xiaomi-unicorn1/android_device_qcom_sepolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "sepolicy: adding sepolicy changes"

Browse Source
This commit is contained in:
qctecmdr Service
2019-02-20 01:05:11 -08:00
committed by Gerrit - the friendly Code Review server
parent 2a97390193 91a8b0f08b
commit d2533e796a
288 changed files with 16082 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
Android.mk
View File

@@ -1,28 +1,50 @@
# Board specific SELinux policy variable definitions
ifeq ($(call is-vendor-board-platform,QCOM),true)
LOCAL_PATH:= $(call my-dir)
BOARD_SEPOLICY_DIRS := \
$(BOARD_SEPOLICY_DIRS) \
$(LOCAL_PATH) \
$(LOCAL_PATH)/qva/vendor/common/sysmonapp \
$(LOCAL_PATH)/generic/vendor/common \
$(LOCAL_PATH)/generic/vendor/$(TARGET_BOARD_PLATFORM) \
$(LOCAL_PATH)/qva/vendor/$(TARGET_BOARD_PLATFORM) \
$(LOCAL_PATH)/qva/vendor/common \
$(LOCAL_PATH)/qva/vendor/ssg
BOARD_PLAT_PUBLIC_SEPOLICY_DIR := \
$(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) \
$(LOCAL_PATH)/generic/public \
$(LOCAL_PATH)/qva/public
$(LOCAL_PATH)/generic/public
BOARD_PLAT_PRIVATE_SEPOLICY_DIR := \
$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) \
$(LOCAL_PATH)/generic/private
BOARD_PLAT_PUBLIC_SEPOLICY_DIR := \
$(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) \
$(LOCAL_PATH)/qva/public
BOARD_PLAT_PRIVATE_SEPOLICY_DIR := \
$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) \
$(LOCAL_PATH)/generic/private \
$(LOCAL_PATH)/qva/private
ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/generic/vendor/test
ifeq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM)))
BOARD_SEPOLICY_DIRS := \
$(BOARD_SEPOLICY_DIRS) \
$(LOCAL_PATH) \
$(LOCAL_PATH)/generic/vendor/common \
$(LOCAL_PATH)/generic/vendor/$(TARGET_BOARD_PLATFORM) \
$(LOCAL_PATH)/qva/vendor/common/sysmonapp \
$(LOCAL_PATH)/qva/vendor/$(TARGET_BOARD_PLATFORM) \
$(LOCAL_PATH)/qva/vendor/ssg \
$(LOCAL_PATH)/qva/vendor/common
ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/generic/vendor/test
endif
endif
ifneq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM)))
BOARD_SEPOLICY_DIRS := \
$(BOARD_SEPOLICY_DIRS) \
$(LOCAL_PATH) \
$(LOCAL_PATH)/legacy/vendor/common/sysmonapp \
$(LOCAL_PATH)/legacy/vendor/$(TARGET_BOARD_PLATFORM) \
$(LOCAL_PATH)/legacy/vendor/ssg \
$(LOCAL_PATH)/legacy/vendor/common
ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/legacy/vendor/test
endif
endif
endif

92
generic/vendor/sdm710/file_contexts vendored
View File

@@ -1,92 +0,0 @@
# Copyright (c) 2016-2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
###################################
# Dev block nodes
#common block which are not going to change
/dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0
/dev/block/mmcblk0 u:object_r:root_block_device:s0
#for eMMC
# A/B partitions.
/dev/block/platform/soc/7c4000.sdhci/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/apdp_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/boot_[ab] u:object_r:boot_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/modem_[ab] u:object_r:modem_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/bluetooth_[ab] u:object_r:modem_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/xbl_[ab] u:object_r:xbl_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/aop_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/mdtp_[ab] u:object_r:mdtp_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/storsec_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0
#non A/B
/dev/block/platform/soc/7c4000.sdhci/by-name/system u:object_r:system_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/userdata u:object_r:userdata_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/boot u:object_r:boot_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/fsc u:object_r:modem_efs_partition_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/fsg u:object_r:modem_efs_partition_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/modemst1 u:object_r:modem_efs_partition_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/modemst2 u:object_r:modem_efs_partition_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/ssd u:object_r:ssd_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/misc u:object_r:misc_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/rpm u:object_r:rpmb_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/recovery u:object_r:recovery_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/cache u:object_r:cache_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/frp u:object_r:frp_block_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/mdtp u:object_r:mdtp_device:s0
/dev/block/platform/soc/7c4000.sdhci/by-name/storsec u:object_r:boot_block_device:s0
#################################
# libs
/vendor/lib(64)?/hw/gralloc\.sdm710\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/vulkan\.sdm710\.so u:object_r:same_process_hal_file:s0
# FBE
/(vendor|system/vendor)/bin/init.qti.qseecomd.sh u:object_r:init-qti-fbe-sh_exec:s0
#LED sysfs nodes
/sys/devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-03/c440000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds(/.*)? u:object_r:sysfs_leds:s0

30
legacy/vendor/common/adbd.te vendored Normal file
View File

@@ -0,0 +1,30 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow adbd tombstone_data_file:dir getattr;
unix_socket_connect(adbd, qdcmsocket, qdcm-ss);

58
legacy/vendor/common/adpl.te vendored Normal file
View File

@@ -0,0 +1,58 @@
#Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
#met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type adpl, domain;
type adpl_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(adpl)
net_domain(adpl)
allow adpl {
rmnet_device
mhi_device
ipa_dev
}:chr_file rw_file_perms;
qmux_socket(adpl)
allow adpl self:{
netlink_socket
socket
udp_socket
qipcrtr_socket
} create_socket_perms_no_ioctl;
allow adpl self:socket ioctl;
allowxperm adpl self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
allow adpl sysfs_data:file r_file_perms;
set_prop(adpl, vendor_dataadpl_prop)
#diag
userdebug_or_eng(`
diag_use(adpl)
')

47
legacy/vendor/common/adsprpcd.te vendored Normal file
View File

@@ -0,0 +1,47 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# adsprpcd daemon
type adsprpcd, domain;
type adsprpcd_exec, exec_type, vendor_file_type, file_type;
# Started by init
init_daemon_domain(adsprpcd)
allow adsprpcd qdsp_device:chr_file r_file_perms;
allow adsprpcd xdsp_device:chr_file r_file_perms;
# For reading dir/files on /dsp
r_dir_file(adsprpcd, adsprpcd_file)
# For reading adsprpc_prop
get_prop(adsprpcd, adsprpc_prop)
allow adsprpcd ion_device:chr_file r_file_perms;
allow adsprpcd mnt_vendor_file:dir r_dir_perms;
allow adsprpcd sensors_persist_file:dir create_dir_perms;
allow adsprpcd sensors_persist_file:file create_file_perms;

