xiaomi-unicorn1/android_device_qcom_sepolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix compilation errors for a new SP

Browse Source 
-Remove violating sepolicy rules
-Several sepolicy rules are violating new neverallow rules
-Rename mediacodec to hal_omx_server

Change-Id: I92e46378092f14b7ceab9b946207f006ce0e2611
This commit is contained in:
Murtuza Raja
2018-09-28 00:48:46 +05:30
committed by mraja
parent 7afc43d8da
commit a6efa300ce
6 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
private/qti-testscripts.te
View File

@@ -80,7 +80,7 @@ userdebug_or_eng(`
# allow adbd qti-testscripts:process dyntransition;
#allow { domain -mediaextractor -mediacodec } qti-testscripts:unix_stream_socket connectto;
allow domain qti-testscripts:fd use;
allow { domain -mediaextractor -mediacodec -hal_configstore_server } qti-testscripts:unix_stream_socket { getattr getopt read write shutdown };
allow { domain -mediaextractor -hal_omx_server -hal_configstore_server } qti-testscripts:unix_stream_socket { getattr getopt read write shutdown };
# binder_call({ domain -init -netd }, qti-testscripts)
allow domain qti-testscripts:fifo_file { write getattr };
allow domain qti-testscripts:process sigchld;

2
vendor/common/drmserver.te vendored
View File

@@ -1,5 +1,5 @@
#Address denial logs for drm server accessing firmware file
r_dir_file(drmserver, firmware_file)
#r_dir_file(drmserver, firmware_file)
#Address denial logs for drm server accessing qseecom driver
allow drmserver tee_device:chr_file rw_file_perms;

2
vendor/common/genfs_contexts vendored
View File

@@ -5,7 +5,7 @@ genfscon proc /ath_pktlog/cld u:object_r:proc_wifi_dbg:s
genfscon sysfs /android_touch u:object_r:sysfs_touch:s0
genfscon sysfs /devices/virtual/input/ftm4_touch u:object_r:sysfs_touch:s0
genfscon sysfs /class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
#genfscon sysfs /class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
genfscon sysfs /kernel/irq_helper/irq_blacklist_on u:object_r:sysfs_irqbalance:s0
genfscon sysfs /kernel/wcd_cpe0 u:object_r:sysfs_audio:s0

2
vendor/common/hal_tetheroffload_default.te vendored
View File

@@ -31,7 +31,7 @@ allow hal_tetheroffload_default ipacm_socket:sock_file w_file_perms;
allow hal_tetheroffload_default ipa_vendor_data_file:dir w_dir_perms;
allow hal_tetheroffload_default ipa_vendor_data_file:file create_file_perms;
add_hwservice(hal_tetheroffload_default, hal_tetheroffload_hwservice)
#add_hwservice(hal_tetheroffload_default, hal_tetheroffload_hwservice)
#diag
userdebug_or_eng(`

2
vendor/common/hwservice.te vendored
View File

@@ -7,7 +7,7 @@ type hal_imsrtp_hwservice, hwservice_manager_type;
type hal_imscallinfo_hwservice, hwservice_manager_type;
type hal_ipacm_hwservice, hwservice_manager_type;
type hal_hbtp_hwservice, hwservice_manager_type;
type hal_perf_hwservice, hwservice_manager_type, untrusted_app_visible_hwservice;
type hal_perf_hwservice, hwservice_manager_type, untrusted_app_visible_hwservice_violators;
type hal_tui_comm_hwservice, hwservice_manager_type;
type hal_qdutils_disp_hwservice, hwservice_manager_type;
type hal_display_color_hwservice, hwservice_manager_type;

4
vendor/common/ipacm.te vendored
View File

@@ -39,5 +39,5 @@ allow hal_tetheroffload ipa_vendor_data_file:dir w_dir_perms;
allow hal_tetheroffload ipa_vendor_data_file:file create_file_perms;
# To register ipacm to hwbinder
add_hwservice(ipacm, hal_ipacm_hwservice)
binder_call(ipacm, system_server)
#add_hwservice(ipacm, hal_ipacm_hwservice)
#binder_call(ipacm, system_server)