From 7c3d92dfcec649f478726a73241f73eb6a5c7938 Mon Sep 17 00:00:00 2001 From: Jaihind Yadav Date: Fri, 28 Jan 2022 20:41:11 +0530 Subject: [PATCH] creating 32.0.cil files and 32.0 prebuilt sepolicies. Change-Id: Ib92095628d41d2409ba951e01f0abd201338b30d --- append.sh | 2 +- generic/prebuilts/api/32.0/private/app.te | 33 ++ .../prebuilts/api/32.0/private/audioserver.te | 31 ++ .../prebuilts/api/32.0/private/bluetooth.te | 26 ++ .../prebuilts/api/32.0/private/bt_logger.te | 42 +++ .../api/32.0/private/cameraserver.te | 30 ++ .../api/32.0/private/compat/26.0/26.0.cil | 0 .../32.0/private/compat/26.0/26.0.compat.cil | 1 + .../32.0/private/compat/26.0/26.0.ignore.cil | 7 + .../api/32.0/private/compat/27.0/27.0.cil | 0 .../32.0/private/compat/27.0/27.0.compat.cil | 1 + .../32.0/private/compat/27.0/27.0.ignore.cil | 7 + .../api/32.0/private/compat/28.0/28.0.cil | 0 .../32.0/private/compat/28.0/28.0.compat.cil | 1 + .../32.0/private/compat/28.0/28.0.ignore.cil | 7 + .../api/32.0/private/compat/29.0/29.0.cil | 0 .../32.0/private/compat/29.0/29.0.compat.cil | 1 + .../32.0/private/compat/29.0/29.0.ignore.cil | 7 + .../api/32.0/private/compat/30.0/30.0.cil | 60 ++++ .../32.0/private/compat/30.0/30.0.compat.cil | 1 + .../32.0/private/compat/30.0/30.0.ignore.cil | 17 ++ .../api/32.0/private/compat/31.0/31.0.cil | 121 ++++++++ .../32.0/private/compat/31.0/31.0.compat.cil | 1 + .../32.0/private/compat/31.0/31.0.ignore.cil | 8 + .../api/32.0/private/dataservice_app.te | 55 ++++ generic/prebuilts/api/32.0/private/device.te | 30 ++ generic/prebuilts/api/32.0/private/domain.te | 29 ++ generic/prebuilts/api/32.0/private/dpmd.te | 75 +++++ .../prebuilts/api/32.0/private/dun-server.te | 40 +++ generic/prebuilts/api/32.0/private/file.te | 35 +++ .../prebuilts/api/32.0/private/file_contexts | 69 +++++ generic/prebuilts/api/32.0/private/fm_app.te | 40 +++ .../prebuilts/api/32.0/private/gmscore_app.te | 28 ++ .../api/32.0/private/hal_qccsyshalservice.te | 61 ++++ .../api/32.0/private/hwservice_contexts | 29 ++ .../prebuilts/api/32.0/private/ioctl_defines | 34 +++ .../prebuilts/api/32.0/private/ioctl_macros | 35 +++ generic/prebuilts/api/32.0/private/kernel.te | 29 ++ .../api/32.0/private/location_app.te | 56 ++++ .../api/32.0/private/mediaextractor.te | 29 ++ .../api/32.0/private/mediaprovider.te | 30 ++ .../prebuilts/api/32.0/private/mediaserver.te | 31 ++ generic/prebuilts/api/32.0/private/mmi_sys.te | 45 +++ .../api/32.0/private/mstatservice_app.te | 35 +++ .../api/32.0/private/network_stack.te | 28 ++ .../prebuilts/api/32.0/private/perfservice.te | 35 +++ .../api/32.0/private/platform_app.te | 60 ++++ .../prebuilts/api/32.0/private/priv_app.te | 35 +++ .../prebuilts/api/32.0/private/property.te | 50 +++ .../api/32.0/private/property_contexts | 96 ++++++ generic/prebuilts/api/32.0/private/qcc_app.te | 66 ++++ .../api/32.0/private/qcc_authmgr_app.te | 35 +++ .../api/32.0/private/qcc_lmtp_app.te | 63 ++++ .../api/32.0/private/qcc_netstat_app.te | 39 +++ generic/prebuilts/api/32.0/private/qcc_trd.te | 28 ++ .../api/32.0/private/qcc_utils_app.te | 49 +++ .../prebuilts/api/32.0/private/qdtservice.te | 37 +++ .../prebuilts/api/32.0/private/qesdkSystem.te | 39 +++ generic/prebuilts/api/32.0/private/qspmsvc.te | 36 +++ .../prebuilts/api/32.0/private/qtelephony.te | 50 +++ .../api/32.0/private/qti-testscripts.te | 100 ++++++ generic/prebuilts/api/32.0/private/radio.te | 33 ++ .../prebuilts/api/32.0/private/seapp_contexts | 82 +++++ .../prebuilts/api/32.0/private/seccam_app.te | 38 +++ generic/prebuilts/api/32.0/private/seempd.te | 46 +++ generic/prebuilts/api/32.0/private/service.te | 41 +++ .../api/32.0/private/service_contexts | 51 ++++ .../prebuilts/api/32.0/private/sigma-hal.te | 50 +++ .../prebuilts/api/32.0/private/smart_trace.te | 49 +++ .../api/32.0/private/surfaceflinger.te | 32 ++ generic/prebuilts/api/32.0/private/sxrauxd.te | 50 +++ .../prebuilts/api/32.0/private/system_app.te | 49 +++ .../api/32.0/private/system_server.te | 73 +++++ generic/prebuilts/api/32.0/private/tcmd.te | 42 +++ generic/prebuilts/api/32.0/private/te_macros | 43 +++ .../api/32.0/private/untrusted_app.te | 37 +++ .../api/32.0/private/untrusted_app_25.te | 28 ++ .../api/32.0/private/untrusted_app_27.te | 31 ++ .../api/32.0/private/untrusted_app_29.te | 30 ++ .../api/32.0/private/untrusted_app_all.te | 29 ++ .../32.0/private/vendor_hal_perf_allows.te | 29 ++ .../prebuilts/api/32.0/private/vendor_init.te | 32 ++ .../api/32.0/private/vendor_qconfig_app.te | 35 +++ .../api/32.0/private/vendor_wlc_app.te | 39 +++ .../prebuilts/api/32.0/private/voiceui_app.te | 44 +++ .../prebuilts/api/32.0/private/vpsservice.te | 45 +++ generic/prebuilts/api/32.0/private/wfd_app.te | 59 ++++ .../prebuilts/api/32.0/private/wfdservice.te | 74 +++++ .../prebuilts/api/32.0/private/wificond.te | 29 ++ .../prebuilts/api/32.0/private/xrcb_app.te | 38 +++ generic/prebuilts/api/32.0/private/zygote.te | 31 ++ generic/prebuilts/api/32.0/public/attributes | 285 ++++++++++++++++++ .../api/32.0/public/dataservice_app.te | 27 ++ generic/prebuilts/api/32.0/public/device.te | 28 ++ generic/prebuilts/api/32.0/public/domain.te | 28 ++ generic/prebuilts/api/32.0/public/dpmd.te | 28 ++ .../prebuilts/api/32.0/public/dun-server.te | 28 ++ generic/prebuilts/api/32.0/public/file.te | 31 ++ generic/prebuilts/api/32.0/public/fm_app.te | 28 ++ .../prebuilts/api/32.0/public/hwservice.te | 29 ++ .../prebuilts/api/32.0/public/location_app.te | 31 ++ generic/prebuilts/api/32.0/public/mmi_sys.te | 28 ++ .../prebuilts/api/32.0/public/perfservice.te | 28 ++ generic/prebuilts/api/32.0/public/property.te | 38 +++ generic/prebuilts/api/32.0/public/qcc_app.te | 28 ++ .../api/32.0/public/qcc_authmgr_app.te | 28 ++ .../prebuilts/api/32.0/public/qcc_lmtp_app.te | 28 ++ .../api/32.0/public/qcc_netstat_app.te | 28 ++ generic/prebuilts/api/32.0/public/qcc_trd.te | 28 ++ .../api/32.0/public/qcc_utils_app.te | 28 ++ generic/prebuilts/api/32.0/public/qspmsvc.te | 28 ++ generic/prebuilts/api/32.0/public/qvirtmgr.te | 28 ++ generic/prebuilts/api/32.0/public/qvrd.te | 28 ++ generic/prebuilts/api/32.0/public/seempd.te | 28 ++ generic/prebuilts/api/32.0/public/service.te | 29 ++ .../prebuilts/api/32.0/public/vpsservice.te | 28 ++ generic/prebuilts/api/32.0/public/wfd_app.te | 28 ++ .../prebuilts/api/32.0/public/wfdservice.te | 28 ++ .../api/32.0/system_ext_pub_versioned.cil | 82 +++++ .../prebuilts/api/32.0/vendor_sepolicy.cil | 1 + generic/private/compat/32.0/32.0.cil | 130 ++++++++ generic/private/compat/32.0/32.0.compat.cil | 1 + generic/private/compat/32.0/32.0.ignore.cil | 7 + .../api/32.0/private/compat/26.0/26.0.cil | 0 .../32.0/private/compat/26.0/26.0.compat.cil | 1 + .../32.0/private/compat/26.0/26.0.ignore.cil | 7 + .../api/32.0/private/compat/27.0/27.0.cil | 0 .../32.0/private/compat/27.0/27.0.compat.cil | 1 + .../32.0/private/compat/27.0/27.0.ignore.cil | 7 + .../api/32.0/private/compat/28.0/28.0.cil | 0 .../32.0/private/compat/28.0/28.0.compat.cil | 1 + .../32.0/private/compat/28.0/28.0.ignore.cil | 7 + .../api/32.0/private/compat/29.0/29.0.cil | 0 .../32.0/private/compat/29.0/29.0.compat.cil | 1 + .../32.0/private/compat/29.0/29.0.ignore.cil | 7 + .../api/32.0/private/compat/30.0/30.0.cil | 8 + .../32.0/private/compat/30.0/30.0.compat.cil | 1 + .../32.0/private/compat/30.0/30.0.ignore.cil | 7 + .../api/32.0/private/compat/31.0/31.0.cil | 13 + .../32.0/private/compat/31.0/31.0.compat.cil | 1 + .../32.0/private/compat/31.0/31.0.ignore.cil | 7 + .../prebuilts/api/32.0/private/file.te | 26 ++ .../prebuilts/api/32.0/private/file_contexts | 29 ++ .../api/32.0/private/hwservice_contexts | 29 ++ .../prebuilts/api/32.0/private/property.te | 27 ++ .../api/32.0/private/property_contexts | 27 ++ .../prebuilts/api/32.0/private/qcrosvm.te | 33 ++ .../prebuilts/api/32.0/private/qti-display.te | 34 +++ .../prebuilts/api/32.0/private/qvirtmgr.te | 39 +++ .../prebuilts/api/32.0/private/seapp_contexts | 47 +++ .../api/32.0/private/systemhelper_app.te | 40 +++ .../api/32.0/product_pub_versioned.cil | 11 + .../prebuilts/api/32.0/public/attributes | 30 ++ .../product/prebuilts/api/32.0/public/file.te | 26 ++ .../prebuilts/api/32.0/public/hwservice.te | 28 ++ .../prebuilts/api/32.0/public/property.te | 28 ++ .../prebuilts/api/32.0/public/qti-display.te | 34 +++ .../api/32.0/public/systemhelper_app.te | 28 ++ .../prebuilts/api/32.0/vendor_sepolicy.cil | 1 + generic/product/private/compat/32.0/32.0.cil | 13 + .../private/compat/32.0/32.0.compat.cil | 1 + .../private/compat/32.0/32.0.ignore.cil | 7 + prebuilts/api/32.0/plat_pub_versioned.cil | 1 + prebuilts/api/32.0/vendor_sepolicy.cil | 1 + 164 files changed, 5213 insertions(+), 1 deletion(-) create mode 100755 generic/prebuilts/api/32.0/private/app.te create mode 100644 generic/prebuilts/api/32.0/private/audioserver.te create mode 100644 generic/prebuilts/api/32.0/private/bluetooth.te create mode 100644 generic/prebuilts/api/32.0/private/bt_logger.te create mode 100644 generic/prebuilts/api/32.0/private/cameraserver.te create mode 100644 generic/prebuilts/api/32.0/private/compat/26.0/26.0.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/26.0/26.0.compat.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/27.0/27.0.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/27.0/27.0.compat.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/28.0/28.0.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/28.0/28.0.compat.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/29.0/29.0.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/29.0/29.0.compat.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil create mode 100755 generic/prebuilts/api/32.0/private/compat/30.0/30.0.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/30.0/30.0.compat.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/31.0/31.0.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/31.0/31.0.compat.cil create mode 100644 generic/prebuilts/api/32.0/private/compat/31.0/31.0.ignore.cil create mode 100755 generic/prebuilts/api/32.0/private/dataservice_app.te create mode 100644 generic/prebuilts/api/32.0/private/device.te create mode 100644 generic/prebuilts/api/32.0/private/domain.te create mode 100644 generic/prebuilts/api/32.0/private/dpmd.te create mode 100644 generic/prebuilts/api/32.0/private/dun-server.te create mode 100644 generic/prebuilts/api/32.0/private/file.te create mode 100644 generic/prebuilts/api/32.0/private/file_contexts create mode 100644 generic/prebuilts/api/32.0/private/fm_app.te create mode 100644 generic/prebuilts/api/32.0/private/gmscore_app.te create mode 100644 generic/prebuilts/api/32.0/private/hal_qccsyshalservice.te create mode 100644 generic/prebuilts/api/32.0/private/hwservice_contexts create mode 100644 generic/prebuilts/api/32.0/private/ioctl_defines create mode 100644 generic/prebuilts/api/32.0/private/ioctl_macros create mode 100644 generic/prebuilts/api/32.0/private/kernel.te create mode 100644 generic/prebuilts/api/32.0/private/location_app.te create mode 100644 generic/prebuilts/api/32.0/private/mediaextractor.te create mode 100644 generic/prebuilts/api/32.0/private/mediaprovider.te create mode 100644 generic/prebuilts/api/32.0/private/mediaserver.te create mode 100755 generic/prebuilts/api/32.0/private/mmi_sys.te create mode 100644 generic/prebuilts/api/32.0/private/mstatservice_app.te create mode 100644 generic/prebuilts/api/32.0/private/network_stack.te create mode 100644 generic/prebuilts/api/32.0/private/perfservice.te create mode 100755 generic/prebuilts/api/32.0/private/platform_app.te create mode 100755 generic/prebuilts/api/32.0/private/priv_app.te create mode 100644 generic/prebuilts/api/32.0/private/property.te create mode 100644 generic/prebuilts/api/32.0/private/property_contexts create mode 100644 generic/prebuilts/api/32.0/private/qcc_app.te create mode 100644 generic/prebuilts/api/32.0/private/qcc_authmgr_app.te create mode 100644 generic/prebuilts/api/32.0/private/qcc_lmtp_app.te create mode 100644 generic/prebuilts/api/32.0/private/qcc_netstat_app.te create mode 100644 generic/prebuilts/api/32.0/private/qcc_trd.te create mode 100644 generic/prebuilts/api/32.0/private/qcc_utils_app.te create mode 100644 generic/prebuilts/api/32.0/private/qdtservice.te create mode 100644 generic/prebuilts/api/32.0/private/qesdkSystem.te create mode 100644 generic/prebuilts/api/32.0/private/qspmsvc.te create mode 100644 generic/prebuilts/api/32.0/private/qtelephony.te create mode 100644 generic/prebuilts/api/32.0/private/qti-testscripts.te create mode 100644 generic/prebuilts/api/32.0/private/radio.te create mode 100644 generic/prebuilts/api/32.0/private/seapp_contexts create mode 100755 generic/prebuilts/api/32.0/private/seccam_app.te create mode 100644 generic/prebuilts/api/32.0/private/seempd.te create mode 100644 generic/prebuilts/api/32.0/private/service.te create mode 100644 generic/prebuilts/api/32.0/private/service_contexts create mode 100644 generic/prebuilts/api/32.0/private/sigma-hal.te create mode 100644 generic/prebuilts/api/32.0/private/smart_trace.te create mode 100644 generic/prebuilts/api/32.0/private/surfaceflinger.te create mode 100644 generic/prebuilts/api/32.0/private/sxrauxd.te create mode 100644 generic/prebuilts/api/32.0/private/system_app.te create mode 100644 generic/prebuilts/api/32.0/private/system_server.te create mode 100644 generic/prebuilts/api/32.0/private/tcmd.te create mode 100644 generic/prebuilts/api/32.0/private/te_macros create mode 100644 generic/prebuilts/api/32.0/private/untrusted_app.te create mode 100644 generic/prebuilts/api/32.0/private/untrusted_app_25.te create mode 100644 generic/prebuilts/api/32.0/private/untrusted_app_27.te create mode 100644 generic/prebuilts/api/32.0/private/untrusted_app_29.te create mode 100644 generic/prebuilts/api/32.0/private/untrusted_app_all.te create mode 100644 generic/prebuilts/api/32.0/private/vendor_hal_perf_allows.te create mode 100644 generic/prebuilts/api/32.0/private/vendor_init.te create mode 100644 generic/prebuilts/api/32.0/private/vendor_qconfig_app.te create mode 100644 generic/prebuilts/api/32.0/private/vendor_wlc_app.te create mode 100644 generic/prebuilts/api/32.0/private/voiceui_app.te create mode 100755 generic/prebuilts/api/32.0/private/vpsservice.te create mode 100644 generic/prebuilts/api/32.0/private/wfd_app.te create mode 100644 generic/prebuilts/api/32.0/private/wfdservice.te create mode 100644 generic/prebuilts/api/32.0/private/wificond.te create mode 100644 generic/prebuilts/api/32.0/private/xrcb_app.te create mode 100644 generic/prebuilts/api/32.0/private/zygote.te create mode 100644 generic/prebuilts/api/32.0/public/attributes create mode 100644 generic/prebuilts/api/32.0/public/dataservice_app.te create mode 100644 generic/prebuilts/api/32.0/public/device.te create mode 100644 generic/prebuilts/api/32.0/public/domain.te create mode 100644 generic/prebuilts/api/32.0/public/dpmd.te create mode 100644 generic/prebuilts/api/32.0/public/dun-server.te create mode 100644 generic/prebuilts/api/32.0/public/file.te create mode 100644 generic/prebuilts/api/32.0/public/fm_app.te create mode 100644 generic/prebuilts/api/32.0/public/hwservice.te create mode 100644 generic/prebuilts/api/32.0/public/location_app.te create mode 100755 generic/prebuilts/api/32.0/public/mmi_sys.te create mode 100644 generic/prebuilts/api/32.0/public/perfservice.te create mode 100644 generic/prebuilts/api/32.0/public/property.te create mode 100644 generic/prebuilts/api/32.0/public/qcc_app.te create mode 100644 generic/prebuilts/api/32.0/public/qcc_authmgr_app.te create mode 100644 generic/prebuilts/api/32.0/public/qcc_lmtp_app.te create mode 100644 generic/prebuilts/api/32.0/public/qcc_netstat_app.te create mode 100644 generic/prebuilts/api/32.0/public/qcc_trd.te create mode 100644 generic/prebuilts/api/32.0/public/qcc_utils_app.te create mode 100644 generic/prebuilts/api/32.0/public/qspmsvc.te create mode 100644 generic/prebuilts/api/32.0/public/qvirtmgr.te create mode 100644 generic/prebuilts/api/32.0/public/qvrd.te create mode 100644 generic/prebuilts/api/32.0/public/seempd.te create mode 100644 generic/prebuilts/api/32.0/public/service.te create mode 100755 generic/prebuilts/api/32.0/public/vpsservice.te create mode 100644 generic/prebuilts/api/32.0/public/wfd_app.te create mode 100644 generic/prebuilts/api/32.0/public/wfdservice.te create mode 100644 generic/prebuilts/api/32.0/system_ext_pub_versioned.cil create mode 100644 generic/prebuilts/api/32.0/vendor_sepolicy.cil create mode 100644 generic/private/compat/32.0/32.0.cil create mode 100644 generic/private/compat/32.0/32.0.compat.cil create mode 100644 generic/private/compat/32.0/32.0.ignore.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/26.0/26.0.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/26.0/26.0.compat.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/27.0/27.0.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/27.0/27.0.compat.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/28.0/28.0.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/28.0/28.0.compat.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/29.0/29.0.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/29.0/29.0.compat.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil create mode 100755 generic/product/prebuilts/api/32.0/private/compat/30.0/30.0.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/30.0/30.0.compat.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/31.0/31.0.