41
legacy/vendor/common/app.te vendored Normal file
View File

@@ -0,0 +1,41 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#Allow all apps to open and send ioctl to qdsp device
allow appdomain qdsp_device:chr_file r_file_perms;
get_prop(appdomain, hwui_prop)
get_prop(appdomain, bservice_prop)
get_prop(appdomain, reschedule_service_prop)
get_prop(appdomain, vendor_iop_prop)
get_prop(appdomain, vendor_scroll_prop)
# Allow access to qti_logkit
allow appdomain qti_logkit_pub_socket:dir r_dir_perms;
# Allow all apps to open and send ioctl to npu device
allow appdomain npu_device:chr_file r_file_perms;

48
legacy/vendor/common/atfwd.te vendored Normal file
View File

@@ -0,0 +1,48 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type atfwd, domain;
type atfwd_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(atfwd)
allow atfwd self:{socket qipcrtr_socket } create_socket_perms;
allowxperm atfwd self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
binder_call(atfwd, system_app);
r_dir_file(atfwd, sysfs_data);
set_prop(atfwd, vendor_radio_prop)
hwbinder_use(atfwd)
get_prop(atfwd, hwservicemanager_prop)
#diag
userdebug_or_eng(`
diag_use(atfwd)
')

117
legacy/vendor/common/attributes vendored Normal file
View File

@@ -0,0 +1,117 @@
# Copyright (c) 2016-2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# HALs
attribute hal_display_color;
attribute hal_display_color_client;
attribute hal_display_color_server;
attribute hal_display_postproc;
attribute hal_display_postproc_client;
attribute hal_display_postproc_server;
attribute hal_hbtp;
attribute hal_hbtp_client;
attribute hal_hbtp_server;
attribute hal_perf;
attribute hal_perf_client;
attribute hal_perf_server;
attribute wifidisplayhalservice;
attribute wifidisplayhalservice_client;
attribute wifidisplayhalservice_server;
attribute hal_alarm_qti;
attribute hal_alarm_qti_client;
attribute hal_alarm_qti_server;
attribute hal_vpp;
attribute hal_vpp_client;
attribute hal_vpp_server;
attribute hal_wigig;
attribute hal_wigig_client;
attribute hal_wigig_server;
attribute hal_qteeconnector;
attribute hal_qteeconnector_client;
attribute hal_qteeconnector_server;
attribute hal_esepowermanager;
attribute hal_esepowermanager_client;
attribute hal_esepowermanager_server;
attribute hal_iop;
attribute hal_iop_client;
attribute hal_iop_server;
attribute hal_voiceprint;
attribute hal_voiceprint_server;
attribute hal_voiceprint_client;
attribute vendor_hal_factory_qti;
attribute vendor_hal_factory_qti_client;
attribute vendor_hal_factory_qti_server;
attribute hal_wigig_npt;
attribute hal_wigig_npt_client;
attribute hal_wigig_npt_server;
attribute hal_qdutils_disp;
attribute hal_qdutils_disp_client;
attribute hal_qdutils_disp_server;
attribute hal_tui_comm;
attribute hal_tui_comm_client;
attribute hal_tui_comm_server;
attribute hal_soter;
attribute hal_soter_client;
attribute hal_soter_server;
attribute hal_sensorscalibrate_qti;
attribute hal_sensorscalibrate_qti_client;
attribute hal_sensorscalibrate_qti_server;
# All types in /mnt/vendor/persist
attribute vendor_persist_type;
attribute hal_scve;
attribute hal_scve_client;
attribute hal_scve_server;
attribute hal_mirrorlink;
attribute hal_mirrorlink_client;
attribute hal_mirrorlink_server;
attribute hal_pasrmanager;
attribute hal_pasrmanager_client;
attribute hal_pasrmanager_server;
attribute hal_wifilearner;
attribute hal_wifilearner_client;
attribute hal_wifilearner_server;

35
legacy/vendor/common/audiod.te vendored Normal file
View File

@@ -0,0 +1,35 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# audio daemon
type audiod, domain;
type audiod_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(audiod)
allow audiod proc_audiod:file r_file_perms;
allow audiod audio_device:chr_file rw_file_perms;
binder_call(audiod, audioserver)

46
legacy/vendor/common/audioserver.te vendored Normal file
View File

@@ -0,0 +1,46 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
userdebug_or_eng(`
allow audioserver qti_debugfs:dir r_dir_perms;
allow audioserver qti_debugfs:file rw_file_perms;
')
# Allow audioserver to read soundcard state under /proc/asound
allow audioserver proc_audiod:file r_file_perms;
# Allow audioserver to read sysfs dir and sysfs_thermal files for speaker protection
allow audioserver sysfs_audio:dir r_dir_perms;
allow audioserver sysfs_thermal:file r_file_perms;
# Allow audioserver to access sysfs nodes
allow audioserver sysfs_audio:file rw_file_perms;
userdebug_or_eng(`
diag_use(audioserver)
')
# audio properties
get_prop(audioserver, vendor_audio_prop)

