem_ramdump, sysfs_type);
|
||||
|
||||
allow subsystem_ramdump ramdump_vendor_data_file:dir rw_dir_perms;
|
||||
allow subsystem_ramdump ramdump_vendor_data_file:file create_file_perms;
|
||||
allow vendor_subsystem_ramdump ramdump_vendor_data_file:dir rw_dir_perms;
|
||||
allow vendor_subsystem_ramdump ramdump_vendor_data_file:file create_file_perms;
|
||||
|
||||
set_prop(subsystem_ramdump, ssr_prop);
|
||||
set_prop(vendor_subsystem_ramdump, ssr_prop);
|
||||
|
||||
allow subsystem_ramdump vendor_mdmhelperdata_data_file:dir r_dir_perms;
|
||||
allow subsystem_ramdump vendor_mdmhelperdata_data_file:file r_file_perms;
|
||||
allow vendor_subsystem_ramdump vendor_mdmhelperdata_data_file:dir r_dir_perms;
|
||||
allow vendor_subsystem_ramdump vendor_mdmhelperdata_data_file:file r_file_perms;
|
||||
')
|
||||
|
||||
10
vendor/common/te_macros
vendored
10
vendor/common/te_macros
vendored
@@ -2,12 +2,12 @@
|
||||
## peripheral_manager
|
||||
## Allow clients to interact with peripheral
|
||||
## manager
|
||||
define(`use_per_mgr', `
|
||||
define(`use_vendor_per_mgr', `
|
||||
vndbinder_use($1);
|
||||
binder_call(per_mgr, $1);
|
||||
binder_call($1, per_mgr);
|
||||
allow $1 per_mgr_service:service_manager find;
|
||||
get_prop($1, per_mgr_state_prop);
|
||||
binder_call(vendor_per_mgr, $1);
|
||||
binder_call($1, vendor_per_mgr);
|
||||
allow $1 vendor_per_mgr_service:service_manager find;
|
||||
get_prop($1, vendor_per_mgr_state_prop);
|
||||
')
|
||||
|
||||
#####################################
|
||||
|
||||
2
vendor/common/vndservice.te
vendored
2
vendor/common/vndservice.te
vendored
@@ -1,2 +1,2 @@
|
||||
type qdisplay_service, vndservice_manager_type;
|
||||
type per_mgr_service, vndservice_manager_type;
|
||||
type vendor_per_mgr_service, vndservice_manager_type;
|
||||
|
||||
2
vendor/common/vndservice_contexts
vendored
2
vendor/common/vndservice_contexts
vendored
@@ -1,2 +1,2 @@
|
||||
display.qservice u:object_r:qdisplay_service:s0
|
||||
vendor.qcom.PeripheralManager u:object_r:per_mgr_service:s0
|
||||
vendor.qcom.PeripheralManager u:object_r:vendor_per_mgr_service:s0
|
||||
|
||||
4
vendor/common/wcnss_service.te
vendored
4
vendor/common/wcnss_service.te
vendored
@@ -5,9 +5,9 @@ init_daemon_domain(wcnss_service)
|
||||
net_domain(wcnss_service)
|
||||
|
||||
vndbinder_use(wcnss_service)
|
||||
binder_call(wcnss_service, per_mgr)
|
||||
binder_call(wcnss_service, vendor_per_mgr)
|
||||
|
||||
allow wcnss_service per_mgr_service:service_manager find;
|
||||
allow wcnss_service vendor_per_mgr_service:service_manager find;
|
||||
|
||||
allow wcnss_service vendor_shell_exec:file rx_file_perms;
|
||||
allow wcnss_service vendor_toolbox_exec:file rx_file_perms;
|
||||
|
||||
Reference in New Issue
Block a user