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/31.0/31.0.compat.cil create mode 100644 generic/product/prebuilts/api/32.0/private/compat/31.0/31.0.ignore.cil create mode 100644 generic/product/prebuilts/api/32.0/private/file.te create mode 100644 generic/product/prebuilts/api/32.0/private/file_contexts create mode 100644 generic/product/prebuilts/api/32.0/private/hwservice_contexts create mode 100644 generic/product/prebuilts/api/32.0/private/property.te create mode 100644 generic/product/prebuilts/api/32.0/private/property_contexts create mode 100644 generic/product/prebuilts/api/32.0/private/qcrosvm.te create mode 100644 generic/product/prebuilts/api/32.0/private/qti-display.te create mode 100644 generic/product/prebuilts/api/32.0/private/qvirtmgr.te create mode 100644 generic/product/prebuilts/api/32.0/private/seapp_contexts create mode 100644 generic/product/prebuilts/api/32.0/private/systemhelper_app.te create mode 100644 generic/product/prebuilts/api/32.0/product_pub_versioned.cil create mode 100644 generic/product/prebuilts/api/32.0/public/attributes create mode 100644 generic/product/prebuilts/api/32.0/public/file.te create mode 100644 generic/product/prebuilts/api/32.0/public/hwservice.te create mode 100644 generic/product/prebuilts/api/32.0/public/property.te create mode 100644 generic/product/prebuilts/api/32.0/public/qti-display.te create mode 100644 generic/product/prebuilts/api/32.0/public/systemhelper_app.te create mode 100644 generic/product/prebuilts/api/32.0/vendor_sepolicy.cil create mode 100644 generic/product/private/compat/32.0/32.0.cil create mode 100644 generic/product/private/compat/32.0/32.0.compat.cil create mode 100644 generic/product/private/compat/32.0/32.0.ignore.cil create mode 100644 prebuilts/api/32.0/plat_pub_versioned.cil create mode 100644 prebuilts/api/32.0/vendor_sepolicy.cil diff --git a/append.sh b/append.sh index 6eadd1c4..ea042cf0 100755 --- a/append.sh +++ b/append.sh @@ -26,7 +26,7 @@ # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # -api_versions=(30.0 31.0) +api_versions=(30.0 31.0 32.0) dirpath=$(pwd) diff --git a/generic/prebuilts/api/32.0/private/app.te b/generic/prebuilts/api/32.0/private/app.te new file mode 100755 index 00000000..7d0464e6 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/app.te @@ -0,0 +1,33 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +get_prop(appdomain, vendor_persist_dpm_prop) +get_prop(appdomain, vendor_persist_rcs_prop) + +# vendor_persist_camera_prop is not used by 3rd party apps, so don't +# audit it to suppress the denials +dontaudit appdomain vendor_persist_camera_prop:file r_file_perms; diff --git a/generic/prebuilts/api/32.0/private/audioserver.te b/generic/prebuilts/api/32.0/private/audioserver.te new file mode 100644 index 00000000..4ef830df --- /dev/null +++ b/generic/prebuilts/api/32.0/private/audioserver.te @@ -0,0 +1,31 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +binder_call(audioserver,vendor_wfdservice); +binder_call(audioserver,vendor_sys_sxrauxd); +#allow access to ALSA MMAP FDs for AAudio API +allow audioserver audio_service:service_manager find; diff --git a/generic/prebuilts/api/32.0/private/bluetooth.te b/generic/prebuilts/api/32.0/private/bluetooth.te new file mode 100644 index 00000000..6110671c --- /dev/null +++ b/generic/prebuilts/api/32.0/private/bluetooth.te @@ -0,0 +1,26 @@ +# Copyright (c) 2020-2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/generic/prebuilts/api/32.0/private/bt_logger.te b/generic/prebuilts/api/32.0/private/bt_logger.te new file mode 100644 index 00000000..b7bb9b11 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/bt_logger.te @@ -0,0 +1,42 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_bt_logger, domain; +type vendor_bt_logger_exec, system_file_type, exec_type, file_type; +typeattribute vendor_bt_logger bluetoothdomain; +typeattribute vendor_bt_logger coredomain; + +init_daemon_domain(vendor_bt_logger) +bluetooth_domain(vendor_bt_logger) + +get_prop(vendor_bt_logger, bluetooth_prop) +allow bluetooth vendor_bt_logger:unix_stream_socket connectto; +allow vendor_bt_logger bluetooth:unix_stream_socket connectto; + +allow vendor_bt_logger bluetooth_data_file:dir search; +allow vendor_bt_logger bluetooth_logs_data_file:dir rw_dir_perms; +allow vendor_bt_logger bluetooth_logs_data_file:file create_file_perms; diff --git a/generic/prebuilts/api/32.0/private/cameraserver.te b/generic/prebuilts/api/32.0/private/cameraserver.te new file mode 100644 index 00000000..0a288d85 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/cameraserver.te @@ -0,0 +1,30 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +get_prop(cameraserver, vendor_persist_camera_prop) +#access to cameraservice apis by faceauth +hal_client_domain(cameraserver, hal_face) diff --git a/generic/prebuilts/api/32.0/private/compat/26.0/26.0.cil b/generic/prebuilts/api/32.0/private/compat/26.0/26.0.cil new file mode 100644 index 00000000..e69de29b diff --git a/generic/prebuilts/api/32.0/private/compat/26.0/26.0.compat.cil b/generic/prebuilts/api/32.0/private/compat/26.0/26.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/26.0/26.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil b/generic/prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil new file mode 100644 index 00000000..8b1a6fdf --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil @@ -0,0 +1,7 @@ +;;objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects)) diff --git a/generic/prebuilts/api/32.0/private/compat/27.0/27.0.cil b/generic/prebuilts/api/32.0/private/compat/27.0/27.0.cil new file mode 100644 index 00000000..e69de29b diff --git a/generic/prebuilts/api/32.0/private/compat/27.0/27.0.compat.cil b/generic/prebuilts/api/32.0/private/compat/27.0/27.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/27.0/27.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil b/generic/prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil new file mode 100644 index 00000000..aa501306 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil @@ -0,0 +1,7 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects)) diff --git a/generic/prebuilts/api/32.0/private/compat/28.0/28.0.cil b/generic/prebuilts/api/32.0/private/compat/28.0/28.0.cil new file mode 100644 index 00000000..e69de29b diff --git a/generic/prebuilts/api/32.0/private/compat/28.0/28.0.compat.cil b/generic/prebuilts/api/32.0/private/compat/28.0/28.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/28.0/28.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil b/generic/prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil new file mode 100644 index 00000000..aa501306 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil @@ -0,0 +1,7 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects)) diff --git a/generic/prebuilts/api/32.0/private/compat/29.0/29.0.cil b/generic/prebuilts/api/32.0/private/compat/29.0/29.0.cil new file mode 100644 index 00000000..e69de29b diff --git a/generic/prebuilts/api/32.0/private/compat/29.0/29.0.compat.cil b/generic/prebuilts/api/32.0/private/compat/29.0/29.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/29.0/29.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil b/generic/prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil new file mode 100644 index 00000000..ac26de09 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil @@ -0,0 +1,7 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi test +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects)) diff --git a/generic/prebuilts/api/32.0/private/compat/30.0/30.0.cil b/generic/prebuilts/api/32.0/private/compat/30.0/30.0.cil new file mode 100755 index 00000000..3dd4c2dd --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/30.0/30.0.cil @@ -0,0 +1,60 @@ +(typeattributeset vendor_persist_camera_prop_30_0 (vendor_persist_camera_prop)) +(expandtypeattribute (vendor_persist_camera_prop_30_0) true) +(typeattributeset vendor_usta_app_service_30_0 (vendor_usta_app_service)) +(expandtypeattribute (vendor_usta_app_service_30_0) true) +(typeattributeset vendor_qvrd_30_0 (vendor_qvrd)) +(expandtypeattribute (vendor_qvrd_30_0) true) +(typeattributeset vendor_qtelephony_30_0 (vendor_qtelephony)) +(expandtypeattribute (vendor_qtelephony_30_0) true) +(typeattributeset vendor_qcc_trd_30_0 (vendor_qcc_trd)) +(expandtypeattribute (vendor_qcc_trd_30_0) true) +(typeattributeset vendor_dataservice_app_30_0 (vendor_dataservice_app)) +(expandtypeattribute (vendor_dataservice_app_30_0) true) +(typeattributeset vendor_seempd_30_0 (vendor_seempd)) +(expandtypeattribute (vendor_seempd_30_0) true) +(typeattributeset vendor_qcc_utils_app_30_0 (vendor_qcc_utils_app)) +(expandtypeattribute (vendor_qcc_utils_app_30_0) true) +(typeattributeset vendor_dpmtcm_socket_30_0 (vendor_dpmtcm_socket)) +(expandtypeattribute (vendor_dpmtcm_socket_30_0) true) +(typeattributeset vendor_sys_video_prop_30_0 (vendor_sys_video_prop)) +(expandtypeattribute (vendor_sys_video_prop_30_0) true) +(typeattributeset vendor_qcc_app_30_0 (vendor_qcc_app)) +(expandtypeattribute (vendor_qcc_app_30_0) true) +(typeattributeset vendor_wfd_app_30_0 (vendor_wfd_app)) +(expandtypeattribute (vendor_wfd_app_30_0) true) +(typeattributeset vendor_bt_prop_30_0 (vendor_bt_prop)) +(expandtypeattribute (vendor_bt_prop_30_0) true) +(typeattributeset vendor_mmi_sys_30_0 (vendor_mmi_sys)) +(expandtypeattribute (vendor_mmi_sys_30_0) true) +(typeattributeset vendor_qspmsvc_30_0 (vendor_qspmsvc)) +(expandtypeattribute (vendor_qspmsvc_30_0) true) +(typeattributeset vendor_dpmd_30_0 (vendor_dpmd)) +(expandtypeattribute (vendor_dpmd_30_0) true) +(typeattributeset vendor_qccsyshal_hwservice_30_0 (vendor_qccsyshal_hwservice)) +(expandtypeattribute (vendor_qccsyshal_hwservice_30_0) true) +(typeattributeset vendor_vpsservice_30_0 (vendor_vpsservice)) +(expandtypeattribute (vendor_vpsservice_30_0) true) +(typeattributeset vendor_wfdservice_30_0 (vendor_wfdservice)) +(expandtypeattribute (vendor_wfdservice_30_0) true) +(typeattributeset vendor_hal_atfwd_hwservice_30_0 (vendor_hal_atfwd_hwservice)) +(expandtypeattribute (vendor_hal_atfwd_hwservice_30_0) true) +(typeattributeset vendor_smcinvoke_device_30_0 (vendor_smcinvoke_device)) +(expandtypeattribute (vendor_smcinvoke_device_30_0) true) +(typeattributeset vendor_persist_dpm_prop_30_0 (vendor_persist_dpm_prop)) +(expandtypeattribute (vendor_persist_dpm_prop_30_0) true) +(typeattributeset vendor_dun-server_30_0 (vendor_dun-server)) +(expandtypeattribute (vendor_dun-server_30_0) true) +(typeattributeset vendor_wlc_prop_30_0 (vendor_wlc_prop)) +(expandtypeattribute (vendor_wlc_prop_30_0) true) +(typeattributeset vendor_elabel_data_file_30_0 (vendor_elabel_data_file)) +(expandtypeattribute (vendor_elabel_data_file_30_0) true) +(typeattributeset vendor_fm_app_30_0 (vendor_fm_app)) +(expandtypeattribute (vendor_fm_app_30_0) true) +(typeattributeset vendor_perfservice_30_0 (vendor_perfservice)) +(expandtypeattribute (vendor_perfservice_30_0) true) +(typeattributeset vendor_sigmahal_hwservice_30_0 (vendor_sigmahal_hwservice)) +(expandtypeattribute (vendor_sigmahal_hwservice_30_0) true) +(typeattributeset vendor_location_app_30_0 (vendor_location_app)) +(expandtypeattribute (vendor_location_app_30_0) true) +(typeattributeset vendor_seempdw_socket_30_0 (vendor_seempdw_socket)) +(expandtypeattribute (vendor_seempdw_socket_30_0) true) diff --git a/generic/prebuilts/api/32.0/private/compat/30.0/30.0.compat.cil b/generic/prebuilts/api/32.0/private/compat/30.0/30.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/30.0/30.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil b/generic/prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil new file mode 100644 index 00000000..efe269fe --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil @@ -0,0 +1,17 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi test +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects + vendor_hal_displayconfig_service + vendor_hal_telephony_service + vendor_mm_parser_prop + vendor_persist_tcm_prop + vendor_persist_rcs_prop + vendor_qvirtmgr + vendor_qesdk_service + vendor_qcc_authmgr_app + vendor_qcc_netstat_app + vendor_qcc_lmtp_app)) diff --git a/generic/prebuilts/api/32.0/private/compat/31.0/31.0.cil b/generic/prebuilts/api/32.0/private/compat/31.0/31.0.cil new file mode 100644 index 00000000..fa395d89 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/31.0/31.0.cil @@ -0,0 +1,121 @@ +(typeattributeset vendor_persist_camera_prop_31_0 (vendor_persist_camera_prop)) +(expandtypeattribute (vendor_persist_camera_prop_31_0) true) +(typeattribute vendor_persist_camera_prop_31_0) +(typeattributeset vendor_usta_app_service_31_0 (vendor_usta_app_service)) +(expandtypeattribute (vendor_usta_app_service_31_0) true) +(typeattribute vendor_usta_app_service_31_0) +(typeattributeset vendor_qvrd_31_0 (vendor_qvrd)) +(expandtypeattribute (vendor_qvrd_31_0) true) +(typeattribute vendor_qvrd_31_0) +(typeattributeset vendor_qtelephony_31_0 (vendor_qtelephony)) +(expandtypeattribute (vendor_qtelephony_31_0) true) +(typeattribute vendor_qtelephony_31_0) +(typeattributeset vendor_qcc_trd_31_0 (vendor_qcc_trd)) +(expandtypeattribute (vendor_qcc_trd_31_0) true) +(typeattribute vendor_qcc_trd_31_0) +(typeattributeset vendor_dataservice_app_31_0 (vendor_dataservice_app)) +(expandtypeattribute (vendor_dataservice_app_31_0) true) +(typeattribute vendor_dataservice_app_31_0) +(typeattributeset vendor_seempd_31_0 (vendor_seempd)) +(expandtypeattribute (vendor_seempd_31_0) true) +(typeattribute vendor_seempd_31_0) +(typeattributeset vendor_qcc_authmgr_app_31_0 (vendor_qcc_authmgr_app)) +(expandtypeattribute (vendor_qcc_authmgr_app_31_0) true) +(typeattribute vendor_qcc_authmgr_app_31_0) +(typeattributeset vendor_qcc_lmtp_app_31_0 (vendor_qcc_lmtp_app)) +(expandtypeattribute (vendor_qcc_lmtp_app_31_0) true) +(typeattribute vendor_qcc_lmtp_app_31_0) +(typeattributeset vendor_qcc_utils_app_31_0 (vendor_qcc_utils_app)) +(expandtypeattribute (vendor_qcc_utils_app_31_0) true) +(typeattribute vendor_qcc_utils_app_31_0) +(typeattributeset vendor_qvirtmgr_31_0 (vendor_qvirtmgr)) +(expandtypeattribute (vendor_qvirtmgr_31_0) true) +(typeattribute vendor_qvirtmgr_31_0) +(typeattributeset vendor_dpmtcm_socket_31_0 (vendor_dpmtcm_socket)) +(expandtypeattribute (vendor_dpmtcm_socket_31_0) true) +(typeattribute vendor_dpmtcm_socket_31_0) +(typeattributeset vendor_sys_video_prop_31_0 (vendor_sys_video_prop)) +(expandtypeattribute (vendor_sys_video_prop_31_0) true) +(typeattribute vendor_sys_video_prop_31_0) +(typeattributeset vendor_qcc_app_31_0 (vendor_qcc_app)) +(expandtypeattribute (vendor_qcc_app_31_0) true) +(typeattribute vendor_qcc_app_31_0) +(typeattributeset vendor_wfd_app_31_0 (vendor_wfd_app)) +(expandtypeattribute (vendor_wfd_app_31_0) true) +(typeattribute vendor_wfd_app_31_0) +(typeattributeset vendor_bt_prop_31_0 (vendor_bt_prop)) +(expandtypeattribute (vendor_bt_prop_31_0) true) +(typeattribute vendor_bt_prop_31_0) +(typeattributeset vendor_mmi_sys_31_0 (vendor_mmi_sys)) +(expandtypeattribute (vendor_mmi_sys_31_0) true) +(typeattribute vendor_mmi_sys_31_0) +(typeattributeset vendor_qspmsvc_31_0 (vendor_qspmsvc)) +(expandtypeattribute (vendor_qspmsvc_31_0) true) +(typeattribute vendor_qspmsvc_31_0) +(typeattributeset vendor_dpmd_31_0 (vendor_dpmd)) +(expandtypeattribute (vendor_dpmd_31_0) true) +(typeattribute vendor_dpmd_31_0) +(typeattributeset vendor_qccsyshal_hwservice_31_0 (vendor_qccsyshal_hwservice)) +(expandtypeattribute (vendor_qccsyshal_hwservice_31_0) true) +(typeattribute vendor_qccsyshal_hwservice_31_0) +(typeattributeset vendor_vpsservice_31_0 (vendor_vpsservice)) +(expandtypeattribute (vendor_vpsservice_31_0) true) +(typeattribute vendor_vpsservice_31_0) +(typeattributeset vendor_wfdservice_31_0 (vendor_wfdservice)) +(expandtypeattribute (vendor_wfdservice_31_0) true) +(typeattribute vendor_wfdservice_31_0) +(typeattributeset vendor_hal_atfwd_hwservice_31_0 (vendor_hal_atfwd_hwservice)) +(expandtypeattribute (vendor_hal_atfwd_hwservice_31_0) true) +(typeattribute vendor_hal_atfwd_hwservice_31_0) +(typeattributeset vendor_smcinvoke_device_31_0 (vendor_smcinvoke_device)) +(expandtypeattribute (vendor_smcinvoke_device_31_0) true) +(typeattribute vendor_smcinvoke_device_31_0) +(typeattributeset vendor_persist_rcs_prop_31_0 (vendor_persist_rcs_prop)) +(expandtypeattribute (vendor_persist_rcs_prop_31_0) true) +(typeattribute vendor_persist_rcs_prop_31_0) +(typeattributeset vendor_persist_tcm_prop_31_0 (vendor_persist_tcm_prop)) +(expandtypeattribute (vendor_persist_tcm_prop_31_0) true) +(typeattribute vendor_persist_tcm_prop_31_0) +(typeattributeset vendor_persist_dpm_prop_31_0 (vendor_persist_dpm_prop)) +(expandtypeattribute (vendor_persist_dpm_prop_31_0) true) +(typeattribute vendor_persist_dpm_prop_31_0) +(typeattributeset vendor_dun-server_31_0 (vendor_dun-server)) +(expandtypeattribute (vendor_dun-server_31_0) true) +(typeattribute vendor_dun-server_31_0) +(typeattributeset vendor_qesdk_service_31_0 (vendor_qesdk_service)) +(expandtypeattribute (vendor_qesdk_service_31_0) true) +(typeattribute vendor_qesdk_service_31_0) +(typeattributeset vendor_mm_parser_prop_31_0 (vendor_mm_parser_prop)) +(expandtypeattribute (vendor_mm_parser_prop_31_0) true) +(typeattribute vendor_mm_parser_prop_31_0) +(typeattributeset vendor_hal_displayconfig_service_31_0 (vendor_hal_displayconfig_service)) +(expandtypeattribute (vendor_hal_displayconfig_service_31_0) true) +(typeattribute vendor_hal_displayconfig_service_31_0) +(typeattributeset vendor_hal_telephony_service_31_0 (vendor_hal_telephony_service)) +(expandtypeattribute (vendor_hal_telephony_service_31_0) true) +(typeattribute vendor_hal_telephony_service_31_0) +(typeattributeset vendor_qcc_netstat_app_31_0 (vendor_qcc_netstat_app)) +(expandtypeattribute (vendor_qcc_netstat_app_31_0) true) +(typeattribute vendor_qcc_netstat_app_31_0) +(typeattributeset vendor_wlc_prop_31_0 (vendor_wlc_prop)) +(expandtypeattribute (vendor_wlc_prop_31_0) true) +(typeattribute vendor_wlc_prop_31_0) +(typeattributeset vendor_elabel_data_file_31_0 (vendor_elabel_data_file)) +(expandtypeattribute (vendor_elabel_data_file_31_0) true) +(typeattribute vendor_elabel_data_file_31_0) +(typeattributeset vendor_fm_app_31_0 (vendor_fm_app)) +(expandtypeattribute (vendor_fm_app_31_0) true) +(typeattribute vendor_fm_app_31_0) +(typeattributeset vendor_perfservice_31_0 (vendor_perfservice)) +(expandtypeattribute (vendor_perfservice_31_0) true) +(typeattribute vendor_perfservice_31_0) +(typeattributeset vendor_sigmahal_hwservice_31_0 (vendor_sigmahal_hwservice)) +(expandtypeattribute (vendor_sigmahal_hwservice_31_0) true) +(typeattribute vendor_sigmahal_hwservice_31_0) +(typeattributeset vendor_location_app_31_0 (vendor_location_app)) +(expandtypeattribute (vendor_location_app_31_0) true) +(typeattribute vendor_location_app_31_0) +(typeattributeset vendor_seempdw_socket_31_0 (vendor_seempdw_socket)) +(expandtypeattribute (vendor_seempdw_socket_31_0) true) +(typeattribute vendor_seempdw_socket_31_0) + diff --git a/generic/prebuilts/api/32.0/private/compat/31.0/31.0.compat.cil b/generic/prebuilts/api/32.0/private/compat/31.0/31.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/31.0/31.