84
legacy/vendor/common/bluetooth.te vendored Normal file
View File

@@ -0,0 +1,84 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#Adding all bt related service to bt domains
type sapd, bluetoothdomain;
type sapd_exec, exec_type, vendor_file_type, file_type;
type btsnoop, bluetoothdomain;
type btsnoop_exec, exec_type, vendor_file_type, file_type;
type btnvtool, bluetoothdomain;
type btnvtool_exec, exec_type, vendor_file_type, file_type;
type fmhal_service, bluetoothdomain;
type fmhal_service_exec, exec_type, vendor_file_type, file_type;
allow bluetooth sysfs_bluetooth_writable:file w_file_perms;
#Access to /data/media
allow bluetooth media_rw_data_file:dir create_dir_perms;
allow bluetooth media_rw_data_file:file create_file_perms;
#allow proc_sysrq access for crash dump
userdebug_or_eng(`
allow bluetooth proc_sysrq:file w_file_perms;
allow bluetooth qti_debugfs:file r_file_perms;
')
allow bluetooth {
uhid_device
serial_device
#BT needes read and write on smd device node
smd_device
bt_device
}:chr_file rw_file_perms;
allow bluetooth self:socket { create write getopt read };
#dun-server requires binding with system_app and servicemanager
binder_use(bluetooth);
binder_call(bluetooth, system_app);
binder_call(bluetooth, servicemanager);
allow bluetooth dun_service:service_manager find;
# for finding wbc_service
allow bluetooth wbc_service:service_manager find;
# ioctlcmd=c302
allow bluetooth self:socket ioctl;
allowxperm bluetooth self:socket ioctl msm_sock_ipc_ioctls;
#SplitA2dp bluetooth requires binding with audio hal
binder_call(bluetooth, hal_audio);
allow bluetooth hal_audio_hwservice:hwservice_manager find;
# suppress denials for services, which should not be accessed by bluetooth
dontaudit bluetooth {
netd_service
}:service_manager find;

32
legacy/vendor/common/bootanim.te vendored Normal file
View File

@@ -0,0 +1,32 @@
# Copyright (c) 2016, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# allow bootanim to binder mediaserver
typeattribute bootanim system_writes_vendor_properties_violators;
binder_call(bootanim, mediaserver);
allow bootanim mediaserver_service:service_manager find;
userdebug_or_eng(`allow bootanim self:process execmem;')

60
legacy/vendor/common/cameraserver.te vendored Normal file
View File

@@ -0,0 +1,60 @@
# Copyright (c) 2016, 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow cameraserver camera_data_file:sock_file write;
allow cameraserver gpu_device:chr_file rw_file_perms;
#allow cameraserver mm-qcamerad:unix_dgram_socket sendto;
#changes to access laser device
r_dir_file(cameraserver, input_device);
#Allow surfaceflinger access for camera preview
allow cameraserver surfaceflinger:unix_stream_socket { read write };
# allow cameraserver to communicate with sensors
allow cameraserver sensors_device:chr_file rw_file_perms;
#unix_socket_connect(cameraserver, sensors, sensors);
allow cameraserver system_server:unix_stream_socket { read write };
get_prop(cameraserver, camera_prop)
allow cameraserver self:socket create_socket_perms_no_ioctl;
allow cameraserver graphics_device:dir r_dir_perms;
allow cameraserver sensorservice_service:service_manager find;
allow cameraserver system_file:dir r_dir_perms;
#Allows camera to call ADSP QDSP6 functionality
allow cameraserver qdsp_device:chr_file r_file_perms;
allow cameraserver xdsp_device:chr_file r_file_perms;
get_prop(cameraserver, camera_prop)
#allow cameraserver to read adsprpc_prop
get_prop(cameraserver, adsprpc_prop)
#need this in full_treble for camera perview
allow cameraserver hal_allocator:fd use;
# added now for camcorder functionality. need to use HIDL
userdebug_or_eng(`
binder_call(cameraserver, hal_graphics_composer)
')

46
legacy/vendor/common/cdsprpcd.te vendored Normal file
View File

@@ -0,0 +1,46 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# cdsprpcd daemon
type cdsprpcd, domain;
type cdsprpcd_exec, exec_type, vendor_file_type, file_type;
# Started by init
init_daemon_domain(cdsprpcd)
# For reading dir/files on /dsp
r_dir_file(cdsprpcd, adsprpcd_file)
# For reading adsprpc_prop
get_prop(cdsprpcd, adsprpc_prop)
allow cdsprpcd qdsp_device:chr_file r_file_perms;
allow cdsprpcd ion_device:chr_file r_file_perms;
r_dir_file(cdsprpcd, sysfs_devfreq)
allow cdsprpcd sysfs_devfreq_l3cdsp:dir r_dir_perms;
allow cdsprpcd sysfs_devfreq_l3cdsp:file rw_file_perms;

43
legacy/vendor/common/charger_monitor.te vendored Normal file
View File

@@ -0,0 +1,43 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#integrated process
type charger_monitor, domain;
type charger_monitor_exec, exec_type, vendor_file_type, file_type;
#started by init
init_daemon_domain(charger_monitor)
#charger monitor will use uevent, visit sysfs and use the wake lock
allow charger_monitor self:netlink_kobject_uevent_socket { read create setopt bind };
allow charger_monitor{
sysfs_wake_lock
sysfs_battery_supply
}:file rw_file_perms;
allow charger_monitor sysfs_battery_supply:dir r_dir_perms;
r_dir_file(charger_monitor, sysfs_usb_supply)

41
legacy/vendor/common/chre.te vendored Normal file
View File

@@ -0,0 +1,41 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# This daemon loads the Context Hub Runtime Environment (CHRE) dynamic modules
# onto the SLPI using FastRPC, and exposes a sockets interface for clients on
# the applications processor to interact CHRE
type chre, domain;
type chre_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(chre)
r_dir_file(chre, adsprpcd_file)
get_prop(chre, adsprpc_prop)
allow chre ion_device:chr_file r_file_perms;
allow chre qdsp_device:chr_file r_file_perms;
allow chre xdsp_device:chr_file r_file_perms;
allow chre dsp_device:chr_file r_file_perms;

28
legacy/vendor/common/clatd.te vendored Normal file
View File

@@ -0,0 +1,28 @@
#Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
#met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow clatd clatd:packet_socket map;

128
legacy/vendor/common/cnd.te vendored Normal file
View File

@@ -0,0 +1,128 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type cnd, domain, mlstrustedsubject;
type cnd_exec, exec_type, vendor_file_type, file_type;
file_type_auto_trans(cnd, socket_device, cnd_socket);
# cnd is started by init, type transit from init domain to cnd domain
init_daemon_domain(cnd)
# associate netdomain as an attribute of cnd domain
net_domain(cnd)
allow cnd smem_log_device:chr_file rw_file_perms;
# allow cnd the following capability
allow cnd self:capability {
net_admin
sys_module
net_bind_service
};
allow cnd self:capability2 block_suspend;
# socket used to communicate with kernel via the netlink syscall
allow cnd self:{
netlink_tcpdiag_socket
netlink_route_socket
netlink_socket
netlink_generic_socket
# allow cnd to perform socket operation on itself
socket
qipcrtr_socket
} create_socket_perms_no_ioctl;
# allow cnd to read tcp diagnostics through netlink
allow cnd self:netlink_tcpdiag_socket nlmsg_read;
# allow cnd to set cnd property
set_prop(cnd, cnd_vendor_prop)
# allow cnd to access cnd_data_file
allow cnd cnd_data_file:file create_file_perms;
allow cnd cnd_data_file:sock_file { unlink create setattr };
allow cnd cnd_data_file:dir rw_dir_perms;
# allow cnd to access qmux_radio_socket
qmux_socket(cnd)
# allow cnd to access wpa_socket
unix_socket_send(cnd, wpa, hal_wifi_supplicant)
allow cnd wifi_vendor_data_file:dir r_dir_perms;
allow cnd wifi_vendor_wpa_socket:sock_file write;
allow cnd wpa_data_file:dir w_dir_perms;
allow cnd wpa_data_file:sock_file create_file_perms;
# allow cnd to obtain wakelock
wakelock_use(cnd)
# allow access to nims
allow cnd socket_device:dir remove_name;
# explicitly allow udp socket permissions for appdomain
#allow cnd appdomain:udp_socket rw_socket_perms;
#allow cnd daemon to invoke hostapd_cli
allow cnd vendor_shell_exec:file rx_file_perms;
domain_auto_trans(cnd, hostapd_exec, hostapd)
allow cnd hostapd_socket:dir r_dir_perms;
unix_socket_send(cnd, hostapd, hostapd)
# only allow getopt for appdomain
allow appdomain zygote:unix_dgram_socket getopt;
dontaudit { domain -appdomain } zygote:unix_dgram_socket getopt;
#diag
userdebug_or_eng(`
diag_use(cnd)
')
allow cnd proc_meminfo:file r_file_perms;
allow cnd self:socket ioctl;
allowxperm cnd self:socket ioctl msm_sock_ipc_ioctls;
allow cnd self:udp_socket ioctl;
allowxperm cnd self:udp_socket ioctl wlan_sock_ioctls;
allow cnd sysfs_data:file r_file_perms;
add_hwservice(cnd, hal_latency_hwservice)
add_hwservice(cnd, hal_datafactory_hwservice)
hwbinder_use(cnd)
get_prop(cnd, hwservicemanager_prop)
binder_call(cnd, dataservice_app)
binder_call(cnd, ims)
binder_call(cnd, location)
##############################################################
#for using public interface vendor.qti.data.factory
#client should add their domain to cnd.te
##############################################################
userdebug_or_eng(`
binder_call(cnd, radio)
')

44
legacy/vendor/common/dataservice_app.te vendored Normal file
View File

@@ -0,0 +1,44 @@
# Copyright (c) 2015-2016, 2018 The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
get_prop(dataservice_app, cnd_vendor_prop)
allow dataservice_app sysfs_data:file r_file_perms;
userdebug_or_eng(`
diag_use(dataservice_app)
')
allow dataservice_app hal_datafactory_hwservice:hwservice_manager find;
binder_call(dataservice_app, cnd)
allow dataservice_app hal_imsrcsd_hwservice:hwservice_manager find;
binder_call(dataservice_app, hal_rcsservice)
r_dir_file(dataservice_app, cnd_data_file)
allow dataservice_app app_api_service:service_manager find;

191
legacy/vendor/common/device.te vendored Normal file
View File

@@ -0,0 +1,191 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#Define the logging device type
type diag_device, dev_type, mlstrustedobject;
type smem_log_device, dev_type;
#Define the hsic device
type hsic_device, dev_type;
#Define the mhi device
type mhi_device, dev_type;
#Define the bhi device
type bhi_device, dev_type;
#device type for smd device nodes, ie /dev/smd*
type smd_device, dev_type;
#device type for rmnet device nodes, ie /dev/rmnet_ctrl*
type rmnet_device, dev_type;
#Define thermal-engine devices
type thermal_device, dev_type;
#Define vm_bms devices
type vm_bms_device, dev_type;
type battery_data_device, dev_type;
#Add qdsp_device type
type qdsp_device, dev_type, mlstrustedobject;
type dsp_device, dev_type;
type xdsp_device, dev_type;
#Define hvdcp/quickcharge device
type hvdcp_device, dev_type;
#Define mpdecision device
type device_latency, dev_type;
#Added for fm_radio device
type fm_radio_device, dev_type;
#Add for storage pertitions for EFS partitions
type modem_efs_partition_device, dev_type;
#Define device for partition links
type ssd_device, dev_type;
type rpmb_device, dev_type;
type sg_device, dev_type;
type dip_device, dev_type;
type mdtp_device, dev_type;
type sd_device, dev_type;
#ESOC device
type esoc_device, dev_type;
#SSR device
type ssr_device, dev_type;
#Ramdump device
type ramdump_device, dev_type;
#Kickstart bridge devices
type ksbridgehsic_device, dev_type;
#EFS sync bridge devices
type efsbridgehsic_device, dev_type;
#EFS sync block devices
type efs_boot_dev, dev_type;
#MBA debug image partition
type mba_debug_dev, dev_type;
#logdump partition
type logdump_partition, dev_type;
#Bootselect partition
type bootselect_device, dev_type;
# Define IPA devices
type ipa_dev, dev_type;
type wcnss_device, dev_type;
# Define spcom device
type spcom_device, dev_type;
# Define skp device
type skp_device, dev_type;
# Define sp_ssr device
type sp_ssr_device, dev_type;
# Define sp_keymaster device
type sp_keymaster_device, dev_type;
# Define sec_nvm devices
type sec_nvm_device, dev_type;
# Define cryptoapp device
type cryptoapp_device, dev_type;
# Define spdaemon_ssr device
type spdaemon_ssr_device, dev_type;
# Define qsee_ipc_irq_spss device
type qsee_ipc_irq_spss_device, dev_type;
# Define QDSS devices
type qdss_device, dev_type;
#Define Gadget serial device
type gadget_serial_device, dev_type;
#energy-awareness device
type pta_device, dev_type;
#Added for hbtp
type bu21150_device, dev_type;
type hbtp_device, dev_type;
#Define qfintverify device
type qce_device, dev_type;
type rng_device, dev_type;
#Define system health monitor devices
type system_health_monitor_device, dev_type;
#Define usf device
type usf_device, dev_type;
#Define qbt1000 device - ultrasonic fingperprint sensor
type qbt1000_device, dev_type;
#Define avtimer device
type avtimer_device, dev_type;
#define AT device
type at_device, dev_type;
#define Bluetooth device
type bt_device, dev_type;
#define Wlan device
type wlan_device, dev_type;
#Define rawdump block device
type rawdump_block_device, dev_type;
#Block device for A/B partitions
type custom_ab_block_device, dev_type;
type xbl_block_device, dev_type;
type gpt_block_device, dev_type;
type modem_block_device, dev_type;
type uefi_block_device, dev_type;
#define bgcom char device
type bg_daemon_device, dev_type;
type persist_block_device, dev_type;
#Define npu device
type npu_device, dev_type;
#define qg char device
type qg_device, dev_type;