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/prebuilts/api/32.0/private/compat/31.0/31.0.ignore.cil b/generic/prebuilts/api/32.0/private/compat/31.0/31.0.ignore.cil new file mode 100644 index 00000000..6f2a2f69 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/compat/31.0/31.0.ignore.cil @@ -0,0 +1,8 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi test +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects + vendor_wlc_public_prop)) diff --git a/generic/prebuilts/api/32.0/private/dataservice_app.te b/generic/prebuilts/api/32.0/private/dataservice_app.te new file mode 100755 index 00000000..f2dce4a2 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/dataservice_app.te @@ -0,0 +1,55 @@ +# Copyright (c) 2017-2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute vendor_dataservice_app coredomain; +typeattribute vendor_dataservice_app mlstrustedsubject; +app_domain(vendor_dataservice_app) +net_domain(vendor_dataservice_app) + +add_service(vendor_dataservice_app, vendor_cne_service) +add_service(vendor_dataservice_app, vendor_dpmservice) +add_service(vendor_dataservice_app, uce_service) +allow vendor_dataservice_app { + app_api_service + system_api_service + audioserver_service + radio_service +}:service_manager find; + +allow vendor_dataservice_app radio_data_file:dir create_dir_perms; +allow vendor_dataservice_app radio_data_file:{ file lnk_file } create_file_perms; + +hwbinder_use(vendor_dataservice_app) + +add_service(vendor_dataservice_app, vendor_dpmservice) +allow vendor_dataservice_app system_app_data_file:dir create_dir_perms; +allow vendor_dataservice_app vendor_dpmd_socket:sock_file write; +allow vendor_dataservice_app vendor_dpmd_data_file:dir rw_dir_perms; +allow vendor_dataservice_app vendor_dpmd_data_file:file create_file_perms; +unix_socket_connect(vendor_dataservice_app,vendor_dpmd,vendor_dpmd); +set_prop(vendor_dataservice_app, vendor_persist_dpm_prop) +set_prop(vendor_dataservice_app, vendor_persist_rcs_prop) diff --git a/generic/prebuilts/api/32.0/private/device.te b/generic/prebuilts/api/32.0/private/device.te new file mode 100644 index 00000000..f83f890f --- /dev/null +++ b/generic/prebuilts/api/32.0/private/device.te @@ -0,0 +1,30 @@ +# Copyright (c) 2015, 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +#Define smd7 device +type vendor_smd7_device, dev_type; diff --git a/generic/prebuilts/api/32.0/private/domain.te b/generic/prebuilts/api/32.0/private/domain.te new file mode 100644 index 00000000..0e961db7 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/domain.te @@ -0,0 +1,29 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +get_prop(domain, vendor_exported_system_prop) +get_prop(domain, vendor_exported_odm_prop) diff --git a/generic/prebuilts/api/32.0/private/dpmd.te b/generic/prebuilts/api/32.0/private/dpmd.te new file mode 100644 index 00000000..3df432f7 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/dpmd.te @@ -0,0 +1,75 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +typeattribute vendor_dpmd coredomain; +typeattribute vendor_dpmd mlstrustedsubject; +type vendor_dpmd_exec, exec_type, system_file_type, file_type; + +init_daemon_domain(vendor_dpmd) + +net_domain(vendor_dpmd) + +allow vendor_dpmd { + vendor_dpmd_exec + system_file +}:file x_file_perms; + +allow vendor_dpmd vendor_dpmd_data_file:file create_file_perms; +allow vendor_dpmd vendor_dpmd_data_file:dir create_dir_perms; +r_dir_file(vendor_dpmd,proc_net) + +allow vendor_dpmd self:capability { + setuid + net_raw + net_admin +}; + +allow vendor_dpmd netutils_wrapper:process sigkill; +allow vendor_dpmd self:capability2 wake_alarm; + +r_dir_file(vendor_dpmd, appdomain) + +wakelock_use(vendor_dpmd) +allow vendor_dpmd shell_exec:file rx_file_perms; +dontaudit vendor_dpmd self:capability sys_module; +set_prop(vendor_dpmd, vendor_persist_dpm_prop) +get_prop(vendor_dpmd, vendor_persist_dpm_prop) +#allow vendor_dpmd to create socket +allow vendor_dpmd self:socket create_socket_perms_no_ioctl; +allow vendor_dpmd self:{ netlink_socket netlink_generic_socket } create_socket_perms_no_ioctl; +vendor_dpmd_socket_perm(priv_app) +vendor_dpmd_socket_perm(system_server) +vendor_dpmd_socket_perm(system_app) +vendor_dpmd_socket_perm(untrusted_app) +vendor_dpmd_socket_perm(untrusted_app_25) +vendor_dpmd_socket_perm(platform_app) +#allow vendor_dpmd to write to /proc/net/sys +allow vendor_dpmd proc_net:file write; +#self kill rule to kill vendor_dpmd child process which executes iptable commands +allow vendor_dpmd self:capability kill; +set_prop(vendor_dpmd, ctl_dpmd_prop) diff --git a/generic/prebuilts/api/32.0/private/dun-server.te b/generic/prebuilts/api/32.0/private/dun-server.te new file mode 100644 index 00000000..981a5e73 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/dun-server.te @@ -0,0 +1,40 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_dun-server_exec, system_file_type, exec_type, file_type; +typeattribute vendor_dun-server bluetoothdomain; +typeattribute vendor_dun-server coredomain; + +allow bluetooth vendor_dun-server:unix_stream_socket connectto; +allow vendor_dun-server { + serial_device + vendor_smd7_device +}:chr_file rw_file_perms; + +init_daemon_domain(vendor_dun-server) + +bluetooth_domain(vendor_dun-server) diff --git a/generic/prebuilts/api/32.0/private/file.te b/generic/prebuilts/api/32.0/private/file.te new file mode 100644 index 00000000..c9db4fcf --- /dev/null +++ b/generic/prebuilts/api/32.0/private/file.te @@ -0,0 +1,35 @@ +# Copyright (c) 2015, 2017-2018, 2020-2021 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_seemp_data_file, core_data_file_type, data_file_type, file_type; +type vendor_dpmd_socket, file_type, coredomain_socket; +type vendor_dpmd_data_file, file_type, data_file_type, core_data_file_type; +type vendor_dpmwrapper_socket, file_type, coredomain_socket, mlstrustedobject; +type vendor_qcc_data_file, file_type, data_file_type, core_data_file_type; +type vendor_qcc_app_socket, file_type, mlstrustedobject, coredomain_socket; +type vendor_sys_sxrauxd_data_file, file_type, data_file_type, core_data_file_type; +type vendor_sys_sxrauxd_socket, file_type, coredomain_socket; diff --git a/generic/prebuilts/api/32.0/private/file_contexts b/generic/prebuilts/api/32.0/private/file_contexts new file mode 100644 index 00000000..c65aac74 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/file_contexts @@ -0,0 +1,69 @@ +# Copyright (c) 2018-2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +/data/misc/elabel(/.*)? u:object_r:vendor_elabel_data_file:s0 +/data/misc/seemp(/.*)? u:object_r:vendor_seemp_data_file:s0 + +/(product|system/product)/etc/init\.qcom\.testscripts\.sh u:object_r:qti-testscripts_exec:s0 + +/storage/emulated(/.*)? u:object_r:media_rw_data_file:s0 + +####### device files ############## +/dev/smd7 u:object_r:vendor_smd7_device:s0 + +####### dev/socket files ########## +/dev/socket/seempdw u:object_r:vendor_seempdw_socket:s0 +/dev/socket/dpmd u:object_r:vendor_dpmd_socket:s0 +/dev/socket/tcm u:object_r:vendor_dpmtcm_socket:s0 +/dev/socket/tcmd u:object_r:vendor_dpmtcm_socket:s0 +/dev/socket/qdma_app(/.*)? u:object_r:vendor_qcc_app_socket:s0 + +####### system file ############### +/system/bin/seempd u:object_r:vendor_seempd_exec:s0 +/(system_ext|system/system_ext)/bin/dpmd u:object_r:vendor_dpmd_exec:s0 +/(system_ext|system/system_ext)/bin/tcmd u:object_r:vendor_tcmd_exec:s0 +/system/bin/vpsservice u:object_r:vendor_vpsservice_exec:s0 + +####### system_ext file ############### +/(system_ext|system/system_ext)/bin/dun-server u:object_r:vendor_dun-server_exec:s0 +/(system_ext|system/system_ext)/bin/bt_logger u:object_r:vendor_bt_logger_exec:s0 +/(system_ext|system/system_ext)/bin/perfservice u:object_r:vendor_perfservice_exec:s0 +/(system_ext|system/system_ext)/bin/qdtservice u:object_r:vendor_qdtservice_exec:s0 +/(system|system_ext|system/system_ext)/bin/(wfdservice|wfdservice64) u:object_r:vendor_wfdservice_exec:s0 +/(system|system_ext|system/system_ext)/bin/(sigma_miracasthalservice|sigma_miracasthalservice64) u:object_r:vendor_sigmahal_qti_exec:s0 +/(system_ext|system/system_ext)/bin/qccsyshalservice u:object_r:vendor_qccsyshal_qti_exec:s0 +/(system_ext|system/system_ext)/bin/qccsyshal@1\.1-service u:object_r:vendor_qccsyshal_qti_exec:s0 +/(system_ext|system/system_ext)/bin/mmi u:object_r:vendor_mmi_sys_exec:s0 +/(system_ext|system/system_ext)/bin/mmi_diag u:object_r:vendor_mmi_sys_exec:s0 +/(system_ext|system/system_ext)/bin/qspmsvc u:object_r:vendor_qspmsvc_exec:s0 +/(system_ext|system/system_ext)/bin/perfetto_dump\.sh u:object_r:vendor_perfetto_dump_exec:s0 +/(system_ext|system/system_ext)/bin/qxrsplitauxservice u:object_r:vendor_sys_sxrauxd_exec:s0 + +####### data files ################ +/data/dpm(/.*)? u:object_r:vendor_dpmd_data_file:s0 +/data/nfc(/.*)? u:object_r:nfc_data_file:s0 +/data/misc/qdma(/.*)? u:object_r:vendor_qcc_data_file:s0 +/data/misc/sxraux(/.*)? u:object_r:vendor_sys_sxrauxd_data_file:s0 diff --git a/generic/prebuilts/api/32.0/private/fm_app.te b/generic/prebuilts/api/32.0/private/fm_app.te new file mode 100644 index 00000000..260ecaf0 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/fm_app.te @@ -0,0 +1,40 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute vendor_fm_app coredomain; +app_domain(vendor_fm_app) + +hal_client_domain(vendor_fm_app, vendor_hal_fm); +hal_client_domain(vendor_fm_app, vendor_hal_btconfigstore); +hal_client_domain(vendor_fm_app, vendor_hal_qspmhal); +hal_client_domain(vendor_fm_app, vendor_hal_perf); + +binder_call(vendor_fm_app, gpuservice) +allow vendor_fm_app radio_service:service_manager find; +allow vendor_fm_app audioserver_service:service_manager find; +allow vendor_fm_app mediaserver_service:service_manager find; +allow vendor_fm_app app_api_service:service_manager find; diff --git a/generic/prebuilts/api/32.0/private/gmscore_app.te b/generic/prebuilts/api/32.0/private/gmscore_app.te new file mode 100644 index 00000000..8a65fa19 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/gmscore_app.te @@ -0,0 +1,28 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +unix_socket_connect(gmscore_app, vendor_dpmtcm, vendor_tcmd) diff --git a/generic/prebuilts/api/32.0/private/hal_qccsyshalservice.te b/generic/prebuilts/api/32.0/private/hal_qccsyshalservice.te new file mode 100644 index 00000000..341ee751 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/hal_qccsyshalservice.te @@ -0,0 +1,61 @@ +# Copyright (c) 2020-2021 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qccsyshal_qti, domain, coredomain, mlstrustedsubject; +type vendor_qccsyshal_qti_exec, system_file_type , exec_type, file_type; + +hal_server_domain(vendor_qccsyshal_qti, vendor_qccsyshal); + +#Add hwservice related rules +hal_attribute_hwservice(vendor_qccsyshal, vendor_qccsyshal_hwservice); + +#Allow for transition from init domain to qccsyshal +init_daemon_domain(vendor_qccsyshal_qti) + +#Allow the interaction with servicemanager +binder_use(vendor_qccsyshal_qti) + +#Allow hwbinder call from hal client to server +binder_call(vendor_qccsyshal_client, vendor_qccsyshal_server) +binder_call(vendor_qccsyshal_server, vendor_qccsyshal_client) + +allow vendor_qccsyshal_client vendor_qccsyshal_hwservice:hwservice_manager find; + +# allow access to qdma dropbox (/data/misc/qdma) +allow vendor_qccsyshal_qti vendor_qcc_data_file:dir create_dir_perms; +allow vendor_qccsyshal_qti vendor_qcc_data_file:file create_file_perms; + +# allow access to vendor_qcc_app_socket +unix_socket_connect(vendor_qccsyshal_qti, vendor_qcc_app, vendor_qcc_app) +allow vendor_qccsyshal_qti vendor_qcc_app_socket:dir r_dir_perms; +allow vendor_qccsyshal_qti vendor_qcc_app_socket:sock_file rw_file_perms; + +userdebug_or_eng(` + allow vendor_qccsyshal_qti vendor_qcc_lmtp_app:unix_stream_socket connectto; +') + +allow vendor_qccsyshal_qti vendor_qcc_netstat_app:unix_stream_socket connectto; diff --git a/generic/prebuilts/api/32.0/private/hwservice_contexts b/generic/prebuilts/api/32.0/private/hwservice_contexts new file mode 100644 index 00000000..2a98049d --- /dev/null +++ b/generic/prebuilts/api/32.0/private/hwservice_contexts @@ -0,0 +1,29 @@ +# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +vendor.qti.hardware.sigma_miracast::Isigma_miracast u:object_r:vendor_sigmahal_hwservice:s0 +vendor.qti.hardware.qccsyshal::IQccsyshal u:object_r:vendor_qccsyshal_hwservice:s0 diff --git a/generic/prebuilts/api/32.0/private/ioctl_defines b/generic/prebuilts/api/32.0/private/ioctl_defines new file mode 100644 index 00000000..846eb5e1 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/ioctl_defines @@ -0,0 +1,34 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# socket ioctls defined in the kernel in include/uapi/linux/msm_ipc.h +define(`IPC_ROUTER_IOCTL_GET_VERSION', `0x0000c300') +define(`IPC_ROUTER_IOCTL_GET_MTU', `0x0000c301') +define(`IPC_ROUTER_IOCTL_LOOKUP_SERVER', `0x0000c302') +define(`IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE', `0x0000c303') +define(`IPC_ROUTER_IOCTL_BIND_CONTROL_PORT', `0x0000c304') +define(`IPC_ROUTER_IOCTL_CONFIG_SEC_RULES', `0x0000c305') diff --git a/generic/prebuilts/api/32.0/private/ioctl_macros b/generic/prebuilts/api/32.0/private/ioctl_macros new file mode 100644 index 00000000..84c899b1 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/ioctl_macros @@ -0,0 +1,35 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +define(`msm_sock_ipc_ioctls_system', `{ +IPC_ROUTER_IOCTL_GET_VERSION +IPC_ROUTER_IOCTL_GET_MTU +IPC_ROUTER_IOCTL_LOOKUP_SERVER +IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE +IPC_ROUTER_IOCTL_BIND_CONTROL_PORT +IPC_ROUTER_IOCTL_CONFIG_SEC_RULES +}') \ No newline at end of file diff --git a/generic/prebuilts/api/32.0/private/kernel.te b/generic/prebuilts/api/32.0/private/kernel.te new file mode 100644 index 00000000..8cee6ae2 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/kernel.te @@ -0,0 +1,29 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Access tracefs instances +allow kernel debugfs_tracing_instances:dir search; diff --git a/generic/prebuilts/api/32.0/private/location_app.te b/generic/prebuilts/api/32.0/private/location_app.te new file mode 100644 index 00000000..7a674495 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/location_app.te @@ -0,0 +1,56 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# generic/vendor_location_app.te - sepolicy rules for qti value added location apps +# that will be part of system image. Eg: XT app. + +app_domain(vendor_location_app) +binder_use(vendor_location_app) +hal_client_domain(vendor_location_app, hal_gnss) + +net_domain(vendor_location_app) + +#Permissions for JDWP +userdebug_or_eng(` + allow vendor_location_app { adbd su }:unix_stream_socket connectto; +') + +allow vendor_location_app app_api_service:service_manager find; + +allow vendor_location_app system_app_data_file:dir create_dir_perms; +allow vendor_location_app system_app_data_file:file create_file_perms; + +allow vendor_location_app radio_service:service_manager find; + +unix_socket_connect(vendor_location_app, vendor_dpmtcm, vendor_dpmd); +unix_socket_connect(vendor_location_app, vendor_dpmtcm, vendor_tcmd); + +get_prop(vendor_location_app, radio_cdma_ecm_prop) + +allow vendor_location_app cgroup:file rw_file_perms; + +unix_socket_send(vendor_location_app, vendor_seempdw, vendor_seempd); diff --git a/generic/prebuilts/api/32.0/private/mediaextractor.te b/generic/prebuilts/api/32.0/private/mediaextractor.te new file mode 100644 index 00000000..ce01c849 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/mediaextractor.te @@ -0,0 +1,29 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +get_prop(mediaextractor, vendor_mm_parser_prop); +get_prop(mediaextractor, vendor_mm_osal_prop); diff --git a/generic/prebuilts/api/32.0/private/mediaprovider.te b/generic/prebuilts/api/32.0/private/mediaprovider.te new file mode 100644 index 00000000..376fd9c1 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/mediaprovider.te @@ -0,0 +1,30 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +allow mediaprovider vendor_dpmtcm_socket:sock_file w_file_perms; +allow mediaprovider vendor_dpmd:unix_stream_socket connectto; +unix_socket_connect(mediaprovider, vendor_dpmtcm, vendor_tcmd); diff --git a/generic/prebuilts/api/32.0/private/mediaserver.te b/generic/prebuilts/api/32.0/private/mediaserver.te new file mode 100644 index 00000000..aa62ea99 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/mediaserver.te @@ -0,0 +1,31 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +unix_socket_send(mediaserver, vendor_seempdw, vendor_seempd) + +get_prop(mediaserver, vendor_mm_video_prop) +get_prop(mediaserver, vendor_sys_video_prop) diff --git a/generic/prebuilts/api/32.0/private/mmi_sys.te b/generic/prebuilts/api/32.0/private/mmi_sys.te new file mode 100755 index 00000000..e0fc2fa3 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/mmi_sys.te @@ -0,0 +1,45 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. + +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute vendor_mmi_sys coredomain; +type vendor_mmi_sys_exec, system_file_type, exec_type, file_type; + +#init +init_daemon_domain(vendor_mmi_sys) + +#Allow mmi to use IPC +binder_call(vendor_mmi_sys,surfaceflinger) +binder_use(vendor_mmi_sys) + +#mmi_sys +allow vendor_mmi_sys ion_device:chr_file r_file_perms; +allow vendor_mmi_sys surfaceflinger_service:service_manager find; +hal_client_domain(vendor_mmi_sys, hal_graphics_allocator) +allow vendor_mmi_sys vendor_mmi_sys_exec:file execute_no_trans; + +allow vendor_mmi_sys gpu_device:chr_file rw_file_perms; +allow vendor_mmi_sys kmsg_device:chr_file w_file_perms; diff --git a/generic/prebuilts/api/32.0/private/mstatservice_app.te b/generic/prebuilts/api/32.0/private/mstatservice_app.te new file mode 100644 index 00000000..e616bcee --- /dev/null +++ b/generic/prebuilts/api/32.0/private/mstatservice_app.te @@ -0,0 +1,35 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_mstatservice_app, domain; +typeattribute vendor_mstatservice_app coredomain; +app_domain(vendor_mstatservice_app) +hal_client_domain(vendor_mstatservice_app, vendor_hal_mstatservice_qti) +hal_client_domain(vendor_mstatservice_app, vendor_hal_perf) + +allow vendor_mstatservice_app radio_service:service_manager find; +allow vendor_mstatservice_app app_api_service:service_manager find; diff --git a/generic/prebuilts/api/32.0/private/network_stack.te b/generic/prebuilts/api/32.0/private/network_stack.te new file mode 100644 index 00000000..f5740bd9 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/network_stack.te @@ -0,0 +1,28 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +unix_socket_connect(network_stack, vendor_dpmtcm, vendor_tcmd) diff --git a/generic/prebuilts/api/32.0/private/perfservice.te b/generic/prebuilts/api/32.0/private/perfservice.te new file mode 100644 index 00000000..cdb81827 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/perfservice.te @@ -0,0 +1,35 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_perfservice_exec, exec_type, system_file_type, file_type; + +init_daemon_domain(vendor_perfservice) + +add_service(vendor_perfservice, vendor_perf_service); +binder_use(vendor_perfservice); +binder_call(vendor_perfservice, system_server); +binder_service(vendor_perfservice); diff --git a/generic/prebuilts/api/32.0/private/platform_app.te b/generic/prebuilts/api/32.0/private/platform_app.te new file mode 100755 index 00000000..881fe462 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/platform_app.te @@ -0,0 +1,60 @@ +# Copyright (c) 2015, 2017-2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#allow platform_app to read vendor_camera_prop +get_prop(platform_app, vendor_persist_camera_prop) +# Allow cneservice to be found +allow platform_app vendor_cne_service:service_manager find; + +# Allow vendor_dpmservice to be found +allow platform_app vendor_dpmservice:service_manager find; +allow platform_app { vendor_dpmd_socket vendor_dpmtcm_socket }:sock_file w_file_perms; +allow platform_app vendor_dpmd:unix_stream_socket connectto; +userdebug_or_eng(` + r_dir_file(platform_app, vendor_seemp_data_file) + allow platform_app vendor_seemp_data_file: file w_file_perms; +') +allow platform_app vendor_color_service:service_manager find; +# WigigSettings need to read persist.vendor.wigig.icon.disable +get_prop(platform_app, vendor_wigig_core_prop) +# SVA app and OEM voice activation app need to find soundtrigger_middleware_service +allow platform_app soundtrigger_middleware_service:service_manager find; + +# allow platform_app access to Workload Classifier Property +set_prop(platform_app, vendor_wlc_prop); + +#allow platform_app to interact with wificfr hal +hal_client_domain(platform_app, hal_wificfr) +#allow platform_app to interact with wpa_supplicant +# adding typeattribute instead of macro because hal_wifi_supplicant has already +# been defined +typeattribute platform_app hal_wifi_supplicant_client; + +#SystemUI needs to access the property ril.cdma.inecmmode +get_prop(platform_app, radio_cdma_ecm_prop) + +unix_socket_connect(platform_app, vendor_dpmtcm, vendor_tcmd); diff --git a/generic/prebuilts/api/32.0/private/priv_app.te b/generic/prebuilts/api/32.0/private/priv_app.te new file mode 100755 index 00000000..7b293950 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/priv_app.te @@ -0,0 +1,35 