71
legacy/vendor/common/diag.te vendored Normal file
View File

@@ -0,0 +1,71 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type diag, domain;
type diag_exec, exec_type, vendor_file_type, file_type;
userdebug_or_eng(`
domain_auto_trans(shell, diag_exec, diag)
#domain_auto_trans(adbd, diag_exec, diag)
allow diag {
diag_device
devpts
console_device
# allow access to qseecom for drmdiagapp
tee_device
}:chr_file rw_file_perms;
allow diag {
shell
su
}:fd use;
allow diag {
cgroup
fuse
persist_drm_file
}:dir create_dir_perms;
allow diag port:tcp_socket name_connect;
allow diag self:capability { setuid net_raw sys_admin setgid };
allow diag self:capability2 syslog;
allow diag self:tcp_socket { create connect setopt};
wakelock_use(diag)
allow diag kernel:system syslog_mod;
# allow drmdiagapp access to drm related paths
allow diag mnt_vendor_file:dir r_dir_perms;
r_dir_file(diag, persist_data_file)
# Write to drm related pieces of persist partition
allow diag persist_drm_file:file create_file_perms;
# For DiagExample daemon
init_daemon_domain(diag)
net_domain(diag)
allow diag fuse:dir r_dir_perms;
allow diag fuse:file r_file_perms;
r_dir_file(diag, storage_file)
r_dir_file(diag, mnt_user_file)
')

29
legacy/vendor/common/dnsmasq.te vendored Normal file
View File

@@ -0,0 +1,29 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# allow dnsmasq access to netd fifo_file
allow dnsmasq netd:fifo_file getattr;

67
legacy/vendor/common/domain.te vendored Normal file
View File

@@ -0,0 +1,67 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
r_dir_file({domain - isolated_app}, sysfs_socinfo);
r_dir_file({domain - isolated_app}, sysfs_esoc);
r_dir_file({domain - isolated_app}, sysfs_ssr);
dontaudit domain kernel:system module_request;
# Allow all domains read access to sysfs_thermal
r_dir_file({domain - isolated_app}, sysfs_thermal);
# Allow domain to read /vendor -> /system/vendor
allow domain system_file:lnk_file getattr;
get_prop(domain, vendor_gralloc_prop)
allow domain vendor_configs_file:file r_file_perms;
# Added now for smoother UI
# Remove this after HIDL implementation
userdebug_or_eng(`
allow domain hal_graphics_composer:fd use;
')
dontaudit domain persist_dpm_prop:file r_file_perms;
neverallow {
coredomain
-init
-ueventd
-vold
} vendor_persist_type: { dir file } *;
allow { domain - coredomain } mnt_vendor_file:lnk_file r_file_perms;
allowxperm domain domain:icmp_socket ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
# For compliance testing test suite reads vendor_security_path_level
# Which is the public readable property “ ro.vendor.build.security_patch
get_prop(domain, vendor_security_patch_level_prop)
get_prop(domain, public_vendor_default_prop)
allow domain qti_debugfs:dir search;

55
legacy/vendor/common/dpmd.te vendored Normal file
View File

@@ -0,0 +1,55 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#Add netutils support to install iptables
use_netutils(dpmd)
get_prop(dpmd, persist_dpm_prop)
allow dpmd sysfs_wake_lock:file rw_file_perms;
allow dpmd sysfs_data:dir r_dir_perms;
allow dpmd sysfs_data:file r_file_perms;
#socket, self
allow dpmd smem_log_device:chr_file rw_file_perms;
#Allow dpmd to acquire lock for iptables
allow dpmd system_file:file lock;
#Allow dpmd to connect to hal_dpmQMiMgr
allow dpmd hal_dpmqmi_hwservice:hwservice_manager find;
get_prop(dpmd, hwservicemanager_prop)
binder_call(dpmd,hal_dpmQmiMgr)
hwbinder_use(dpmd)
#diag
userdebug_or_eng(`
diag_use(dpmd)
')

29
legacy/vendor/common/drmserver.te vendored Normal file
View File

@@ -0,0 +1,29 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#Address denial logs for drm server accessing qseecom driver
allow drmserver tee_device:chr_file rw_file_perms;

35
legacy/vendor/common/dtsconfigurator.te vendored Normal file
View File

@@ -0,0 +1,35 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type dtsconfigurator, domain;
type dtsconfigurator_exec, exec_type, vendor_file_type, file_type;
#started by init
init_daemon_domain(dtsconfigurator)
allow dtsconfigurator audio_device:dir r_dir_perms;
allow dtsconfigurator audio_device:chr_file rw_file_perms;

49
legacy/vendor/common/dtseagleservice.te vendored Normal file
View File

@@ -0,0 +1,49 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type dtseagleservice, domain;
type dtseagleservice_exec, exec_type, vendor_file_type, file_type;
#Allow for transition from init domain to dtseagleservice
init_daemon_domain(dtseagleservice)
#Allow dtseagleservice to use Binder IPC
#binder_use(dtseagleservice)
#Allow dtseagleservice to interact with apps
binder_call(dtseagleservice, platform_app)
binder_call(dtseagleservice, system_app)
# Mark dtseagleservice as a Binder service domain
#binder_service(dtseagleservice)
#Allow dtseagleservice to be registered with service manager
allow dtseagleservice dtseagleservice_service:service_manager add;
#Allow access to audio drivers
allow dtseagleservice audio_device:dir r_dir_perms;
allow dtseagleservice audio_device:chr_file rw_file_perms;

41
legacy/vendor/common/energyawareness.te vendored Normal file
View File

@@ -0,0 +1,41 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type energyawareness, domain;
type energyawareness_exec, exec_type, vendor_file_type, file_type;
#started by init
init_daemon_domain(energyawareness)
#allow access to pta and uio interface
allow energyawareness { pta_device uio_device }:chr_file rw_file_perms;
allow energyawareness self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow energyawareness sysfs_ea:file w_file_perms;
r_dir_file(energyawareness, sysfs_ea)

56
legacy/vendor/common/esepmdaemon.te vendored Normal file
View File

@@ -0,0 +1,56 @@
# Copyright (c) 2016, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type esepmdaemon, domain;
type esepmdaemon_exec, exec_type, vendor_file_type, file_type;
#Allow for transition from init domain to esepmdaemon
init_daemon_domain(esepmdaemon)
#Allow esepmdaemon to use Binder IPC
vndbinder_use(esepmdaemon)
#Allow apps to interact with esepmdaemon
binder_call(esepmdaemon, system_app)
#Mark esepmdaemon as a Binder service domain
#binder_service(esepmdaemon)
#Allow esepmdaemon to be registered with service manager
allow esepmdaemon esepmdaemon_service:service_manager add;
#Allow access to nfc device
allow esepmdaemon nfc_device:chr_file rw_file_perms;
# Allow esepmdaemon to load firmware images
r_dir_file(esepmdaemon, firmware_file);
# Allow esepmdaemon to interract with ion_device
allow esepmdaemon ion_device:chr_file r_file_perms;
# Allow esepmdaemon to interract with qseecom
allow esepmdaemon tee_device:chr_file rw_file_perms;

54
legacy/vendor/common/fidodaemon.te vendored Normal file
View File

@@ -0,0 +1,54 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type fidodaemon, domain;
type fidodaemon_exec, exec_type, vendor_file_type, file_type;
#Allow for transition from init domain to fidodaemon
init_daemon_domain(fidodaemon)
#Allow fidodaemon to use Binder IPC
#binder_use(fidodaemon)
#Allow apps to interact with fidodaemon
binder_call(fidodaemon, platform_app)
binder_call(fidodaemon, system_app)
#Mark fidodaemon as a Binder service domain
#binder_service(fidodaemon)
#Allow fidodaemon to be registered with service manager
allow fidodaemon fidodaemon_service:service_manager add;
#Allow communication with init over property server
unix_socket_connect(fidodaemon, property, init);
#Allow access to tee device
allow fidodaemon tee_device:chr_file rw_file_perms;
#Allow access to firmware
r_dir_file(fidodaemon, firmware_file)