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +get_prop(priv_app, vendor_persist_camera_prop) +get_prop(priv_app, radio_cdma_ecm_prop) +allow priv_app vendor_dpmtcm_socket:sock_file w_file_perms; +allow priv_app vendor_dpmd:unix_stream_socket connectto; +# QVA app need to find soundtrigger_middleware_service +allow priv_app soundtrigger_middleware_service:service_manager find; + +unix_socket_connect(priv_app, vendor_dpmtcm, vendor_tcmd); diff --git a/generic/prebuilts/api/32.0/private/property.te b/generic/prebuilts/api/32.0/private/property.te new file mode 100644 index 00000000..fd7f963f --- /dev/null +++ b/generic/prebuilts/api/32.0/private/property.te @@ -0,0 +1,50 @@ +# Copyright (c) 2019-2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# QCV: define property type vendor_exported_system_prop +# and vendor_exported_odm_prop +vendor_restricted_prop(vendor_exported_system_prop); +vendor_restricted_prop(vendor_exported_odm_prop); + +#mm-osal +system_internal_prop(vendor_mm_osal_prop) +system_internal_prop(vendor_mm_video_prop) + +#WiFi Display +system_internal_prop(vendor_wfd_service_prop) +system_internal_prop(vendor_wfd_sys_debug_prop) +# WIGIG +system_internal_prop(vendor_wigig_core_prop) +system_internal_prop(vendor_fst_prop) +system_internal_prop(ctl_dpmd_prop) +system_internal_prop(ctl_tcmd_prop) + +#XRCB property +system_internal_prop(vendor_xrcb_prop) + +#bootreceiver property +system_public_prop(vendor_bootreceiver_prop) diff --git a/generic/prebuilts/api/32.0/private/property_contexts b/generic/prebuilts/api/32.0/private/property_contexts new file mode 100644 index 00000000..1742c908 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/property_contexts @@ -0,0 +1,96 @@ +# Copyright (c) 2017, 2019, 2021 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +ro.vendor.qti.va_aosp.support u:object_r:vendor_exported_system_prop:s0 exact bool +ro.vendor.qti.va_odm.support u:object_r:vendor_exported_odm_prop:s0 exact bool +ro.vendor.perf.scroll_opt u:object_r:vendor_exported_system_prop:s0 exact bool +ro.vendor.perf.scroll_opt.heavy_app u:object_r:vendor_exported_system_prop:s0 exact int +ro.netflix.bsp_rev u:object_r:vendor_exported_system_prop:s0 exact string + +persist.vendor.dpm. u:object_r:vendor_persist_dpm_prop:s0 +persist.vendor.rcs. u:object_r:vendor_persist_rcs_prop:s0 +persist.vendor.tcmd. u:object_r:vendor_persist_tcm_prop:s0 +persist.vendor.btstack u:object_r:bluetooth_prop:s0 +persist.vendor.bluetooth.emailaccountcount u:object_r:bluetooth_prop:s0 +persist.vendor.bt.a2dp u:object_r:bluetooth_prop:s0 +persist.vendor.bt_logger. u:object_r:bluetooth_prop:s0 +persist.vendor.service.bt. u:object_r:bluetooth_prop:s0 +ro.vendor.btstack. u:object_r:bluetooth_prop:s0 +vendor.pts. u:object_r:bluetooth_prop:s0 +vendor.bt.pts. u:object_r:bluetooth_prop:s0 +vendor.bluetooth. u:object_r:bluetooth_prop:s0 +vendor.camera.aux.packagelist u:object_r:vendor_persist_camera_prop:s0 +persist.vendor.camera.privapp.list u:object_r:vendor_persist_camera_prop:s0 + +#mm-parser +vendor.mm.enable.qcom_parser u:object_r:vendor_mm_parser_prop:s0 +vendor.qcom_parser. u:object_r:vendor_mm_parser_prop:s0 +#mm-osal +vendor.debug.mmosal.config u:object_r:vendor_mm_osal_prop:s0 + +#perf +vendor.perf.workloadclassifier.enable u:object_r:vendor_wlc_prop:s0 +persist.vendor.build.date.utc u:object_r:vendor_wlc_prop:s0 +vendor.mpctl.init.complete u:object_r:vendor_wlc_public_prop:s0 + +#mm-video +persist.vendor.debug.av.logs.lvl u:object_r:debug_prop:s0 +persist.vendor.debug.en.drpcrpt u:object_r:vendor_mm_video_prop:s0 +persist.vendor.media.hls. u:object_r:vendor_mm_video_prop:s0 +persist.vendor.sys.media.rtp-ports u:object_r:vendor_mm_video_prop:s0 +vendor.encoder.video.profile u:object_r:vendor_mm_video_prop:s0 +vendor.sys.media.target.version u:object_r:vendor_sys_video_prop:s0 +vendor.sys.video.disable.ubwc u:object_r:vendor_sys_video_prop:s0 +vendor.sys.media.target.qssi u:object_r:vendor_sys_video_prop:s0 + +#Wifi Display +vendor.wfdservice u:object_r:vendor_wfd_service_prop:s0 +persist.vendor.debug.wfd.wfdsvc u:object_r:vendor_wfd_sys_debug_prop:s0 +persist.vendor.debug.wfdcdbg u:object_r:vendor_wfd_sys_debug_prop:s0 +persist.vendor.debug.wfdcdbgv u:object_r:vendor_wfd_sys_debug_prop:s0 +persist.vendor.sys.debug.mux. u:object_r:vendor_wfd_sys_debug_prop:s0 +persist.vendor.sys.debug.rtp. u:object_r:vendor_wfd_sys_debug_prop:s0 +persist.vendor.sys.debug.wfd. u:object_r:vendor_wfd_sys_debug_prop:s0 + +# WIGIG +persist.vendor.wigig. u:object_r:vendor_wigig_core_prop:s0 +persist.vendor.fst. u:object_r:vendor_fst_prop:s0 +persist.dpm.feature u:object_r:vendor_persist_dpm_prop:s0 +ctl.stop$dpmd u:object_r:ctl_dpmd_prop:s0 +ctl.stop$tcmd u:object_r:ctl_tcmd_prop:s0 + +# Beluga +ro.vendor.beluga.p u:object_r:vendor_exported_system_prop:s0 +ro.vendor.beluga.c u:object_r:vendor_exported_system_prop:s0 +ro.vendor.beluga.s u:object_r:vendor_exported_system_prop:s0 +ro.vendor.beluga.t u:object_r:vendor_exported_system_prop:s0 + +#XRCB prop +vendor.xrcb. u:object_r:vendor_xrcb_prop:s0 + +# bootreceiver config props +ro.vendor.bootreceiver.enable u:object_r:vendor_bootreceiver_prop:s0 exact bool diff --git a/generic/prebuilts/api/32.0/private/qcc_app.te b/generic/prebuilts/api/32.0/private/qcc_app.te new file mode 100644 index 00000000..e7939706 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/qcc_app.te @@ -0,0 +1,66 @@ +# Copyright (c) 2020 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute vendor_qcc_app mlstrustedsubject; + +app_domain(vendor_qcc_app) +net_domain(vendor_qcc_app) +binder_use(vendor_qcc_app) + +allow vendor_qcc_app radio_service:service_manager find; +# for vendor_perf_service +allow vendor_qcc_app app_api_service:service_manager find; + +# allow access to qdma dropbox (/data/misc/qdma) +allow vendor_qcc_app vendor_qcc_data_file:dir create_dir_perms; +allow vendor_qcc_app vendor_qcc_data_file:file create_file_perms; + +# allow access to socket +unix_socket_connect(vendor_qcc_app, vendor_dpmtcm, vendor_dpmd) +unix_socket_connect(vendor_qcc_app, vendor_dpmtcm, vendor_tcmd) +# allow access to mediadrmserver for qdmastats/wvstats +allow vendor_qcc_app mediadrmserver_service:service_manager find; + +# allow vendor_qcc_app to access system_app_data_file +# necessary for read and write /data/user_de/0/com.---.qti.qdma subdirectory. +allow vendor_qcc_app system_data_file:dir search; +allow vendor_qcc_app system_app_data_file:dir create_dir_perms; +allow vendor_qcc_app system_app_data_file:file create_file_perms; + +allow vendor_qcc_app user_profile_root_file:dir search; + +# allow cgroup access +allow vendor_qcc_app cgroup:file rw_file_perms; + +#allow mediametrics_service +allow vendor_qcc_app mediametrics_service:service_manager find; + +# Allow read-write permissions to qdma sockets under vendor_qcc_app_socket. +allow vendor_qcc_app vendor_qcc_app_socket:dir rw_dir_perms; +allow vendor_qcc_app vendor_qcc_app_socket:sock_file create_file_perms; + + diff --git a/generic/prebuilts/api/32.0/private/qcc_authmgr_app.te b/generic/prebuilts/api/32.0/private/qcc_authmgr_app.te new file mode 100644 index 00000000..a4e5f338 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/qcc_authmgr_app.te @@ -0,0 +1,35 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute vendor_qcc_authmgr_app coredomain; + +app_domain(vendor_qcc_authmgr_app) +binder_use(vendor_qcc_authmgr_app) + +hal_client_domain(vendor_qcc_authmgr_app, vendor_hal_qccvndhal); +hal_client_domain(vendor_qcc_authmgr_app, vendor_hal_perf); +allow vendor_qcc_authmgr_app {app_api_service}:service_manager find; diff --git a/generic/prebuilts/api/32.0/private/qcc_lmtp_app.te b/generic/prebuilts/api/32.0/private/qcc_lmtp_app.te new file mode 100644 index 00000000..9ae3c2c3 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/qcc_lmtp_app.te @@ -0,0 +1,63 @@ +# Copyright (c) 2017-2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +userdebug_or_eng(` + typeattribute vendor_qcc_lmtp_app mlstrustedsubject; + app_domain(vendor_qcc_lmtp_app) + net_domain(vendor_qcc_lmtp_app) + binder_use(vendor_qcc_lmtp_app) + + hal_client_domain(vendor_qcc_lmtp_app, vendor_hal_perf); + + allow vendor_qcc_lmtp_app {activity_service}:service_manager find; + + allow vendor_qcc_lmtp_app location_service:service_manager find; + allow vendor_qcc_lmtp_app app_api_service:service_manager find; + + # for vendor_perf_service + allow vendor_qcc_lmtp_app vendor_perf_service:service_manager find; + + # allow access to socket + unix_socket_connect(vendor_qcc_lmtp_app, vendor_dpmtcm, vendor_dpmd) + unix_socket_connect(vendor_qcc_lmtp_app, vendor_dpmtcm, vendor_tcmd) + # allow access to qcc dropbox + allow vendor_qcc_lmtp_app vendor_qcc_data_file:dir create_dir_perms; + allow vendor_qcc_lmtp_app vendor_qcc_data_file:file create_file_perms; + + # allow vendor_qcc_lmtp_app to access system_app_data_file + # necessary for read and write /data/data subdirectory + allow vendor_qcc_lmtp_app system_app_data_file:dir create_dir_perms; + allow vendor_qcc_lmtp_app system_app_data_file:file create_file_perms; + allow vendor_qcc_lmtp_app system_data_file:dir search; + + # Allow read-write permissions to qdma sockets under vendor_qcc_app_socket. + unix_socket_connect(vendor_qcc_lmtp_app, vendor_qcc_app, vendor_qcc_app) + allow vendor_qcc_lmtp_app vendor_qcc_app_socket:dir rw_dir_perms; + allow vendor_qcc_lmtp_app vendor_qcc_app_socket:sock_file create_file_perms; + + allow vendor_qcc_lmtp_app app_api_service:service_manager find; +') diff --git a/generic/prebuilts/api/32.0/private/qcc_netstat_app.te b/generic/prebuilts/api/32.0/private/qcc_netstat_app.te new file mode 100644 index 00000000..74712579 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/qcc_netstat_app.te @@ -0,0 +1,39 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute vendor_qcc_netstat_app coredomain; + +app_domain(vendor_qcc_netstat_app) +net_domain(vendor_qcc_netstat_app) +binder_use(vendor_qcc_netstat_app) + +hal_client_domain(vendor_qcc_netstat_app, vendor_hal_qccvndhal); +hal_client_domain(vendor_qcc_netstat_app, vendor_hal_perf); +allow vendor_qcc_netstat_app {app_api_service}:service_manager find; + +# Allow read-write permissions to qdma sockets under vendor_qcc_app_socket. +unix_socket_connect(vendor_qcc_netstat_app, vendor_qcc_app, vendor_qcc_app) diff --git a/generic/prebuilts/api/32.0/private/qcc_trd.te b/generic/prebuilts/api/32.0/private/qcc_trd.te new file mode 100644 index 00000000..ded25c96 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/qcc_trd.te @@ -0,0 +1,28 @@ +# Copyright (c) 2020 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +hal_client_domain(vendor_qcc_trd, vendor_qccsyshal); diff --git a/generic/prebuilts/api/32.0/private/qcc_utils_app.te b/generic/prebuilts/api/32.0/private/qcc_utils_app.te new file mode 100644 index 00000000..71ee026f --- /dev/null +++ b/generic/prebuilts/api/32.0/private/qcc_utils_app.te @@ -0,0 +1,49 @@ +# Copyright (c) 2017-2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute vendor_qcc_utils_app mlstrustedsubject; + +app_domain(vendor_qcc_utils_app) +net_domain(vendor_qcc_utils_app) +binder_use(vendor_qcc_utils_app) + +allow vendor_qcc_utils_app { app_api_service radio_service }:service_manager find; + +# allow access to qcc dropbox +allow vendor_qcc_utils_app vendor_qcc_data_file:dir create_dir_perms; +allow vendor_qcc_utils_app vendor_qcc_data_file:file create_file_perms; + +# allow vendor_qcc_utils_app to access system_app_data_file +# necessary for read and write /data/data subdirectory +allow vendor_qcc_utils_app system_app_data_file:dir create_dir_perms; +allow vendor_qcc_utils_app system_app_data_file:file create_file_perms; + +# allow cgroup access +allow vendor_qcc_utils_app cgroup:file rw_file_perms; + +# for aws iot mqtt +allow vendor_qcc_utils_app self: udp_socket create_socket_perms_no_ioctl; diff --git a/generic/prebuilts/api/32.0/private/qdtservice.te b/generic/prebuilts/api/32.0/private/qdtservice.te new file mode 100644 index 00000000..d80a8455 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/qdtservice.te @@ -0,0 +1,37 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qdtservice_exec, exec_type, system_file_type, file_type; +type vendor_qdtservice, domain, coredomain; + +init_daemon_domain(vendor_qdtservice) + +add_service(vendor_qdtservice, vendor_qdt_service); +binder_use(vendor_qdtservice); +binder_service(vendor_qdtservice); + +hal_client_domain(vendor_qdtservice, vendor_hal_perf) diff --git a/generic/prebuilts/api/32.0/private/qesdkSystem.te b/generic/prebuilts/api/32.0/private/qesdkSystem.te new file mode 100644 index 00000000..8109d74d --- /dev/null +++ b/generic/prebuilts/api/32.0/private/qesdkSystem.te @@ -0,0 +1,39 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qesdk_app, domain; +typeattribute vendor_qesdk_app coredomain; +typeattribute vendor_qesdk_app mlstrustedsubject; +app_domain(vendor_qesdk_app) +#allow vendor_qesdk_app to access vendor_hal_qesdhal +qesdk_app_access(vendor_qesdk_app); +allow vendor_qesdk_app system_data_file:dir search; +allow vendor_qesdk_app system_app_data_file:dir { getattr search }; +allow vendor_qesdk_app user_profile_root_file:dir search; +allow vendor_qesdk_app app_api_service:service_manager find; +hal_client_domain(vendor_qesdk_app, vendor_hal_perf) +add_service(vendor_qesdk_app, vendor_qesdk_service); diff --git a/generic/prebuilts/api/32.0/private/qspmsvc.te b/generic/prebuilts/api/32.0/private/qspmsvc.te new file mode 100644 index 00000000..ac719503 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/qspmsvc.te @@ -0,0 +1,36 @@ +# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute vendor_qspmsvc coredomain; +type vendor_qspmsvc_exec, exec_type, system_file_type, file_type; + +init_daemon_domain(vendor_qspmsvc) +add_service(vendor_qspmsvc, vendor_qspmsvc_service); +binder_use(vendor_qspmsvc); +binder_call(vendor_qspmsvc, system_server); +binder_service(vendor_qspmsvc); +hal_client_domain(vendor_qspmsvc, hal_thermal) diff --git a/generic/prebuilts/api/32.0/private/qtelephony.te b/generic/prebuilts/api/32.0/private/qtelephony.te new file mode 100644 index 00000000..37b1facf --- /dev/null +++ b/generic/prebuilts/api/32.0/private/qtelephony.te @@ -0,0 +1,50 @@ +# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# qti telephony apps, such as AtFwd and FastDormancy +typeattribute vendor_qtelephony coredomain; + +app_domain(vendor_qtelephony) +net_domain(vendor_qtelephony) + +hwbinder_use(vendor_qtelephony); +get_prop(vendor_qtelephony, hwservicemanager_prop); +add_hwservice(vendor_qtelephony, vendor_hal_atfwd_hwservice); + +userdebug_or_eng(` + hal_client_domain( vendor_qtelephony, vendor_hal_diaghal) +') + +allow vendor_qtelephony { cameraserver_service mediaextractor_service mediaserver_service mediametrics_service radio_service drmserver_service audioserver_service}:service_manager find; +allow vendor_qtelephony system_api_service:service_manager find; +allow vendor_qtelephony app_api_service:service_manager find; + +allow vendor_qtelephony vendor_dpmtcm_socket:sock_file write; + +allow vendor_qtelephony vendor_dpmd:unix_stream_socket connectto; + +hal_client_domain(vendor_qtelephony, hal_telephony) diff --git a/generic/prebuilts/api/32.0/private/qti-testscripts.te b/generic/prebuilts/api/32.0/private/qti-testscripts.te new file mode 100644 index 00000000..4bdbb836 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/qti-testscripts.te @@ -0,0 +1,100 @@ +# Copyright (c) 2015,2017 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#as the exec is defined in file_context it is hitting build +# error in user build so moving out of the macro +type qti-testscripts_exec, system_file_type, exec_type, file_type; +userdebug_or_eng(` + type qti-testscripts, domain, mlstrustedsubject; + typeattribute qti-testscripts coredomain; + permissive qti-testscripts; + init_daemon_domain(qti-testscripts) + + #this is shell scripts and need /system/bin/sh + allow qti-testscripts shell_exec:file rx_file_perms; + #super_user - start + # Add qti-testscripts to various domains + net_domain(qti-testscripts) + + dontaudit qti-testscripts self:capability_class_set *; + dontaudit qti-testscripts kernel:security *; + dontaudit qti-testscripts kernel:system *; + dontaudit qti-testscripts self:memprotect *; + dontaudit qti-testscripts domain:process *; + dontaudit qti-testscripts domain:fd *; + dontaudit qti-testscripts domain:dir *; + dontaudit qti-testscripts domain:lnk_file *; + dontaudit qti-testscripts domain:{ fifo_file file } *; + dontaudit qti-testscripts domain:socket_class_set *; + dontaudit qti-testscripts domain:ipc_class_set *; + dontaudit qti-testscripts domain:key *; + dontaudit qti-testscripts fs_type:filesystem *; + dontaudit qti-testscripts {fs_type dev_type file_type}:dir_file_class_set *; + dontaudit qti-testscripts node_type:node *; + dontaudit qti-testscripts node_type:{ tcp_socket udp_socket rawip_socket } *; + dontaudit qti-testscripts netif_type:netif *; + dontaudit qti-testscripts port_type:socket_class_set *; + dontaudit qti-testscripts port_type:{ tcp_socket dccp_socket } *; + dontaudit qti-testscripts domain:peer *; + dontaudit qti-testscripts domain:binder *; + dontaudit qti-testscripts property_type:property_service *; + dontaudit qti-testscripts property_type:file *; + dontaudit qti-testscripts service_manager_type:service_manager *; + dontaudit qti-testscripts keystore:keystore_key *; + # dontaudit qti-testscripts domain:debuggerd *; + dontaudit qti-testscripts domain:drmservice *; + dontaudit qti-testscripts unlabeled:filesystem *; + #super_user - end + + #Added below rule in same file to keep all debug policies + #under one common file. + + # All domains can read proc enrty of qti-testscripts + # r_dir_file(domain, qti-testscripts) + # r_dir_file(qti-testscripts, domain) + +# allow adbd qti-testscripts:process dyntransition; + #allow { domain -mediaextractor -mediacodec } qti-testscripts:unix_stream_socket connectto; + allow domain qti-testscripts:fd use; + allow { domain -app_zygote -mediaextractor -hal_omx_server -hal_configstore_server } qti-testscripts:unix_stream_socket { getattr getopt read write shutdown }; +# binder_call({ domain -init -netd }, qti-testscripts) + allow domain qti-testscripts:fifo_file { write getattr }; + allow domain qti-testscripts:process sigchld; + binder_use(qti-testscripts) + allow platform_app qti-testscripts:unix_stream_socket { read write connectto}; + allow system_app qti-testscripts:unix_stream_socket { read write connectto}; + allow system_server qti-testscripts:binder { transfer call }; + allow untrusted_app_25 qti-testscripts:binder { transfer call }; + allow priv_app qti-testscripts:binder { transfer call }; + allow surfaceflinger qti-testscripts:binder { transfer call }; + allow system_server qti-testscripts:fifo_file read; + binder_call(platform_app, qti-testscripts) + binder_call(system_app, qti-testscripts) + +# allow lmkd to kill tasks with positive oom_score_adj under memory pressure + allow lmkd qti-testscripts:process { setsched sigkill }; +') diff --git a/generic/prebuilts/api/32.0/private/radio.te b/generic/prebuilts/api/32.0/private/radio.te new file mode 100644 index 00000000..9731b060 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/radio.te @@ -0,0 +1,33 @@ +# Copyright (c) 2018, 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +hwbinder_use(radio) +allow radio mediaextractor_service:service_manager find; + +userdebug_or_eng(` + unix_socket_send(radio,vendor_seempdw, vendor_seempd) +') diff --git a/generic/prebuilts/api/32.0/private/seapp_contexts b/generic/prebuilts/api/32.0/private/seapp_contexts new file mode 100644 index 00000000..6efc98e4 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/seapp_contexts @@ -0,0 +1,82 @@ +# Copyright (c) 2019-2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#Add new domain for DataServices +# Needed for CNEService , uceShimService and other connectivity services +user=radio seinfo=platform name=.dataservices domain=vendor_dataservice_app type=radio_data_file + +# AtFwd app +user=_app seinfo=platform name=com.qualcomm.telephony domain=vendor_qtelephony type=app_data_file levelFrom=all + +#Add new domain for ims app +user=_app seinfo=platform name=org.codeaurora.ims isPrivApp=true domain=vendor_qtelephony type=app_data_file levelFrom=all + + +# QtiTelephonyService app +user=_app seinfo=platform name=com.qualcomm.qti.telephonyservice domain=vendor_qtelephony type=app_data_file levelFrom=all + +#Add new domain for qti value added Location apps +user=_app seinfo=platform name=com.qualcomm.location.XT isPrivApp=true domain=vendor_location_app type=app_data_file +user=_app seinfo=platform name=com.qualcomm.location.XT.setup isPrivApp=true domain=vendor_location_app type=app_data_file +user=_app seinfo=platform name=com.qualcomm.location isPrivApp=true domain=vendor_location_app type=app_data_file +user=_app seinfo=platform name=com.qualcomm.wfd.service:wfd_service domain=vendor_wfd_app type=app_data_file levelfrom=all +user=_app seinfo=platform name=com.qualcomm.wfd.client domain=vendor_wfd_app type=app_data_file levelfrom=all +user=_app seinfo=platform name=com.qualcomm.qti.ssmeditor domain=vendor_qconfig_app type=app_data_file levelfrom=all + +#Add new domain for QCC +user=system seinfo=platform name=com.qualcomm.qti.qdma isPrivApp=true domain=vendor_qcc_app type=system_app_data_file +#Add new domain for QCCLMTP +user=system seinfo=platform name=com.qualcomm.qti.qcclmtp isPrivApp=true domain=vendor_qcc_lmtp_app type=system_app_data_file +#Add new domain for QCCNetstat +user=_app seinfo=platform name=com.qualcomm.qti.qccnetstat domain=vendor_qcc_netstat_app type=app_data_file levelFrom=all +#Add new domain for QCCAuthMgr +user=_app seinfo=platform name=com.qualcomm.qti.qccauthmgr domain=vendor_qcc_authmgr_app type=app_data_file levelFrom=all +#Add new domain for QCC-Utils +user=system seinfo=platform name=com.qualcomm.qti.qdmautils isPrivApp=true domain=vendor_qcc_utils_app type=system_app_data_file +# Add new domain for FM app +user=_app seinfo=platform name=com.caf.fmradio domain=vendor_fm_app type=app_data_file levelFrom=all + +#Add new domain for secure camera service app +user=_app seinfo=platform name=com.qualcomm.qti.seccamservice:remote domain=vendor_seccam_app type=app_data_file + +#Add ExtTelephonyService to vendor_qtelephony +user=_app seinfo=platform name=com.qti.phone domain=vendor_qtelephony type=app_data_file levelFrom=all + +#Add new domain for Voice Activation app +user=_app seinfo=platform name=com.qualcomm.qti.sva domain=vendor_voiceui_app type=app_data_file levelFrom=all + +# qc mStat app +user=_app seinfo=platform name=com.qti.qualcomm.mstatssystemservice domain=vendor_mstatservice_app type=app_data_file levelFrom=all + +#Add new domain for QESDK_APP +user=system seinfo=platform name=vendor.qti.qesdk.sysservice isPrivApp=true domain=vendor_qesdk_app type=system_app_data_file + +#Add new domain for workloadclassifier +user=_app seinfo=platform name=com.qualcomm.qti.workloadclassifier domain=vendor_wlc_app type=app_data_file levelFrom=all + +#Add new domain for xrcb app +user=_app seinfo=platform name=com.qualcomm.qti.xrcb domain=vendor_xrcb_app type=app_data_file levelFrom=all diff --git a/generic/prebuilts/api/32.0/private/seccam_app.te b/generic/prebuilts/api/32.0/private/seccam_app.te new file mode 100755 index 00000000..2881a71f --- /dev/null +++ b/generic/prebuilts/api/32.0/private/seccam_app.te @@ -0,0 +1,38 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_seccam_app, domain; +app_domain(vendor_seccam_app) +net_domain(vendor_seccam_app) + +hal_client_domain(vendor_seccam_app, vendor_hal_qteeconnector); + +allow vendor_seccam_app app_data_file:dir create_dir_perms; +allow vendor_seccam_app app_data_file:file create_file_perms; +allow vendor_seccam_app { activity_service app_api_service } :service_manager find; +allow vendor_seccam_app self:qipcrtr_socket create_socket_perms_no_ioctl; +typeattribute vendor_seccam_app hal_graphics_composer_client; diff --git a/generic/prebuilts/api/32.0/private/seempd.te b/generic/prebuilts/api/32.0/private/seempd.te new file mode 100644 index 00000000..ece42487 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/seempd.te @@ -0,0 +1,46 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute vendor_seempd coredomain; +typeattribute vendor_seempd mlstrustedsubject; +type vendor_seempd_exec, exec_type, system_file_type, file_type; + +init_daemon_domain(vendor_seempd) + +binder_use(vendor_seempd) +binder_call(vendor_seempd, system_server) +binder_call(vendor_seempd, appdomain) + +allow vendor_seempd vendor_MinkBinderSvc:service_manager { find }; + +add_service(vendor_seempd, vendor_seemp_service) + +allow vendor_seempd self:binder call; +allow vendor_seempd ion_device:chr_file r_file_perms; + +#Allow search access in seemp_data_file +allow vendor_seempd vendor_seemp_data_file:dir search; diff --git a/generic/prebuilts/api/32.0/private/service.te b/generic/prebuilts/api/32.0/private/service.te new file mode 100644 index 00000000..076d12d3 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/service.te @@ -0,0 +1,41 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +type vendor_cne_service, service_manager_type; +type vendor_seemp_service, service_manager_type; +type vendor_dpmservice, service_manager_type; +type vendor_MinkBinderSvc, app_api_service, service_manager_type; +type vendor_perf_service, app_api_service, service_manager_type; +type vendor_qdt_service, app_api_service, service_manager_type; +type vendor_izat_service, app_api_service, system_api_service, service_manager_type; +type vendor_color_service, service_manager_type; +type vendor_wfdservice_service, service_manager_type; +type vendor_wigigp2p_service, app_api_service, system_server_service, service_manager_type; +type vendor_wigig_service, app_api_service, system_server_service, service_manager_type; +type vendor_vps_service, app_api_service, service_manager_type; +type vendor_qspmsvc_service, app_api_service, service_manager_type; +type vendor_qvirtmgr_service, service_manager_type; + diff --git a/generic/prebuilts/api/32.0/private/service_contexts b/generic/prebuilts/api/32.0/private/service_contexts new file mode 100644 index 00000000..3bbdcbc8 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/service_contexts @@ -0,0 +1,51 @@ +# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +cneservice u:object_r:vendor_cne_service:s0 +com.qualcomm.qti.ustaservice.USTAServiceImpl u:object_r:vendor_usta_app_service:s0 +dpmservice u:object_r:vendor_dpmservice:s0 +MinkBinderSvc u:object_r:vendor_MinkBinderSvc:s0 +vendor.perfservice u:object_r:vendor_perf_service:s0 +vendor.qdtservice u:object_r:vendor_qdt_service:s0 +sms-sec u:object_r:radio_service:s0 +extphone u:object_r:radio_service:s0 +qti.radio.extphone u:object_r:radio_service:s0 +com.qualcomm.location.izat.IzatService u:object_r:vendor_izat_service:s0 +qti.security.seempspa u:object_r:vendor_seemp_service:s0 +vendor.audio.vrservice u:object_r:audioserver_service:s0 +com.qti.snapdragon.sdk.display.IColorService u:object_r:vendor_color_service:s0 +wfdservice u:object_r:vendor_wfdservice_service:s0 +wfdservice64 u:object_r:vendor_wfdservice_service:s0 +wigigp2p u:object_r:vendor_wigigp2p_service:s0 +wigig u:object_r:vendor_wigig_service:s0 +display.smomoservice u:object_r:surfaceflinger_service:s0 +vendor.vpsservice u:object_r:vendor_vps_service:s0 +vendor.qspmsvc u:object_r:vendor_qspmsvc_service:s0 +nfc_settings u:object_r:nfc_service:s0 +nfc.st_ext u:object_r:nfc_service:s0 +vendor.qti.gnss.ILocAidlGnss/default u:object_r:hal_gnss_service:s0 +vendor.qvirtmgr u:object_r:vendor_qvirtmgr_service:s0 +vendor.qti.qesdsys.IQesdSys/default u:object_r:vendor_qesdk_service:s0 diff --git a/generic/prebuilts/api/32.0/private/sigma-hal.te b/generic/prebuilts/api/32.0/private/sigma-hal.te new file mode 100644 index 00000000..dc64d3e4 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/sigma-hal.te @@ -0,0 +1,50 @@ +# Copyright (c) 2019 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_sigmahal_qti, domain, coredomain; +type vendor_sigmahal_qti_exec, system_file_type , exec_type, file_type; + +hal_server_domain(vendor_sigmahal_qti,vendor_sigmahal); +hal_attribute_hwservice(vendor_sigmahal, vendor_sigmahal_hwservice); + +#Allow for transition from init domain to vendor_sigmahal_qti +init_daemon_domain(vendor_sigmahal_qti); + +#Allow the interaction with servicemanager +binder_use(vendor_sigmahal_qti) + +#Allow the interaction with wfdservice +binder_call(vendor_sigmahal_qti,vendor_wfdservice); + +#Allow access to vendor_wfdservice_service,audioserver_service,surfaceflinger_service to interact with vendor_sigmahal_qti +allow vendor_sigmahal_qti {vendor_wfdservice_service audioserver_service surfaceflinger_service}:service_manager find; + +#Allow vendor_sigmahal_qti to interact with audio_server +binder_call(vendor_sigmahal_qti,audioserver); + +#Allow vendor_sigmahal_qti to interact with surface flinger +binder_call(vendor_sigmahal_qti,surfaceflinger); diff --git a/generic/prebuilts/api/32.0/private/smart_trace.te b/generic/prebuilts/api/32.0/private/smart_trace.te new file mode 100644 index 00000000..445d1ed2 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/smart_trace.te @@ -0,0 +1,49 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_perfetto_dump, domain, coredomain; +type vendor_perfetto_dump_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(vendor_perfetto_dump) +userdebug_or_eng(` + set_prop(vendor_perfetto_dump, system_prop) + allow vendor_perfetto_dump perfetto_traces_data_file:dir rw_dir_perms; + allow vendor_perfetto_dump perfetto_traces_data_file:file { rw_file_perms unlink }; + allow vendor_perfetto_dump shell_exec:file { rx_file_perms entrypoint }; + allow vendor_perfetto_dump toolbox_exec:file rx_file_perms; + allow vendor_perfetto_dump perfetto_exec:file rx_file_perms; + allow vendor_perfetto_dump perfetto:fd use; + allow vendor_perfetto_dump shell:fd use; + allow vendor_perfetto_dump shell:fifo_file { read write }; + + # Allow the service to create new files within /data/misc/perfetto-traces. + allow vendor_perfetto_dump perfetto_traces_data_file:file create_file_perms; + allow vendor_perfetto_dump perfetto_traces_data_file:dir rw_dir_perms; + allow traced vendor_perfetto_dump:fd use; + allow vendor_perfetto_dump traced_consumer_socket:sock_file { write read }; + allow vendor_perfetto_dump traced:unix_stream_socket connectto; +') diff --git a/generic/prebuilts/api/32.0/private/surfaceflinger.te b/generic/prebuilts/api/32.0/private/surfaceflinger.te new file mode 100644 index 00000000..190935bb --- /dev/null +++ b/generic/prebuilts/api/32.0/private/surfaceflinger.te @@ -0,0 +1,32 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +binder_call(surfaceflinger, vendor_wfdservice); +allow surfaceflinger vendor_hal_displayconfig_service:service_manager find; + +#Allow access to limits_hwservice +hal_client_domain(surfaceflinger, vendor_hal_limits) diff --git a/generic/prebuilts/api/32.0/private/sxrauxd.te b/generic/prebuilts/api/32.0/private/sxrauxd.te new file mode 100644 index 00000000..04f4accb --- /dev/null +++ b/generic/prebuilts/api/32.0/private/sxrauxd.te @@ -0,0 +1,50 @@ +# Copyright (c) 2021 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +type vendor_sys_sxrauxd, domain; +typeattribute vendor_sys_sxrauxd coredomain; +typeattribute vendor_sys_sxrauxd vendor_hal_sxrservice_qti_socket_fd_use_client; +type vendor_sys_sxrauxd_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(vendor_sys_sxrauxd) + +allow vendor_sys_sxrauxd vendor_sys_sxrauxservice_qti_socket_client:unix_stream_socket { getopt read setopt shutdown write }; +# Allow access to our socket +allow vendor_sys_sxrauxd vendor_sys_sxrauxd_socket:sock_file rw_file_perms; + +# Allow access to sxrservice +hal_client_domain(vendor_sys_sxrauxd, vendor_hal_sxrservice_qti); + +#Allow access to Audio Flinger APIs +binder_call(vendor_sys_sxrauxd, audioserver); +allow vendor_sys_sxrauxd audioserver_service : service_manager find; + +# Allow interracting with vendor_sxrauxd directory +allow vendor_sys_sxrauxd vendor_sys_sxrauxd_data_file:dir create_dir_perms; +allow vendor_sys_sxrauxd vendor_sys_sxrauxd_data_file:file create_file_perms; + +#allow binder use for checking permissions +binder_use(vendor_sys_sxrauxd) diff --git a/generic/prebuilts/api/32.0/private/system_app.te b/generic/prebuilts/api/32.0/private/system_app.te new file mode 100644 index 00000000..d779a9eb --- /dev/null +++ b/generic/prebuilts/api/32.0/private/system_app.te @@ -0,0 +1,49 @@ +# Copyright (c) 2015, 2017, 2019-2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# access to seemp folder +allow system_app vendor_seemp_data_file:dir r_dir_perms; +allow system_app vendor_seemp_data_file:{ file fifo_file } rw_file_perms; +binder_call(system_app, vendor_seempd) + +allow system_app vendor_dpmtcm_socket:sock_file w_file_perms; +allow system_app vendor_dpmd:unix_stream_socket connectto; +allow system_app vendor_color_service:service_manager add; +get_prop(system_app, bluetooth_prop); +# allow system_app to interact with smcinvoke daemon +#binder_call(system_app, smcinvoke_daemon) + +# allow system_app access to Workload Classifier Property +set_prop(system_app, vendor_wlc_prop); + +# allow system_app access to wigig Property +get_prop(system_app, vendor_wigig_core_prop); + +#allow system_app to access faceauth +hal_client_domain(system_app, hal_face) + +unix_socket_connect(system_app, vendor_dpmtcm, vendor_tcmd); diff --git a/generic/prebuilts/api/32.0/private/system_server.te b/generic/prebuilts/api/32.0/private/system_server.te new file mode 100644 index 00000000..3958d267 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/system_server.te @@ -0,0 +1,73 @@ +# Copyright (c) 2015,2017,2019,2021 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +add_service(system_server, vendor_izat_service) + +# Ant ipc +hal_client_domain(system_server,hal_bluetooth); + +allow system_server vendor_seempdw_socket:sock_file write; + +binder_call(system_server, vendor_seempd) +unix_socket_send(system_server, vendor_seempdw, vendor_seempd) + +unix_socket_connect(system_server, vendor_dpmd, vendor_dpmd); +allow system_server { vendor_dpmd_socket vendor_dpmtcm_socket }:sock_file w_file_perms; + +allow system_server vendor_dpmd_data_file:dir create_dir_perms; +allow system_server vendor_dpmd_data_file:file create_file_perms; + +#Allow system_server to add and find perf service +#add_service(system_server, vendor_perf_service); +allow system_server vendor_perf_service:service_manager find; + +#Allow system_server to add and find vps service +allow system_server vendor_vps_service:service_manager find; + +#Allow for access to WFD specific debug properties +binder_call(system_server, vendor_wfdservice); +userdebug_or_eng(` + get_prop(system_server, vendor_wfd_sys_debug_prop) +') +# Allow system server to access fst,wigig system properties +set_prop(system_server, vendor_wigig_core_prop) +set_prop(system_server, vendor_fst_prop) + +# Allow system server to access for dpm +get_prop(system_server, vendor_persist_dpm_prop) + +#Allow system_server to add and find qspmsvc service +allow system_server vendor_qspmsvc_service:service_manager find; + +#Allow system server to access /dev/binderfs/binder_logs for binder info +userdebug_or_eng(` +allow system_server binderfs_logs:dir r_dir_perms; +allow system_server binderfs_logs:file r_file_perms; +') + +# Allow system server to access for rcs service +get_prop(system_server, vendor_persist_rcs_prop) diff --git a/generic/prebuilts/api/32.0/private/tcmd.te b/generic/prebuilts/api/32.0/private/tcmd.te new file mode 100644 index 00000000..b9633dd5 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/tcmd.te @@ -0,0 +1,42 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#tcmd as domain +type vendor_tcmd,domain; +typeattribute vendor_tcmd mlstrustedsubject; +typeattribute vendor_tcmd coredomain; + +type vendor_tcmd_exec, exec_type, system_file_type, file_type; + +init_daemon_domain(vendor_tcmd) + +set_prop(vendor_tcmd, vendor_persist_tcm_prop) +#allow vendor_tcmd to create socket +allow vendor_tcmd self:socket create_socket_perms_no_ioctl; +set_prop(vendor_tcmd, ctl_tcmd_prop) + +hal_client_domain(vendor_tcmd,vendor_hal_dpmapiservice_qti); diff --git a/generic/prebuilts/api/32.0/private/te_macros b/generic/prebuilts/api/32.0/private/te_macros new file mode 100644 index 00000000..350e9122 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/te_macros @@ -0,0 +1,43 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +##################################### +# vendor_dpmd_socket_perm(clientdomain) +# allow vendor_dpmd to use inet socket created by app. +define(`vendor_dpmd_socket_perm', ` +allow vendor_dpmd $1:fd use; +allow vendor_dpmd $1:tcp_socket rw_socket_perms; +') +##################################### + +##################################### +# qesdk_app_access(clientdomain) +# allow vendor_hal_qesdhal to use +define(`qesdk_app_access', ` +hal_client_domain($1, vendor_hal_qesdhal) +') +##################################### diff --git a/generic/prebuilts/api/32.0/private/untrusted_app.te b/generic/prebuilts/api/32.0/private/untrusted_app.te new file mode 100644 index 00000000..d89abd31 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/untrusted_app.te @@ -0,0 +1,37 @@ +# Copyright (c) 2015, 2017, 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +unix_socket_connect(untrusted_app,vendor_dpmtcm, vendor_dpmd); +allow untrusted_app vendor_dpmtcm_socket:sock_file w_file_perms; +allow untrusted_app vendor_dpmd:unix_stream_socket connectto; +userdebug_or_eng(` + r_dir_file(untrusted_app, vendor_seemp_data_file) + allow untrusted_app vendor_seemp_data_file: file w_file_perms; +') +qesdk_app_access(untrusted_app); +typeattribute untrusted_app vendor_hal_qvrservice_qti_socket_fd_use_client; +typeattribute untrusted_app vendor_hal_sxrservice_qti_socket_fd_use_client; diff --git a/generic/prebuilts/api/32.0/private/untrusted_app_25.te b/generic/prebuilts/api/32.0/private/untrusted_app_25.te new file mode 100644 index 00000000..b1801c3b --- /dev/null +++ b/generic/prebuilts/api/32.0/private/untrusted_app_25.te @@ -0,0 +1,28 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +qesdk_app_access(untrusted_app_25); diff --git a/generic/prebuilts/api/32.0/private/untrusted_app_27.te b/generic/prebuilts/api/32.0/private/untrusted_app_27.te new file mode 100644 index 00000000..5cff4842 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/untrusted_app_27.te @@ -0,0 +1,31 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +unix_socket_connect(untrusted_app_27,vendor_dpmtcm, vendor_dpmd); +allow untrusted_app_27 vendor_dpmtcm_socket:sock_file