399
legacy/vendor/common/file.te vendored Normal file
View File

@@ -0,0 +1,399 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Default type for anything under /firmware.
type firmware_file, system_file_type, file_type, contextmount_type, vendor_file_type;
# All files under /vendor/firmware
type vendor_firmware_file, vendor_file_type, file_type;
#Define the qmux socket type
type qmuxd_socket, file_type;
#Define the netmgrd socket type
type netmgrd_socket, file_type;
#QTI file types
type vendor_qti_data_file, file_type, data_file_type;
type proc_wifi_dbg, proc_type, fs_type;
#Define the pps socket type
type pps_socket, file_type;
#Define the qdcmss socket type
type qdcmsocket_socket, file_type;
# Define cnd socket and data file type
type cnd_socket, file_type, mlstrustedobject;
type cnd_data_file, file_type, data_file_type;
type chre_socket, file_type;
# Define dpmd data file type
#type dpmd_socket, file_type;
#type dpmwrapper_socket, file_type, mlstrustedobject;
#type dpmd_data_file, file_type, data_file_type;
#typealias system_app_data_file alias dpmd_app_data_file;
#typealias system_app_data_file alias qtitetherservice_app_data_file;
#Define the timeout for platform specific transports
type sysfs_hsic_modem_wait, sysfs_type, fs_type;
type sysfs_smd_open_timeout, sysfs_type, fs_type;
#Define the files written during the operation of netmgrd and qmuxd
type netmgrd_data_file, file_type, data_file_type;
type sysrq_trigger_proc, fs_type, mlstrustedobject;
# Persist file types
type persist_file, file_type, vendor_persist_type;
type persist_bluetooth_file, file_type , vendor_persist_type;
type persist_data_file, file_type , vendor_persist_type;
type persist_drm_file, file_type , vendor_persist_type;
type data_qtee_file, file_type, data_file_type;
type vendor_persist_mmi_file, file_type, vendor_persist_type;
type persist_misc_file, file_type , vendor_persist_type;
type persist_bms_file, file_type , vendor_persist_type;
type persist_secnvm_file, file_type , vendor_persist_type;
type persist_hvdcp_file, file_type , vendor_persist_type;
#file type for restricting proc read by audiod
type proc_audiod, fs_type, proc_type;
#file type for irqbalance socket
type msm_irqbalance_socket, file_type;
# Sensor file types
type sensors_socket, file_type;
type sensors_persist_file, file_type, vendor_persist_type;
type sysfs_sensors, sysfs_type, fs_type;
#Memory offlining file types
type sysfs_memory_offline, sysfs_type, fs_type;
#VirtualKeys file type
type sysfs_virtualkeys, sysfs_type, fs_type;
#type for thermal-engine
type thermal_socket, file_type;
#type for uart
type sysfs_msmuart_file, sysfs_type, fs_type;
# Storage RFS file types
type rfs_system_file, system_file_type, file_type;
type rfs_file, file_type, data_file_type;
type rfs_shared_hlos_file, file_type, data_file_type;
type persist_rfs_file, file_type, vendor_persist_type;
type persist_rfs_shared_hlos_file, file_type, vendor_persist_type;
#mm-pp-daemon file type for sysfs access
#type sysfs_leds, fs_type, sysfs_type;
#Define the files written during the operation of mm-pp-daemon
type data_ad_calib_cfg, file_type, data_file_type;
#SurfaceFlinger file type for sysfs access
type sysfs_graphics, sysfs_type, fs_type;
# USB/battery power supply type for hvdcp/quickcharge
type sysfs_usb_supply, sysfs_type, fs_type;
type sysfs_battery_supply, sysfs_type, fs_type;
type sysfs_usbpd_device, sysfs_type, fs_type;
# sysfs vadc device for hvdcp/quickcharge
type sysfs_vadc_dev, sysfs_type, fs_type;
# sysfs spmi device for hvdcp/quickcharge
type sysfs_spmi_dev, sysfs_type, fs_type;
# sysfs qdss device for qcomsysd
type sysfs_qdss_dev, sysfs_type, fs_type;
# sysfs poweron_alarm is used in init.target.rc
type sysfs_poweron_alarm, sysfs_type, fs_type;
#Define the files written during the operation of mpdecision
type sysfs_mpdecision, fs_type, sysfs_type;
type sysfs_rqstats, fs_type, sysfs_type;
type sysfs_cpu_online, fs_type, sysfs_type;
type mpctl_socket, file_type, mlstrustedobject;
type mpctl_data_file, file_type, data_file_type;
#Define the files used by lm
type lm_data_file, file_type, data_file_type;
type sysfs_devfreq, fs_type, sysfs_type;
type sysfs_devfreq_l3cdsp, fs_type, sysfs_type;
type sysfs_mmc_host, fs_type, sysfs_type;
type sysfs_scsi_host, fs_type, sysfs_type;
type sysfs_cpu_boost, fs_type, sysfs_type;
type sysfs_msm_perf, fs_type, sysfs_type;
type sysfs_memory, fs_type, sysfs_type;
type sysfs_lib, fs_type, sysfs_type;
type sysfs_slpi, fs_type, sysfs_type;
type sysfs_process_reclaim, fs_type, sysfs_type;
type sysfs_vmpressure, fs_type, sysfs_type;
#define the files writter during the operatio of iop
type iop_socket, file_type;
type iop_data_file, file_type, data_file_type;
#Socket node needed by ims_data daemon
type ims_socket, file_type;
#mink-lowi-interface-daemon (mlid) socket
type mlid_socket, file_type, mlstrustedobject;
#ssg qmi gateway daemon socket
type ssgqmig_socket, file_type, mlstrustedobject;
#ssg tz daemon socket
type ssgtzd_socket, file_type, mlstrustedobject;
#location file types
type location_data_file, file_type, data_file_type;
type location_socket, file_type, data_file_type;
type location_app_data_file, file_type, data_file_type;
#File types required by mdm-helper
type sysfs_esoc, sysfs_type, fs_type;
type sysfs_ssr, sysfs_type, fs_type;
type sysfs_ssr_toggle, sysfs_type, fs_type;
type sysfs_hsic, sysfs_type, fs_type;
type sysfs_hsic_host_rdy, sysfs_type, fs_type;
# Files accessed by qcom-system-daemon
type sysfs_socinfo, fs_type, sysfs_type;
type qlogd_socket, file_type, mlstrustedobject;
#Defines the files (configs, dumps, etc) used by display processes
type display_vendor_data_file, file_type, data_file_type;
#Define the files for the operation of QDCM
type persist_display_file, file_type, vendor_persist_type;
# IPA file types
type ipacm_socket, file_type;
type ipa_vendor_data_file, file_type, data_file_type;
# vendor audio data file
type vendor_audio_data_file, file_type, data_file_type;
# Tombstone vendor data
type vendor_tombstone_data_file, file_type, data_file_type;
# Port-bridge file types
type port_bridge_data_file, file_type, data_file_type;
#bluetooth firmware file types
type bt_firmware_file, file_type, contextmount_type, vendor_file_type;
#needed by vold
type proc_dirty_ratio, fs_type, proc_type;
#File types by mmi
type vendor_mmi_socket, file_type;
# hbtp config file
type hbtp_cfg_file, file_type, vendor_file_type;
type hbtp_log_file, file_type, data_file_type;
type hbtp_kernel_sysfs, fs_type, sysfs_type;
type persist_usf_file, file_type, vendor_persist_type;
#qfp-daemon
type qfp-daemon_data_file, file_type, data_file_type;
type persist_qti_fp_file, file_type, vendor_persist_type;
# imshelper_app file types
type imshelper_app_data_file, file_type, data_file_type;
# RIDL data files
type RIDL_data_file, file_type, data_file_type;
type RIDL_socket, file_type, data_file_type;
# qti_logkit data files (privileged and public)
type qti_logkit_priv_data_file, file_type, data_file_type;
type qti_logkit_pub_data_file, file_type, data_file_type;
type qti_logkit_priv_socket, file_type, data_file_type;
type qti_logkit_pub_socket, file_type, mlstrustedobject, data_file_type;
# used for /dsp files
type adsprpcd_file, file_type, mlstrustedobject, vendor_file_type;
#mdtp_svc_app file types
type mdtp_svc_app_data_file, file_type, data_file_type;
# Regionalization files
type regionalization_file, file_type , vendor_persist_type;
type vendor_carrier_file, file_type, vendor_file_type;
# /data/system/swap/swapfile - swapfile
type swap_data_file, file_type, data_file_type;
# dynamic nv files
type dynamic_nv_data_file, file_type, data_file_type;
# Wifi Data file
type wifi_vendor_data_file, file_type, data_file_type;
type wifi_vendor_wpa_socket, file_type, data_file_type;
type wifi_vendor_hostapd_socket, file_type, data_file_type;
type hostapd_socket, file_type, data_file_type;
#widevine data file
type mediadrm_vendor_data_file, file_type, data_file_type;
# wififtmd socket file
type wififtmd_socket, file_type;
type persist_alarm_file, file_type, vendor_persist_type;
type persist_time_file, file_type, vendor_persist_type;
# nfc file type for data vendor access
type nfc_vendor_data_file, file_type, data_file_type;
# kgsl file type for sysfs access
type sysfs_kgsl, sysfs_type, fs_type;
type sysfs_kgsl_proc, sysfs_type, fs_type;
# kgsl snapshot file type for sysfs access
type sysfs_kgsl_snapshot, sysfs_type, fs_type;
# secure touch files
type sysfs_securetouch, fs_type, sysfs_type;
#data sysfs files
type sysfs_data, fs_type, sysfs_type;
#diag sysfs files
type sysfs_diag, fs_type, sysfs_type;
#laser sysfs files
type sysfs_laser, fs_type, sysfs_type;
# QDMA data files
type vendor_qdma_data_file, file_type, data_file_type;
type qdma_socket, file_type, mlstrustedobject;
# path to debugfs use this whic should be only used
# in debug builds
type qti_debugfs, fs_type, debugfs_type;
# vendor radio files
type vendor_radio_data_file, file_type, data_file_type;
# vendor MBN files
type vendor_mbn_data_file, file_type, data_file_type;
#uio sysfs
type sysfs_uio_file, fs_type, sysfs_type;
#irq balance sysfs type
type sysfs_irqbalance , sysfs_type, fs_type;
# vpp files
type vendor_vpp_data_file, file_type, data_file_type;
type persist_vpp_file, file_type, vendor_persist_type;
# vendor camera files
type vendor_camera_data_file, file_type, data_file_type;
# vendor media files
type vendor_media_data_file, file_type, data_file_type;
# wigig, fstman
type sysfs_bond0, fs_type, sysfs_type;
type sysfs_wigig, fs_type, sysfs_type;
type wigignpt_socket, file_type, data_file_type;
# wigig_hostapd
type wigig_hostapd_socket, file_type, data_file_type;
# ea sysfs files
type sysfs_ea, fs_type, sysfs_type;
#audio sysfs files
type sysfs_audio, fs_type, sysfs_type;
# lpm sysfs files
type sysfs_msm_stats, fs_type, sysfs_type;
type sysfs_msm_power, fs_type, sysfs_type;
type sysfs_fm, sysfs_type, fs_type;
# for adsp to load /sys/kernel/b ot_adsp/boot
type sysfs_boot_adsp, sysfs_type, fs_type;
# SFS listener data file
type data_tzstorage_file, file_type, data_file_type;
#TLOC Files
type tlocd_data_file, file_type, data_file_type;
#DRM files
type data_qsee_file, file_type, data_file_type;
#secure touch
type sysfs_sectouch, sysfs_type, fs_type;
#TUI Files
type vendor_tui_data_file, file_type, data_file_type;
#BT Files
type vendor_bt_data_file, file_type, data_file_type;
#FM Files
type vendor_fm_data_file, file_type, data_file_type;
#sysfs jpeg
type sysfs_jpeg, fs_type, sysfs_type;
#SSR Log Files
type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
# npu file
type sysfs_npu, fs_type, sysfs_type;
# subsystem_ramdump files
type vendor_ramdump_data_file, file_type, data_file_type;
type vendor_mdmhelperdata_data_file, file_type, data_file_type;
#for mount of /persist
typeattribute mnt_vendor_file vendor_persist_type;
#NNHAL files
type hal_neuralnetworks_data_file, file_type, data_file_type;
# vendor scve data file
type vendor_scve_data_file, file_type, data_file_type;
# usb device controller files
type sysfs_usb_controller, sysfs_type, fs_type;
# time data files
type time_data_file, file_type, data_file_type, core_data_file_type;
#qvrservice sysfs files
type sysfs_qvr_external_sensor, sysfs_type, fs_type;
# /dev/msm_aac_in
type msm_aac_in_device, dev_type;