w_file_perms; +allow untrusted_app_27 vendor_dpmd:unix_stream_socket connectto; +qesdk_app_access(untrusted_app_27); diff --git a/generic/prebuilts/api/32.0/private/untrusted_app_29.te b/generic/prebuilts/api/32.0/private/untrusted_app_29.te new file mode 100644 index 00000000..49a4d24d --- /dev/null +++ b/generic/prebuilts/api/32.0/private/untrusted_app_29.te @@ -0,0 +1,30 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +qesdk_app_access(untrusted_app_29); +typeattribute untrusted_app_29 vendor_hal_qvrservice_qti_socket_fd_use_client; +typeattribute untrusted_app_29 vendor_hal_sxrservice_qti_socket_fd_use_client; diff --git a/generic/prebuilts/api/32.0/private/untrusted_app_all.te b/generic/prebuilts/api/32.0/private/untrusted_app_all.te new file mode 100644 index 00000000..240640a0 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/untrusted_app_all.te @@ -0,0 +1,29 @@ +# Copyright (c) 2019,2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +unix_socket_connect(untrusted_app_all, vendor_dpmtcm, vendor_dpmd) +unix_socket_connect(untrusted_app_all, vendor_dpmtcm, vendor_tcmd) diff --git a/generic/prebuilts/api/32.0/private/vendor_hal_perf_allows.te b/generic/prebuilts/api/32.0/private/vendor_hal_perf_allows.te new file mode 100644 index 00000000..a60a6ae3 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/vendor_hal_perf_allows.te @@ -0,0 +1,29 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +hal_client_domain(permissioncontroller_app, vendor_hal_perf); +hal_client_domain(gmscore_app, vendor_hal_perf); diff --git a/generic/prebuilts/api/32.0/private/vendor_init.te b/generic/prebuilts/api/32.0/private/vendor_init.te new file mode 100644 index 00000000..db4c1a53 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/vendor_init.te @@ -0,0 +1,32 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# QCV:vendor_init settable for vendor_exported_system_prop +set_prop(vendor_init, vendor_exported_system_prop) +# QCV:vendor_init settable for vendor_exported_odm_prop +set_prop(vendor_init, vendor_exported_odm_prop) +set_prop(vendor_init, vendor_bootreceiver_prop) diff --git a/generic/prebuilts/api/32.0/private/vendor_qconfig_app.te b/generic/prebuilts/api/32.0/private/vendor_qconfig_app.te new file mode 100644 index 00000000..f455f0e3 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/vendor_qconfig_app.te @@ -0,0 +1,35 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qconfig_app, domain; +typeattribute vendor_qconfig_app coredomain; + +app_domain(vendor_qconfig_app) +binder_use(vendor_qconfig_app) + +allow vendor_qconfig_app app_api_service:service_manager find; +hal_client_domain(vendor_qconfig_app, vendor_hal_qconfig) diff --git a/generic/prebuilts/api/32.0/private/vendor_wlc_app.te b/generic/prebuilts/api/32.0/private/vendor_wlc_app.te new file mode 100644 index 00000000..ef4582d0 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/vendor_wlc_app.te @@ -0,0 +1,39 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_wlc_app, domain; +typeattribute vendor_wlc_app coredomain; +app_domain(vendor_wlc_app) + +allow vendor_wlc_app { +app_api_service +}:service_manager find; +hal_client_domain(vendor_wlc_app, vendor_hal_perf) + +set_prop(vendor_wlc_app, vendor_wlc_prop); +get_prop(vendor_wlc_app, build_bootimage_prop); +get_prop(vendor_wlc_app, vendor_wlc_public_prop); diff --git a/generic/prebuilts/api/32.0/private/voiceui_app.te b/generic/prebuilts/api/32.0/private/voiceui_app.te new file mode 100644 index 00000000..9ae05a28 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/voiceui_app.te @@ -0,0 +1,44 @@ +# Copyright (c) 2021 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_voiceui_app, domain, coredomain; +typeattribute vendor_voiceui_app hal_audio_client; +app_domain(vendor_voiceui_app) +binder_use(vendor_voiceui_app) +hal_client_domain(vendor_voiceui_app, vendor_hal_perf); + +# allow access to app_api_service +allow vendor_voiceui_app { app_api_service }:service_manager find; + +# allow access media extractor service to vendor_voiceui_app +allow vendor_voiceui_app { mediaextractor_service }:service_manager find; + +# allow access soundtrigger service and mediaserver service to vendor_voiceui_app +allow vendor_voiceui_app { mediametrics_service mediaserver_service soundtrigger_middleware_service }:service_manager find; + +# allow access audiosever service to vendor_voiceui_app +allow vendor_voiceui_app audioserver_service:service_manager find; diff --git a/generic/prebuilts/api/32.0/private/vpsservice.te b/generic/prebuilts/api/32.0/private/vpsservice.te new file mode 100755 index 00000000..22fd6354 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/vpsservice.te @@ -0,0 +1,45 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute vendor_vpsservice coredomain; +type vendor_vpsservice_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(vendor_vpsservice) + +add_service(vendor_vpsservice, vendor_vps_service) +binder_use(vendor_vpsservice); +binder_call(vendor_vpsservice, system_server); +binder_service(vendor_vpsservice); + +hal_client_domain(vendor_vpsservice, hal_graphics_composer) +hal_client_domain(vendor_vpsservice, hal_graphics_allocator) +allow vendor_vpsservice surfaceflinger:binder call; +allow vendor_vpsservice surfaceflinger:fd use; +allow vendor_vpsservice ion_device:chr_file { open read }; +allow vendor_vpsservice media_rw_data_file:dir create_dir_perms; +allow vendor_vpsservice media_rw_data_file:file create_file_perms; +allow vendor_vpsservice gpu_device:chr_file rw_file_perms; diff --git a/generic/prebuilts/api/32.0/private/wfd_app.te b/generic/prebuilts/api/32.0/private/wfd_app.te new file mode 100644 index 00000000..412b9540 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/wfd_app.te @@ -0,0 +1,59 @@ +# Copyright (c) 2020 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute vendor_wfd_app coredomain; + +app_domain(vendor_wfd_app) + +net_domain(vendor_wfd_app) + +set_prop(vendor_wfd_app, vendor_wfd_service_prop); +userdebug_or_eng(` + get_prop(vendor_wfd_app, vendor_wfd_sys_debug_prop); +#Access to MM-OSAL debug prop for parser debugging on WFD sink + get_prop(vendor_wfd_app, vendor_mm_osal_prop); +#Allow access to logmask file in /data/ + allow vendor_wfd_app system_data_file:file r_file_perms; +') +binder_call(vendor_wfd_app, vendor_wfdservice) + +# allow access to read video SKU property for WFD sink +get_prop(vendor_wfd_app, vendor_sys_video_prop) + +allow vendor_wfd_app { + vendor_wfdservice_service + audioserver_service + mediaserver_service + mediadrmserver_service + app_api_service + vendor_perf_service + mediametrics_service +}:service_manager find; + +# Access to /data/media for debug dump +allow vendor_wfd_app media_rw_data_file:dir create_dir_perms; +allow vendor_wfd_app media_rw_data_file:file create_file_perms; diff --git a/generic/prebuilts/api/32.0/private/wfdservice.te b/generic/prebuilts/api/32.0/private/wfdservice.te new file mode 100644 index 00000000..76fe9abc --- /dev/null +++ b/generic/prebuilts/api/32.0/private/wfdservice.te @@ -0,0 +1,74 @@ +# Copyright (c) 2017, 2019-2020 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute vendor_wfdservice coredomain; +type vendor_wfdservice_exec, system_file_type , exec_type, file_type; + +#Allow for transition from init domain to vendor_wfdservice +init_daemon_domain(vendor_wfdservice) + +#Inherit base socket permissions from netd domain +net_domain(vendor_wfdservice) + +#Allow vendor_wfdservice to use Binder IPC +binder_use(vendor_wfdservice) + +#Allow for interaction with Display HAL +binder_call(vendor_wfdservice, surfaceflinger) + +#Allow apps to interact with vendor_wfdservice +binder_call(vendor_wfdservice, vendor_wfd_app) + +#Allow access to Audio Flinger APIs +binder_call(vendor_wfdservice, audioserver) + +#Allow access to Permission Controller in System Server +binder_call(vendor_wfdservice, system_server) + +#Allow vendor_wfdservice to be registered with service manager +add_service(vendor_wfdservice, vendor_wfdservice_service) + +#Allow access to read mmosal_logmask file in /data partition +userdebug_or_eng(` + allow vendor_wfdservice system_data_file:file r_file_perms; +') + +# Allow access to mediaserver, surfaceflinger and permissionmanager for interaction of vendor_wfdservice +allow vendor_wfdservice {audioserver_service permission_service surfaceflinger_service}: service_manager find; + +hal_client_domain(vendor_wfdservice, hal_graphics_allocator); + +hal_client_domain(vendor_wfdservice, hal_graphics_composer); + +#Allow ion device access +allow vendor_wfdservice ion_device:chr_file r_file_perms; + +#Allow source to access video UBWC property(for display config) +get_prop(vendor_wfdservice, vendor_sys_video_prop) + +#Allow the interaction with vendor_sigmahal_qti +binder_call(vendor_wfdservice,vendor_sigmahal_qti); diff --git a/generic/prebuilts/api/32.0/private/wificond.te b/generic/prebuilts/api/32.0/private/wificond.te new file mode 100644 index 00000000..63e7c03d --- /dev/null +++ b/generic/prebuilts/api/32.0/private/wificond.te @@ -0,0 +1,29 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#allow wificond to read FST properties +get_prop(wificond, vendor_fst_prop); diff --git a/generic/prebuilts/api/32.0/private/xrcb_app.te b/generic/prebuilts/api/32.0/private/xrcb_app.te new file mode 100644 index 00000000..1fbadc83 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/xrcb_app.te @@ -0,0 +1,38 @@ +# Copyright (c) 2021 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_xrcb_app,domain; +typeattribute vendor_xrcb_app coredomain; +typeattribute vendor_xrcb_app vendor_hal_qvrservice_qti_socket_client; +typeattribute vendor_xrcb_app vendor_hal_sxrservice_qti_socket_client; +app_domain(vendor_xrcb_app); + +hal_client_domain(vendor_xrcb_app, vendor_hal_qvrservice_qti); +hal_client_domain(vendor_xrcb_app, vendor_hal_sxrservice_qti); +hal_client_domain(vendor_xrcb_app, vendor_hal_perf); +allow vendor_xrcb_app app_api_service:service_manager find; +get_prop(vendor_xrcb_app, vendor_xrcb_prop); diff --git a/generic/prebuilts/api/32.0/private/zygote.te b/generic/prebuilts/api/32.0/private/zygote.te new file mode 100644 index 00000000..19129997 --- /dev/null +++ b/generic/prebuilts/api/32.0/private/zygote.te @@ -0,0 +1,31 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +unix_socket_send(zygote, vendor_seempdw, vendor_seempd) + +get_prop(zygote, vendor_persist_dpm_prop) +get_prop(zygote, vendor_sys_video_prop) diff --git a/generic/prebuilts/api/32.0/public/attributes b/generic/prebuilts/api/32.0/public/attributes new file mode 100644 index 00000000..50639992 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/attributes @@ -0,0 +1,285 @@ +# Copyright (c) 2016-2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +attribute vendor_hal_hbtp; +attribute vendor_hal_hbtp_client; +attribute vendor_hal_hbtp_server; + +attribute vendor_hal_qdutils_disp; +attribute vendor_hal_qdutils_disp_client; +attribute vendor_hal_qdutils_disp_server; + +attribute vendor_hal_trustedui; +attribute vendor_hal_trustedui_client; +attribute vendor_hal_trustedui_server; + +attribute vendor_hal_tui_comm; +attribute vendor_hal_tui_comm_client; +attribute vendor_hal_tui_comm_server; + +attribute vendor_hal_display_color; +attribute vendor_hal_display_color_client; +attribute vendor_hal_display_color_server; + +attribute vendor_hal_display_postproc; +attribute vendor_hal_display_postproc_client; +attribute vendor_hal_display_postproc_server; + +attribute vendor_hal_display_demura; +attribute vendor_hal_display_demura_client; +attribute vendor_hal_display_demura_server; + +# All types in /mnt/vendor/persist +attribute vendor_persist_type; + +attribute vendor_hal_capabilityconfigstore_qti; +attribute vendor_hal_capabilityconfigstore_qti_client; +attribute vendor_hal_capabilityconfigstore_qti_server; + +attribute vendor_hal_dataconnection_qti; +attribute vendor_hal_dataconnection_qti_client; +attribute vendor_hal_dataconnection_qti_server; + +attribute vendor_hal_embmssl; +attribute vendor_hal_embmssl_client; +attribute vendor_hal_embmssl_server; + +attribute vendor_hal_dspmanager; +attribute vendor_hal_dspmanager_client; +attribute vendor_hal_dspmanager_server; + +attribute vendor_hal_diaghal; +attribute vendor_hal_diaghal_client; +attribute vendor_hal_diaghal_server; + +attribute vendor_hal_perf; +attribute vendor_hal_perf_client; +attribute vendor_hal_perf_server; + +attribute vendor_sigmahal; +attribute vendor_sigmahal_server; +attribute vendor_sigmahal_client; + +attribute vendor_qccsyshal; +attribute vendor_qccsyshal_server; +attribute vendor_qccsyshal_client; + +attribute vendor_hal_spu; +attribute vendor_hal_spu_client; +attribute vendor_hal_spu_server; + +attribute vendor_hal_qspmhal; +attribute vendor_hal_qspmhal_client; +attribute vendor_hal_qspmhal_server; + +#attributes for qesdhal +attribute vendor_hal_qesdhal; +attribute vendor_hal_qesdhal_client; +attribute vendor_hal_qesdhal_server; + +attribute vendor_hal_btconfigstore; +attribute vendor_hal_btconfigstore_client; +attribute vendor_hal_btconfigstore_server; + +attribute vendor_hal_fm; +attribute vendor_hal_fm_client; +attribute vendor_hal_fm_server; + +attribute vendor_hal_qteeconnector; +attribute vendor_hal_qteeconnector_client; +attribute vendor_hal_qteeconnector_server; + +attribute vendor_hal_eid; +attribute vendor_hal_eid_client; +attribute vendor_hal_eid_server; + +attribute vendor_hal_alarm_qti; +attribute vendor_hal_alarm_qti_client; +attribute vendor_hal_alarm_qti_server; + +attribute vendor_hal_iop; +attribute vendor_hal_iop_client; +attribute vendor_hal_iop_server; + +attribute vendor_hal_soter; +attribute vendor_hal_soter_client; +attribute vendor_hal_soter_server; + +attribute vendor_hal_sensorscalibrate_qti; +attribute vendor_hal_sensorscalibrate_qti_client; +attribute vendor_hal_sensorscalibrate_qti_server; + +attribute vendor_hal_scve; +attribute vendor_hal_scve_client; +attribute vendor_hal_scve_server; + +attribute vendor_hal_pasrmanager; +attribute vendor_hal_pasrmanager_client; +attribute vendor_hal_pasrmanager_server; + +attribute vendor_hal_qseecom; +attribute vendor_hal_qseecom_client; +attribute vendor_hal_qseecom_server; + +attribute vendor_hal_secureprocessor; +attribute vendor_hal_secureprocessor_client; +attribute vendor_hal_secureprocessor_server; + +attribute vendor_hal_seccam; +attribute vendor_hal_seccam_client; +attribute vendor_hal_seccam_server; + +attribute vendor_wifidisplayhalservice; +attribute vendor_wifidisplayhalservice_client; +attribute vendor_wifidisplayhalservice_server; + +attribute vendor_hal_vpp; +attribute vendor_hal_vpp_client; +attribute vendor_hal_vpp_server; + +attribute vendor_hal_qconfig; +attribute vendor_hal_qconfig_client; +attribute vendor_hal_qconfig_server; + +attribute vendor_hal_esepowermanager; +attribute vendor_hal_esepowermanager_client; +attribute vendor_hal_esepowermanager_server; + +attribute vendor_hal_factory_qti; +attribute vendor_hal_factory_qti_client; +attribute vendor_hal_factory_qti_server; + +attribute vendor_hal_cvp; +attribute vendor_hal_cvp_client; +attribute vendor_hal_cvp_server; + +attribute vendor_hal_wigig; +attribute vendor_hal_wigig_client; +attribute vendor_hal_wigig_server; + +attribute vendor_hal_wigig_npt; +attribute vendor_hal_wigig_npt_client; +attribute vendor_hal_wigig_npt_server; + +attribute vendor_hal_fstman; +attribute vendor_hal_fstman_client; +attribute vendor_hal_fstman_server; + +attribute vendor_hal_wifilearner; +attribute vendor_hal_wifilearner_client; +attribute vendor_hal_wifilearner_server; + +attribute vendor_hal_srvctracker; +attribute vendor_hal_srvctracker_client; +attribute vendor_hal_srvctracker_server; + +attribute vendor_spunvm_file_type; + +attribute vendor_hal_bluetooth_dun; +attribute vendor_hal_bluetooth_dun_client; +attribute vendor_hal_bluetooth_dun_server; + +attribute vendor_hal_qccvndhal; +attribute vendor_hal_qccvndhal_client; +attribute vendor_hal_qccvndhal_server; + +attribute vendor_qtiloopback; +attribute vendor_qtiloopback_server; +attribute vendor_qtiloopback_client; + +attribute vendor_hal_debugutils; +attribute vendor_hal_debugutils_client; +attribute vendor_hal_debugutils_server; + +attribute vendor_hal_wifimyftm; +attribute vendor_hal_wifimyftm_client; +attribute vendor_hal_wifimyftm_server; + +attribute vendor_hal_mem_pasrmanager; +attribute vendor_hal_mem_pasrmanager_client; +attribute vendor_hal_mem_pasrmanager_server; + +attribute vendor_agmservice; +attribute vendor_agmservice_client; +attribute vendor_agmservice_server; + +attribute vendor_hal_limits; +attribute vendor_hal_limits_client; +attribute vendor_hal_limits_server; + +attribute vendor_hal_poweroptservice; +attribute vendor_hal_poweroptservice_client; +attribute vendor_hal_poweroptservice_server; + +attribute vendor_hal_dpmapiservice_qti; +attribute vendor_hal_dpmapiservice_qti_client; +attribute vendor_hal_dpmapiservice_qti_server; + +attribute vendor_hal_dpmqmiservice_qti; +attribute vendor_hal_dpmqmiservice_qti_client; +attribute vendor_hal_dpmqmiservice_qti_server; + +attribute vendor_hal_imsfactory; +attribute vendor_hal_imsfactory_client; +attribute vendor_hal_imsfactory_server; + +attribute vendor_hal_mstatservice_qti; +attribute vendor_hal_mstatservice_qti_client; +attribute vendor_hal_mstatservice_qti_server; + +attribute vendor_hal_datafactory_qti; +attribute vendor_hal_datafactory_qti_client; +attribute vendor_hal_datafactory_qti_server; + +attribute vendor_hal_cacertservice_qti; +attribute vendor_hal_cacertservice_qti_client; +attribute vendor_hal_cacertservice_qti_server; + +attribute vendor_hal_iwlanservice_qti; +attribute vendor_hal_iwlanservice_qti_client; +attribute vendor_hal_iwlanservice_qti_server; + +attribute vendor_hal_qvrservice_qti; +attribute vendor_hal_qvrservice_qti_client; +attribute vendor_hal_qvrservice_qti_server; +attribute vendor_hal_qvrservice_qti_socket_client; +attribute vendor_hal_qvrservice_qti_socket_fd_use_client; + +attribute hal_wificfr; +attribute hal_wificfr_client; +attribute hal_wificfr_server; + +attribute vendor_hal_sxrservice_qti; +attribute vendor_hal_sxrservice_qti_client; +attribute vendor_hal_sxrservice_qti_server; +attribute vendor_hal_sxrservice_qti_socket_client; +attribute vendor_hal_sxrservice_qti_socket_fd_use_client; +attribute vendor_sys_sxrauxservice_qti_socket_client; + +attribute vendor_hal_mwqemadapter_qti; +attribute vendor_hal_mwqemadapter_qti_client; +attribute vendor_hal_mwqemadapter_qti_server; diff --git a/generic/prebuilts/api/32.0/public/dataservice_app.te b/generic/prebuilts/api/32.0/public/dataservice_app.te new file mode 100644 index 00000000..035041cc --- /dev/null +++ b/generic/prebuilts/api/32.0/public/dataservice_app.te @@ -0,0 +1,27 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +type vendor_dataservice_app, domain; diff --git a/generic/prebuilts/api/32.0/public/device.te b/generic/prebuilts/api/32.0/public/device.te new file mode 100644 index 00000000..91309f5e --- /dev/null +++ b/generic/prebuilts/api/32.0/public/device.te @@ -0,0 +1,28 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_smcinvoke_device, dev_type; diff --git a/generic/prebuilts/api/32.0/public/domain.te b/generic/prebuilts/api/32.0/public/domain.te new file mode 100644 index 00000000..eaf422f3 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/domain.te @@ -0,0 +1,28 @@ +# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qtelephony, domain; diff --git a/generic/prebuilts/api/32.0/public/dpmd.te b/generic/prebuilts/api/32.0/public/dpmd.te new file mode 100644 index 00000000..4fb3cc31 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/dpmd.te @@ -0,0 +1,28 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_dpmd,domain; diff --git a/generic/prebuilts/api/32.0/public/dun-server.te b/generic/prebuilts/api/32.0/public/dun-server.te new file mode 100644 index 00000000..0a2ece2e --- /dev/null +++ b/generic/prebuilts/api/32.0/public/dun-server.te @@ -0,0 +1,28 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_dun-server, domain; diff --git a/generic/prebuilts/api/32.0/public/file.te b/generic/prebuilts/api/32.0/public/file.te new file mode 100644 index 00000000..54d6ca9d --- /dev/null +++ b/generic/prebuilts/api/32.0/public/file.te @@ -0,0 +1,31 @@ +# Copyright (c) 2015, 2017-2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +type vendor_elabel_data_file, file_type, data_file_type, core_data_file_type; + +type vendor_dpmtcm_socket, file_type, coredomain_socket, mlstrustedobject; +type vendor_seempdw_socket, file_type, mlstrustedobject, coredomain_socket; +type vendor_qesdk_service, service_manager_type; diff --git a/generic/prebuilts/api/32.0/public/fm_app.te b/generic/prebuilts/api/32.0/public/fm_app.te new file mode 100644 index 00000000..9e8f7fc8 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/fm_app.te @@ -0,0 +1,28 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_fm_app, domain; diff --git a/generic/prebuilts/api/32.0/public/hwservice.te b/generic/prebuilts/api/32.0/public/hwservice.te new file mode 100644 index 00000000..039a9ca6 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/hwservice.te @@ -0,0 +1,29 @@ +# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +type vendor_hal_atfwd_hwservice, coredomain_hwservice, hwservice_manager_type, protected_hwservice; +type vendor_sigmahal_hwservice, hwservice_manager_type, protected_hwservice; +type vendor_qccsyshal_hwservice, hwservice_manager_type, protected_hwservice, coredomain_hwservice; diff --git a/generic/prebuilts/api/32.0/public/location_app.te b/generic/prebuilts/api/32.0/public/location_app.te new file mode 100644 index 00000000..b9beb7fa --- /dev/null +++ b/generic/prebuilts/api/32.0/public/location_app.te @@ -0,0 +1,31 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# generic/vendor_location_app.te - sepolicy rules for qti value added location apps +# that will be part of system image. Eg: XT app. + +type vendor_location_app, domain, coredomain; diff --git a/generic/prebuilts/api/32.0/public/mmi_sys.te b/generic/prebuilts/api/32.0/public/mmi_sys.te new file mode 100755 index 00000000..8debec78 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/mmi_sys.te @@ -0,0 +1,28 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. + +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_mmi_sys, domain; \ No newline at end of file diff --git a/generic/prebuilts/api/32.0/public/perfservice.te b/generic/prebuilts/api/32.0/public/perfservice.te new file mode 100644 index 00000000..ccab271f --- /dev/null +++ b/generic/prebuilts/api/32.0/public/perfservice.te @@ -0,0 +1,28 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_perfservice, domain, coredomain; diff --git a/generic/prebuilts/api/32.0/public/property.te b/generic/prebuilts/api/32.0/public/property.te new file mode 100644 index 00000000..a9d83559 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/property.te @@ -0,0 +1,38 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +system_public_prop(vendor_persist_dpm_prop) +system_public_prop(vendor_persist_tcm_prop) +system_restricted_prop(vendor_persist_camera_prop) +# this is vendor defined property and added with prefix vendor +# which is going to be working from system +system_restricted_prop(vendor_bt_prop) +system_public_prop(vendor_mm_parser_prop) +system_public_prop(vendor_sys_video_prop) +system_restricted_prop(vendor_wlc_prop) +system_public_prop(vendor_wlc_public_prop) +system_public_prop(vendor_persist_rcs_prop) diff --git a/generic/prebuilts/api/32.0/public/qcc_app.te b/generic/prebuilts/api/32.0/public/qcc_app.te new file mode 100644 index 00000000..ea7105bc --- /dev/null +++ b/generic/prebuilts/api/32.0/public/qcc_app.te @@ -0,0 +1,28 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qcc_app, domain, coredomain; diff --git a/generic/prebuilts/api/32.0/public/qcc_authmgr_app.te b/generic/prebuilts/api/32.0/public/qcc_authmgr_app.te new file mode 100644 index 00000000..fe8e6ba3 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/qcc_authmgr_app.te @@ -0,0 +1,28 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qcc_authmgr_app, domain; diff --git a/generic/prebuilts/api/32.0/public/qcc_lmtp_app.te b/generic/prebuilts/api/32.0/public/qcc_lmtp_app.te new file mode 100644 index 00000000..b12bc0cd --- /dev/null +++ b/generic/prebuilts/api/32.0/public/qcc_lmtp_app.te @@ -0,0 +1,28 @@ +# Copyright (c) 2017-2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qcc_lmtp_app, domain, coredomain; diff --git a/generic/prebuilts/api/32.0/public/qcc_netstat_app.te b/generic/prebuilts/api/32.0/public/qcc_netstat_app.te new file mode 100644 index 00000000..c062a5e4 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/qcc_netstat_app.te @@ -0,0 +1,28 @@ +# Copyright (c) 2021, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qcc_netstat_app, domain; diff --git a/generic/prebuilts/api/32.0/public/qcc_trd.te b/generic/prebuilts/api/32.0/public/qcc_trd.te new file mode 100644 index 00000000..d0169aa7 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/qcc_trd.te @@ -0,0 +1,28 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qcc_trd, domain; diff --git a/generic/prebuilts/api/32.0/public/qcc_utils_app.te b/generic/prebuilts/api/32.0/public/qcc_utils_app.te new file mode 100644 index 00000000..b437ff05 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/qcc_utils_app.te @@ -0,0 +1,28 @@ +# Copyright (c) 2017-2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qcc_utils_app, domain, coredomain; diff --git a/generic/prebuilts/api/32.0/public/qspmsvc.te b/generic/prebuilts/api/32.0/public/qspmsvc.te new file mode 100644 index 00000000..60db0f8e --- /dev/null +++ b/generic/prebuilts/api/32.0/public/qspmsvc.te @@ -0,0 +1,28 @@ +# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qspmsvc, domain; diff --git a/generic/prebuilts/api/32.0/public/qvirtmgr.te b/generic/prebuilts/api/32.0/public/qvirtmgr.te new file mode 100644 index 00000000..26a130eb --- /dev/null +++ b/generic/prebuilts/api/32.0/public/qvirtmgr.te @@ -0,0 +1,28 @@ +# Copyright (c) 2021 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qvirtmgr, domain; diff --git a/generic/prebuilts/api/32.0/public/qvrd.te b/generic/prebuilts/api/32.0/public/qvrd.te new file mode 100644 index 00000000..8dfefb0c --- /dev/null +++ b/generic/prebuilts/api/32.0/public/qvrd.te @@ -0,0 +1,28 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_qvrd, domain; diff --git a/generic/prebuilts/api/32.0/public/seempd.te b/generic/prebuilts/api/32.0/public/seempd.te new file mode 100644 index 00000000..17d89883 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/seempd.te @@ -0,0 +1,28 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_seempd, domain; diff --git a/generic/prebuilts/api/32.0/public/service.te b/generic/prebuilts/api/32.0/public/service.te new file mode 100644 index 00000000..b4df9f70 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/service.te @@ -0,0 +1,29 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +type vendor_usta_app_service, app_api_service, system_api_service, service_manager_type; +type vendor_hal_displayconfig_service, vendor_service, protected_service, service_manager_type; +type vendor_hal_telephony_service, vendor_service, protected_service, service_manager_type; diff --git a/generic/prebuilts/api/32.0/public/vpsservice.te b/generic/prebuilts/api/32.0/public/vpsservice.te new file mode 100755 index 00000000..0b74d8de --- /dev/null +++ b/generic/prebuilts/api/32.0/public/vpsservice.te @@ -0,0 +1,28 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_vpsservice, domain, coredomain; diff --git a/generic/prebuilts/api/32.0/public/wfd_app.te b/generic/prebuilts/api/32.0/public/wfd_app.te new file mode 100644 index 00000000..1ed7e741 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/wfd_app.te @@ -0,0 +1,28 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_wfd_app, domain; diff --git a/generic/prebuilts/api/32.0/public/wfdservice.te b/generic/prebuilts/api/32.0/public/wfdservice.te new file mode 100644 index 00000000..a5975056 --- /dev/null +++ b/generic/prebuilts/api/32.0/public/wfdservice.te @@ -0,0 +1,28 @@ +# Copyright (c) 2017, 2019 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_wfdservice, domain; diff --git a/generic/prebuilts/api/32.0/system_ext_pub_versioned.cil b/generic/prebuilts/api/32.0/system_ext_pub_versioned.cil new file mode 100644 index 00000000..cc591c79 --- /dev/null +++ b/generic/prebuilts/api/32.0/system_ext_pub_versioned.cil @@ -0,0 +1,82 @@ +(type vendor_smcinvoke_device) +(type vendor_qtelephony) +(type vendor_dpmd) +(type vendor_dun-server) +(type vendor_elabel_data_file) +(type vendor_dpmtcm_socket) +(type vendor_seempdw_socket) +(type vendor_fm_app) +(type vendor_hal_atfwd_hwservice) +(type vendor_sigmahal_hwservice) +(type vendor_qccsyshal_hwservice) +(type vendor_location_app) +(type vendor_mmi_sys) +(type vendor_perfservice) +(type vendor_persist_dpm_prop) +(type vendor_persist_camera_prop) +(type vendor_bt_prop) +(type vendor_sys_video_prop) +(type vendor_wlc_prop) +(type vendor_qcc_app) +(type vendor_qcc_trd) +(type vendor_qcc_utils_app) +(type vendor_qspmsvc) +(type qti-testscripts) +(type vendor_qvrd) +(type vendor_seempd) +(type vendor_usta_app_service) +(type vendor_vpsservice) +(type vendor_wfd_app) +(type vendor_wfdservice) +(type vendor_sigmahal_qti) +(type vendor_dataservice_app) +(type vendor_qesdk_service) +(type vendor_qcc_authmgr_app) +(type vendor_qcc_lmtp_app) +(type vendor_qcc_netstat_app) +(type vendor_qvirtmgr) +(type vendor_hal_displayconfig_service) +(type vendor_hal_telephony_service) +(type vendor_persist_tcm_prop) +(type vendor_persist_rcs_prop) +(typeattribute vendor_smcinvoke_device_32_0) +(typeattribute vendor_qtelephony_32_0) +(typeattribute vendor_dpmd_32_0) +(typeattribute vendor_dun-server_32_0) +(typeattribute vendor_elabel_data_file_32_0) +(typeattribute vendor_dpmtcm_socket_32_0) +(typeattribute vendor_seempdw_socket_32_0) +(typeattribute vendor_fm_app_32_0) +(typeattribute vendor_hal_atfwd_hwservice_32_0) +(typeattribute vendor_sigmahal_hwservice_32_0) +(typeattribute vendor_qccsyshal_hwservice_32_0) +(typeattribute vendor_location_app_32_0) +(typeattribute vendor_mmi_sys_32_0) +(typeattribute vendor_perfservice_32_0) +(typeattribute vendor_persist_dpm_prop_32_0) +(typeattribute vendor_persist_camera_prop_32_0) +(typeattribute vendor_bt_prop_32_0) +(typeattribute vendor_sys_video_prop_32_0) +(typeattribute vendor_wlc_prop_32_0) +(typeattribute vendor_qcc_app_32_0) +(typeattribute vendor_qcc_trd_32_0) +(typeattribute vendor_qcc_utils_app_32_0) +(typeattribute vendor_qspmsvc_32_0) +(typeattribute qti-testscripts_32_0) +(typeattribute vendor_qvrd_32_0) +(typeattribute vendor_seempd_32_0) +(typeattribute vendor_usta_app_service_32_0) +(typeattribute vendor_vpsservice_32_0) +(typeattribute vendor_wfd_app_32_0) +(typeattribute vendor_wfdservice_32_0) +(typeattribute vendor_sigmahal_qti_32_0) +(typeattribute vendor_dataservice_app_32_0) +(typeattribute vendor_qesdk_service_32_0) +(typeattribute vendor_qcc_authmgr_app_32_0) +(typeattribute vendor_qcc_lmtp_app_32_0) +(typeattribute vendor_qcc_netstat_app_32_0) +(typeattribute vendor_qvirtmgr_32_0) +(typeattribute vendor_hal_displayconfig_service_32_0) +(typeattribute vendor_hal_telephony_service_32_0) +(typeattribute vendor_persist_tcm_prop_32_0) +(typeattribute vendor_persist_rcs_prop_30_0) diff --git a/generic/prebuilts/api/32.0/vendor_sepolicy.cil b/generic/prebuilts/api/32.0/vendor_sepolicy.cil new file mode 100644 index 00000000..4a3aac3a --- /dev/null +++ b/generic/prebuilts/api/32.0/vendor_sepolicy.cil @@ -0,0 +1 @@ +;; empty stub diff --git a/generic/private/compat/32.0/32.0.cil b/generic/private/compat/32.0/32.0.cil new file mode 100644 index 00000000..6d4a63b3 --- /dev/null +++ b/generic/private/compat/32.0/32.0.cil @@ -0,0 +1,130 @@ + +(expandtypeattribute (vendor_bt_prop_32_0) true) +(expandtypeattribute (vendor_dataservice_app_32_0) true) +(expandtypeattribute (vendor_dpmd_32_0) true) +(expandtypeattribute (vendor_dpmtcm_socket_32_0) true) +(expandtypeattribute (vendor_dun-server_32_0) true) +(expandtypeattribute (vendor_elabel_data_file_32_0) true) +(expandtypeattribute (vendor_fm_app_32_0) true) +(expandtypeattribute (vendor_hal_atfwd_hwservice_32_0) true) +(expandtypeattribute (vendor_hal_displayconfig_service_32_0) true) +(expandtypeattribute (vendor_hal_telephony_service_32_0) true) +(expandtypeattribute (vendor_location_app_32_0) true) +(expandtypeattribute (vendor_mm_parser_prop_32_0) true) +(expandtypeattribute (vendor_mmi_sys_32_0) true) +(expandtypeattribute (vendor_perfservice_32_0) true) +(expandtypeattribute (vendor_persist_camera_prop_32_0) true) +(expandtypeattribute (vendor_persist_dpm_prop_32_0) true) +(expandtypeattribute (vendor_persist_rcs_prop_32_0) true) +(expandtypeattribute (vendor_persist_tcm_prop_32_0) true) +(expandtypeattribute (vendor_qcc_app_32_0) true) +(expandtypeattribute (vendor_qcc_authmgr_app_32_0) true) +(expandtypeattribute (vendor_qcc_authmgr_app_32_0) true) +(expandtypeattribute (vendor_qcc_lmtp_app_32_0) true) +(expandtypeattribute (vendor_qcc_netstat_app_32_0) true) +(expandtypeattribute (vendor_qcc_netstat_app_32_0) true) +(expandtypeattribute (vendor_qcc_trd_32_0) true) +(expandtypeattribute (vendor_qcc_utils_app_32_0) true) +(expandtypeattribute (vendor_qccsyshal_hwservice_32_0) true) +(expandtypeattribute (vendor_qesdk_service_32_0) true) +(expandtypeattribute (vendor_qspmsvc_32_0) true) +(expandtypeattribute (vendor_qtelephony_32_0) true) +(expandtypeattribute (vendor_qvirtmgr_32_0) true) +(expandtypeattribute (vendor_qvrd_32_0) true) +(expandtypeattribute (vendor_seempd_32_0) true) +(expandtypeattribute (vendor_seempdw_socket_32_0) true) +(expandtypeattribute (vendor_sigmahal_hwservice_32_0) true) +(expandtypeattribute (vendor_smcinvoke_device_32_0) true) +(expandtypeattribute (vendor_sys_video_prop_32_0) true) +(expandtypeattribute (vendor_usta_app_service_32_0) true) +(expandtypeattribute (vendor_vpsservice_32_0) true) +(expandtypeattribute (vendor_wfd_app_32_0) true) +(expandtypeattribute (vendor_wfdservice_32_0) true) +(expandtypeattribute (vendor_wlc_prop_32_0) true) +(expandtypeattribute (vendor_wlc_public_prop_32_0) true) +(typeattribute vendor_bt_prop_32_0) +(typeattribute vendor_dataservice_app_32_0) +(typeattribute vendor_dpmd_32_0) +(typeattribute vendor_dpmtcm_socket_32_0) +(typeattribute vendor_dun-server_32_0) +(typeattribute vendor_elabel_data_file_32_0) +(typeattribute vendor_fm_app_32_0) +(typeattribute vendor_hal_atfwd_hwservice_32_0) +(typeattribute vendor_hal_displayconfig_service_32_0) +(typeattribute vendor_hal_telephony_service_32_0) +(typeattribute vendor_location_app_32_0) +(typeattribute vendor_mm_parser_prop_32_0) +(typeattribute vendor_mmi_sys_32_0) +(typeattribute vendor_perfservice_32_0) +(typeattribute vendor_persist_camera_prop_32_0) +(typeattribute vendor_persist_dpm_prop_32_0) +(typeattribute vendor_persist_rcs_prop_32_0) +(typeattribute vendor_persist_tcm_prop_32_0) +(typeattribute vendor_qcc_app_32_0) +(typeattribute vendor_qcc_authmgr_app_32_0) +(typeattribute vendor_qcc_authmgr_app_32_0) +(typeattribute vendor_qcc_lmtp_app_32_0) +(typeattribute vendor_qcc_netstat_app_32_0) +(typeattribute vendor_qcc_netstat_app_32_0) +(typeattribute vendor_qcc_trd_32_0) +(typeattribute vendor_qcc_utils_app_32_0) +(typeattribute vendor_qccsyshal_hwservice_32_0) +(typeattribute vendor_qesdk_service_32_0) +(typeattribute vendor_qspmsvc_32_0) +(typeattribute vendor_qtelephony_32_0) +(typeattribute vendor_qvirtmgr_32_0) +(typeattribute vendor_qvrd_32_0) +(typeattribute vendor_seempd_32_0) +(typeattribute vendor_seempdw_socket_32_0) +(typeattribute vendor_sigmahal_hwservice_32_0) +(typeattribute vendor_smcinvoke_device_32_0) +(typeattribute vendor_sys_video_prop_32_0) +(typeattribute vendor_usta_app_service_32_0) +(typeattribute vendor_vpsservice_32_0) +(typeattribute vendor_wfd_app_32_0) +(typeattribute vendor_wfdservice_32_0) +(typeattribute vendor_wlc_prop_32_0) +(typeattribute vendor_wlc_public_prop_32_0) +(typeattributeset vendor_bt_prop_32_0 (vendor_bt_prop)) +(typeattributeset vendor_dataservice_app_32_0 (vendor_dataservice_app)) +(typeattributeset vendor_dpmd_32_0 (vendor_dpmd)) +(typeattributeset vendor_dpmtcm_socket_32_0 (vendor_dpmtcm_socket)) +(typeattributeset vendor_dun-server_32_0 (vendor_dun-server)) +(typeattributeset vendor_elabel_data_file_32_0 (vendor_elabel_data_file)) +(typeattributeset vendor_fm_app_32_0 (vendor_fm_app)) +(typeattributeset vendor_hal_atfwd_hwservice_32_0 (vendor_hal_atfwd_hwservice)) +(typeattributeset vendor_hal_displayconfig_service_32_0 (vendor_hal_displayconfig_service)) +(typeattributeset vendor_hal_telephony_service_32_0 (vendor_hal_telephony_service)) +(typeattributeset vendor_location_app_32_0 (vendor_location_app)) +(typeattributeset vendor_mm_parser_prop_32_0 (vendor_mm_parser_prop)) +(typeattributeset vendor_mmi_sys_32_0 (vendor_mmi_sys)) +(typeattributeset vendor_perfservice_32_0 (vendor_perfservice)) +(typeattributeset vendor_persist_camera_prop_32_0 (vendor_persist_camera_prop)) +(typeattributeset vendor_persist_dpm_prop_32_0 (vendor_persist_dpm_prop)) +(typeattributeset vendor_persist_rcs_prop_32_0 (vendor_persist_rcs_prop)) +(typeattributeset vendor_persist_tcm_prop_32_0 (vendor_persist_tcm_prop)) +(typeattributeset vendor_qcc_app_32_0 (vendor_qcc_app)) +(typeattributeset vendor_qcc_authmgr_app_32_0 (vendor_qcc_authmgr_app)) +(typeattributeset vendor_qcc_authmgr_app_32_0 (vendor_qcc_authmgr_app)) +(typeattributeset vendor_qcc_lmtp_app_32_0 (vendor_qcc_lmtp_app)) +(typeattributeset vendor_qcc_netstat_app_32_0 (vendor_qcc_netstat_app)) +(typeattributeset vendor_qcc_netstat_app_32_0 (vendor_qcc_netstat_app)) +(typeattributeset vendor_qcc_trd_32_0 (vendor_qcc_trd)) +(typeattributeset vendor_qcc_utils_app_32_0 (vendor_qcc_utils_app)) +(typeattributeset vendor_qccsyshal_hwservice_32_0 (vendor_qccsyshal_hwservice)) +(typeattributeset vendor_qesdk_service_32_0 (vendor_qesdk_service)) +(typeattributeset vendor_qspmsvc_32_0 (vendor_qspmsvc)) +(typeattributeset vendor_qtelephony_32_0 (vendor_qtelephony)) +(typeattributeset vendor_qvirtmgr_32_0 (vendor_qvirtmgr)) +(typeattributeset vendor_qvrd_32_0 (vendor_qvrd)) +(typeattributeset vendor_seempd_32_0 (vendor_seempd)) +(typeattributeset vendor_seempdw_socket_32_0 (vendor_seempdw_socket)) +(typeattributeset vendor_sigmahal_hwservice_32_0 (vendor_sigmahal_hwservice)) +(typeattributeset vendor_smcinvoke_device_32_0 (vendor_smcinvoke_device)) +(typeattributeset vendor_sys_video_prop_32_0 (vendor_sys_video_prop)) +(typeattributeset vendor_usta_app_service_32_0 (vendor_usta_app_service)) +(typeattributeset vendor_vpsservice_32_0 (vendor_vpsservice)) +(typeattributeset vendor_wfd_app_32_0 (vendor_wfd_app)) +(typeattributeset vendor_wfdservice_32_0 (vendor_wfdservice)) +(typeattributeset vendor_wlc_prop_32_0 (vendor_wlc_prop)) +(typeattributeset vendor_wlc_public_prop_32_0 (vendor_wlc_public_prop)) diff --git a/generic/private/compat/32.0/32.0.compat.cil b/generic/private/compat/32.0/32.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/private/compat/32.0/32.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/private/compat/32.0/32.0.ignore.cil b/generic/private/compat/32.0/32.0.ignore.cil new file mode 100644 index 00000000..8da267f4 --- /dev/null +++ b/generic/private/compat/32.0/32.0.ignore.cil @@ -0,0 +1,7 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi test +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects)) diff --git a/generic/product/prebuilts/api/32.0/private/compat/26.0/26.0.cil b/generic/product/prebuilts/api/32.0/private/compat/26.0/26.0.cil new file mode 100644 index 00000000..e69de29b diff --git a/generic/product/prebuilts/api/32.0/private/compat/26.0/26.0.compat.cil b/generic/product/prebuilts/api/32.0/private/compat/26.0/26.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/26.0/26.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/product/prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil b/generic/product/prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil new file mode 100644 index 00000000..8b1a6fdf --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil @@ -0,0 +1,7 @@ +;;objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects)) diff --git a/generic/product/prebuilts/api/32.0/private/compat/27.0/27.0.cil b/generic/product/prebuilts/api/32.0/private/compat/27.0/27.0.cil new file mode 100644 index 00000000..e69de29b diff --git a/generic/product/prebuilts/api/32.0/private/compat/27.0/27.0.compat.cil b/generic/product/prebuilts/api/32.0/private/compat/27.0/27.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/27.0/27.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/product/prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil b/generic/product/prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil new file mode 100644 index 00000000..aa501306 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil @@ -0,0 +1,7 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects)) diff --git a/generic/product/prebuilts/api/32.0/private/compat/28.0/28.0.cil b/generic/product/prebuilts/api/32.0/private/compat/28.0/28.0.cil new file mode 100644 index 00000000..e69de29b diff --git a/generic/product/prebuilts/api/32.0/private/compat/28.0/28.0.compat.cil b/generic/product/prebuilts/api/32.0/private/compat/28.0/28.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/28.0/28.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/product/prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil b/generic/product/prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil new file mode 100644 index 00000000..aa501306 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil @@ -0,0 +1,7 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects)) diff --git a/generic/product/prebuilts/api/32.0/private/compat/29.0/29.0.cil b/generic/product/prebuilts/api/32.0/private/compat/29.0/29.0.cil new file mode 100644 index 00000000..e69de29b diff --git a/generic/product/prebuilts/api/32.0/private/compat/29.0/29.0.compat.cil b/generic/product/prebuilts/api/32.0/private/compat/29.0/29.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/29.0/29.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/product/prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil b/generic/product/prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil new file mode 100644 index 00000000..ac26de09 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil @@ -0,0 +1,7 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi test +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects)) diff --git a/generic/product/prebuilts/api/32.0/private/compat/30.0/30.0.cil b/generic/product/prebuilts/api/32.0/private/compat/30.0/30.0.cil new file mode 100755 index 00000000..13d37860 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/30.0/30.0.cil @@ -0,0 +1,8 @@ +(typeattributeset vendor_hal_systemhelper_hwservice_30_0 (vendor_hal_systemhelper_hwservice)) +(expandtypeattribute (vendor_hal_systemhelper_hwservice_30_0) true) +(typeattributeset vendor_display_notch_prop_30_0 (vendor_display_notch_prop)) +(expandtypeattribute (vendor_display_notch_prop_30_0) true) +(typeattributeset vendor_systemhelper_app_30_0 (vendor_systemhelper_app)) +(expandtypeattribute (vendor_systemhelper_app_30_0) true) +(typeattributeset vendor_sys_qti_display_30_0 (vendor_sys_qti_display)) +(expandtypeattribute (vendor_sys_qti_display_30_0) true) diff --git a/generic/product/prebuilts/api/32.0/private/compat/30.0/30.0.compat.cil b/generic/product/prebuilts/api/32.0/private/compat/30.0/30.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/30.0/30.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/product/prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil b/generic/product/prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil new file mode 100644 index 00000000..8da267f4 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil @@ -0,0 +1,7 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi test +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects)) diff --git a/generic/product/prebuilts/api/32.0/private/compat/31.0/31.0.cil b/generic/product/prebuilts/api/32.0/private/compat/31.0/31.0.cil new file mode 100644 index 00000000..4638aec7 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/31.0/31.0.cil @@ -0,0 +1,13 @@ +(typeattributeset vendor_hal_systemhelper_hwservice_31_0 (vendor_hal_systemhelper_hwservice)) +(expandtypeattribute (vendor_hal_systemhelper_hwservice_31_0) true) +(typeattribute vendor_hal_systemhelper_hwservice_31_0) +(typeattributeset vendor_display_notch_prop_31_0 (vendor_display_notch_prop)) +(expandtypeattribute (vendor_display_notch_prop_31_0) true) +(typeattribute vendor_display_notch_prop_31_0) +(typeattributeset vendor_systemhelper_app_31_0 (vendor_systemhelper_app)) +(expandtypeattribute (vendor_systemhelper_app_31_0) true) +(typeattribute vendor_systemhelper_app_31_0) +(typeattributeset vendor_sys_qti_display_31_0 (vendor_sys_qti_display)) +(expandtypeattribute (vendor_sys_qti_display_31_0) true) +(typeattribute vendor_sys_qti_display_31_0) + diff --git a/generic/product/prebuilts/api/32.0/private/compat/31.0/31.0.compat.cil b/generic/product/prebuilts/api/32.0/private/compat/31.0/31.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/31.0/31.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/product/prebuilts/api/32.0/private/compat/31.0/31.0.ignore.cil b/generic/product/prebuilts/api/32.0/private/compat/31.0/31.0.ignore.cil new file mode 100644 index 00000000..8da267f4 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/compat/31.0/31.0.ignore.cil @@ -0,0 +1,7 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi test +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects)) diff --git a/generic/product/prebuilts/api/32.0/private/file.te b/generic/product/prebuilts/api/32.0/private/file.te new file mode 100644 index 00000000..adbd6a9c --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/file.te @@ -0,0 +1,26 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/generic/product/prebuilts/api/32.0/private/file_contexts b/generic/product/prebuilts/api/32.0/private/file_contexts new file mode 100644 index 00000000..5d9e366f --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/file_contexts @@ -0,0 +1,29 @@ +# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +/(product|system/product)/bin/init\.qti\.display\.sh u:object_r:vendor_sys_qti_display_exec:s0 +/(product|system|system_ext)/bin/qvirtmgr u:object_r:vendor_qvirtmgr_exec:s0 +/(product|system|system_ext)/bin/qcrosvm u:object_r:vendor_qcrosvm_exec:s0 diff --git a/generic/product/prebuilts/api/32.0/private/hwservice_contexts b/generic/product/prebuilts/api/32.0/private/hwservice_contexts new file mode 100644 index 00000000..9a6ccd81 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/hwservice_contexts @@ -0,0 +1,29 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +vendor.qti.hardware.systemhelper::ISystemResource u:object_r:vendor_hal_systemhelper_hwservice:s0 +vendor.qti.hardware.systemhelper::ISystemEvent u:object_r:vendor_hal_systemhelper_hwservice:s0 diff --git a/generic/product/prebuilts/api/32.0/private/property.te b/generic/product/prebuilts/api/32.0/private/property.te new file mode 100644 index 00000000..d638b3cd --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/property.te @@ -0,0 +1,27 @@ +# Copyright (c) 2019 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + diff --git a/generic/product/prebuilts/api/32.0/private/property_contexts b/generic/product/prebuilts/api/32.0/private/property_contexts new file mode 100644 index 00000000..c6fd95e8 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/property_contexts @@ -0,0 +1,27 @@ +# Copyright (c) 2019-2020 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +vendor.display.disable_rounded_corner u:object_r:vendor_display_notch_prop:s0 diff --git a/generic/product/prebuilts/api/32.0/private/qcrosvm.te b/generic/product/prebuilts/api/32.0/private/qcrosvm.te new file mode 100644 index 00000000..7fd66ab0 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/qcrosvm.te @@ -0,0 +1,33 @@ +# Copyright (c) 2021 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +####################### +# Policy for qcrosvm +type vendor_qcrosvm, domain, coredomain; +type vendor_qcrosvm_exec, system_file_type, exec_type, file_type; + +allow vendor_qcrosvm vendor_qvirtmgr:fd use; diff --git a/generic/product/prebuilts/api/32.0/private/qti-display.te b/generic/product/prebuilts/api/32.0/private/qti-display.te new file mode 100644 index 00000000..ff58f5d7 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/qti-display.te @@ -0,0 +1,34 @@ +# Copyright (c) 2020 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_sys_qti_display_exec, system_file_type, exec_type, file_type; + +userdebug_or_eng(` + typeattribute vendor_sys_qti_display coredomain; + init_daemon_domain(vendor_sys_qti_display) + set_prop(vendor_sys_qti_display, vendor_display_notch_prop) +') diff --git a/generic/product/prebuilts/api/32.0/private/qvirtmgr.te b/generic/product/prebuilts/api/32.0/private/qvirtmgr.te new file mode 100644 index 00000000..874434e6 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/qvirtmgr.te @@ -0,0 +1,39 @@ +# Copyright (c) 2021 The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +####################### +# Policy for qvirtmgr +typeattribute vendor_qvirtmgr coredomain; +type vendor_qvirtmgr_exec, system_file_type, exec_type, file_type; + +####################### +# Main daemon flow +init_daemon_domain(vendor_qvirtmgr); + +add_service(vendor_qvirtmgr, vendor_qvirtmgr_service); + +allow vendor_qvirtmgr vendor_qcrosvm_exec:file rx_file_perms; diff --git a/generic/product/prebuilts/api/32.0/private/seapp_contexts b/generic/product/prebuilts/api/32.0/private/seapp_contexts new file mode 100644 index 00000000..b4d7e65a --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/seapp_contexts @@ -0,0 +1,47 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#Add new domain for system helper service using for Trusted UI +user=_app seinfo=platform name=com.qualcomm.qti.services.systemhelper:systemhelper_service domain=vendor_systemhelper_app type=app_data_file levelFrom=user + +#Add DeviceInfoHidlClient to vendor_qtelephony +user=_app seinfo=platform name=com.qualcomm.qti.devicestatisticsservice domain=vendor_qtelephony type=app_data_file levelFrom=all + +#Add remotesimlockservice to vendor_qtelephony +user=_app seinfo=platform name=com.qualcomm.qti.uim domain=vendor_qtelephony type=app_data_file levelFrom=all + +#Add uimgbaservice to vendor_qtelephony +user=_app seinfo=platform name=com.qualcomm.qti.uimGbaApp domain=vendor_qtelephony type=app_data_file levelFrom=all + +#Add uim_remote_client service to vendor_qtelephony +user=_app seinfo=platform name=com.qualcomm.uimremoteclient domain=vendor_qtelephony type=app_data_file levelFrom=all + +#Add uim_remote_server service to vendor_qtelephony +user=_app seinfo=platform name=com.qualcomm.uimremoteserver domain=vendor_qtelephony type=app_data_file levelFrom=all + +#Add uimlpaservice service to vendor_qtelephony +user=_app seinfo=platform name=com.qualcomm.qti.lpa domain=vendor_qtelephony type=app_data_file levelFrom=all diff --git a/generic/product/prebuilts/api/32.0/private/systemhelper_app.te b/generic/product/prebuilts/api/32.0/private/systemhelper_app.te new file mode 100644 index 00000000..b3cd317c --- /dev/null +++ b/generic/product/prebuilts/api/32.0/private/systemhelper_app.te @@ -0,0 +1,40 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute vendor_systemhelper_app coredomain; +app_domain(vendor_systemhelper_app) + +allow vendor_hal_systemhelper_client vendor_hal_systemhelper_hwservice:hwservice_manager find; +add_hwservice(vendor_systemhelper_app, vendor_hal_systemhelper_hwservice) +neverallow { domain -vendor_hal_systemhelper_client -vendor_systemhelper_app } vendor_hal_systemhelper_hwservice:hwservice_manager find; + +allow vendor_systemhelper_app { activity_service trust_service surfaceflinger_service vendor_vps_service }:service_manager find; + +allow vendor_systemhelper_app app_data_file:dir rw_dir_perms; +allow vendor_systemhelper_app thermal_service:service_manager find; +allow vendor_systemhelper_app vendor_perf_service:service_manager find; +allow vendor_systemhelper_app app_api_service:service_manager find; diff --git a/generic/product/prebuilts/api/32.0/product_pub_versioned.cil b/generic/product/prebuilts/api/32.0/product_pub_versioned.cil new file mode 100644 index 00000000..0a4bf146 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/product_pub_versioned.cil @@ -0,0 +1,11 @@ +(typeattribute vendor_hal_systemhelper) +(typeattribute vendor_hal_systemhelper_client) +(typeattribute vendor_hal_systemhelper_server) +(type vendor_hal_systemhelper_hwservice) +(type vendor_display_notch_prop) +(type vendor_sys_qti_display) +(type vendor_systemhelper_app) +(typeattribute vendor_hal_systemhelper_hwservice_32_0) +(typeattribute vendor_display_notch_prop_32_0) +(typeattribute vendor_sys_qti_display_32_0) +(typeattribute vendor_systemhelper_app_32_0) diff --git a/generic/product/prebuilts/api/32.0/public/attributes b/generic/product/prebuilts/api/32.0/public/attributes new file mode 100644 index 00000000..c171b1eb --- /dev/null +++ b/generic/product/prebuilts/api/32.0/public/attributes @@ -0,0 +1,30 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +attribute vendor_hal_systemhelper; +attribute vendor_hal_systemhelper_client; +attribute vendor_hal_systemhelper_server; diff --git a/generic/product/prebuilts/api/32.0/public/file.te b/generic/product/prebuilts/api/32.0/public/file.te new file mode 100644 index 00000000..adbd6a9c --- /dev/null +++ b/generic/product/prebuilts/api/32.0/public/file.te @@ -0,0 +1,26 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/generic/product/prebuilts/api/32.0/public/hwservice.te b/generic/product/prebuilts/api/32.0/public/hwservice.te new file mode 100644 index 00000000..960769ce --- /dev/null +++ b/generic/product/prebuilts/api/32.0/public/hwservice.te @@ -0,0 +1,28 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_hal_systemhelper_hwservice, coredomain_hwservice, hwservice_manager_type, protected_hwservice; diff --git a/generic/product/prebuilts/api/32.0/public/property.te b/generic/product/prebuilts/api/32.0/public/property.te new file mode 100644 index 00000000..00b493c0 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/public/property.te @@ -0,0 +1,28 @@ +# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +product_restricted_prop(vendor_display_notch_prop) diff --git a/generic/product/prebuilts/api/32.0/public/qti-display.te b/generic/product/prebuilts/api/32.0/public/qti-display.te new file mode 100644 index 00000000..48b72d53 --- /dev/null +++ b/generic/product/prebuilts/api/32.0/public/qti-display.te @@ -0,0 +1,34 @@ +# Copyright (c) 2020, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_sys_qti_display, domain, mlstrustedsubject; + +#============= vendor_sys_qti_display ============== +userdebug_or_eng(` + allow vendor_sys_qti_display shell_exec:file rx_file_perms; + allow vendor_sys_qti_display toolbox_exec:file rx_file_perms; +') diff --git a/generic/product/prebuilts/api/32.0/public/systemhelper_app.te b/generic/product/prebuilts/api/32.0/public/systemhelper_app.te new file mode 100644 index 00000000..de8560ea --- /dev/null +++ b/generic/product/prebuilts/api/32.0/public/systemhelper_app.te @@ -0,0 +1,28 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type vendor_systemhelper_app, domain; diff --git a/generic/product/prebuilts/api/32.0/vendor_sepolicy.cil b/generic/product/prebuilts/api/32.0/vendor_sepolicy.cil new file mode 100644 index 00000000..4a3aac3a --- /dev/null +++ b/generic/product/prebuilts/api/32.0/vendor_sepolicy.cil @@ -0,0 +1 @@ +;; empty stub diff --git a/generic/product/private/compat/32.0/32.0.cil b/generic/product/private/compat/32.0/32.0.cil new file mode 100644 index 00000000..9e793388 --- /dev/null +++ b/generic/product/private/compat/32.0/32.0.cil @@ -0,0 +1,13 @@ +(typeattributeset vendor_hal_systemhelper_hwservice_32_0 (vendor_hal_systemhelper_hwservice)) +(expandtypeattribute (vendor_hal_systemhelper_hwservice_32_0) true) +(typeattribute vendor_hal_systemhelper_hwservice_32_0) +(typeattributeset vendor_display_notch_prop_32_0 (vendor_display_notch_prop)) +(expandtypeattribute (vendor_display_notch_prop_32_0) true) +(typeattribute vendor_display_notch_prop_32_0) +(typeattributeset vendor_systemhelper_app_32_0 (vendor_systemhelper_app)) +(expandtypeattribute (vendor_systemhelper_app_32_0) true) +(typeattribute vendor_systemhelper_app_32_0) +(typeattributeset vendor_sys_qti_display_32_0 (vendor_sys_qti_display)) +(expandtypeattribute (vendor_sys_qti_display_32_0) true) +(typeattribute vendor_sys_qti_display_32_0) + diff --git a/generic/product/private/compat/32.0/32.0.compat.cil b/generic/product/private/compat/32.0/32.0.compat.cil new file mode 100644 index 00000000..e2244843 --- /dev/null +++ b/generic/product/private/compat/32.0/32.0.compat.cil @@ -0,0 +1 @@ +;; This file can't be empty diff --git a/generic/product/private/compat/32.0/32.0.ignore.cil b/generic/product/private/compat/32.0/32.0.ignore.cil new file mode 100644 index 00000000..8da267f4 --- /dev/null +++ b/generic/product/private/compat/32.0/32.0.ignore.cil @@ -0,0 +1,7 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi test +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects)) diff --git a/prebuilts/api/32.0/plat_pub_versioned.cil b/prebuilts/api/32.0/plat_pub_versioned.cil new file mode 100644 index 00000000..ac63b142 --- /dev/null +++ b/prebuilts/api/32.0/plat_pub_versioned.cil @@ -0,0 +1 @@ +;; this file should not be empty diff --git a/prebuilts/api/32.0/vendor_sepolicy.cil b/prebuilts/api/32.0/vendor_sepolicy.cil new file mode 100644 index 00000000..9dc9d719 --- /dev/null +++ b/prebuilts/api/32.0/vendor_sepolicy.cil @@ -0,0 +1 @@ +;;this file can't be empty