740
legacy/vendor/common/file_contexts vendored Normal file
View File

@@ -0,0 +1,740 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
###################################
# Dev nodes
#
/dev/adsprpc-smd u:object_r:qdsp_device:s0
/dev/adsprpc-smd-secure u:object_r:xdsp_device:s0
/dev/cpu_dma_latency u:object_r:device_latency:s0
/dev/diag u:object_r:diag_device:s0
/dev/hsicctl.* u:object_r:hsic_device:s0
/dev/kgsl-3d0 u:object_r:gpu_device:s0
/dev/mhi_.* u:object_r:mhi_device:s0
/dev/bhi u:object_r:bhi_device:s0
/dev/msm_.* u:object_r:audio_device:s0
/dev/msm_aac_in u:object_r:msm_aac_in_device:s0
/dev/wcd_dsp0_control u:object_r:audio_device:s0
/dev/wcd-dsp-glink u:object_r:audio_device:s0
/dev/usf1 u:object_r:usf_device:s0
/dev/msm_dsps u:object_r:sensors_device:s0
/dev/msm_thermal_query u:object_r:thermal_device:s0
/dev/nfc-nci u:object_r:nfc_device:s0
/dev/nq-nci u:object_r:nfc_device:s0
/dev/qseecom u:object_r:tee_device:s0
/dev/spcom u:object_r:spcom_device:s0
/dev/sp_kernel u:object_r:skp_device:s0
/dev/sp_ssr u:object_r:sp_ssr_device:s0
/dev/sec_nvm_.* u:object_r:sec_nvm_device:s0
/dev/sp_keymaster u:object_r:sp_keymaster_device:s0
/dev/cryptoapp u:object_r:cryptoapp_device:s0
/dev/spdaemon_ssr u:object_r:spdaemon_ssr_device:s0
/dev/qsee_ipc_irq_spss u:object_r:qsee_ipc_irq_spss_device:s0
/dev/radio0 u:object_r:fm_radio_device:s0
/dev/btpower u:object_r:bt_device:s0
/dev/rtc0 u:object_r:rtc_device:s0
/dev/sdsprpc-smd u:object_r:dsp_device:s0
/dev/sensors u:object_r:sensors_device:s0
/dev/smd.* u:object_r:smd_device:s0
/dev/smem_log u:object_r:smem_log_device:s0
/dev/ttyHSL0 u:object_r:console_device:s0
/dev/ttyMSM0 u:object_r:console_device:s0
/dev/ttyHS[0-9]* u:object_r:serial_device:s0
/dev/ttyGS0 u:object_r:gadget_serial_device:s0
/dev/usb_ext_chg u:object_r:hvdcp_device:s0
/dev/media([0-9])+ u:object_r:video_device:s0
/dev/jpeg[0-9]* u:object_r:video_device:s0
/dev/v4l-subdev.* u:object_r:video_device:s0
/dev/vm_bms u:object_r:vm_bms_device:s0
/dev/battery_data u:object_r:battery_data_device:s0
/dev/block/mmcblk1 u:object_r:sd_device:s0
/dev/block/mmcblk1p1 u:object_r:sd_device:s0
/dev/subsys_.* u:object_r:ssr_device:s0
/dev/ramdump_.* u:object_r:ramdump_device:s0
/dev/esoc.* u:object_r:esoc_device:s0
/dev/ks_hsic_bridge u:object_r:ksbridgehsic_device:s0
/dev/efs_hsic_bridge u:object_r:efsbridgehsic_device:s0
/dev/ipa u:object_r:ipa_dev:s0
/dev/wwan_ioctl u:object_r:ipa_dev:s0
/dev/ipaNatTable u:object_r:ipa_dev:s0
/dev/rmnet_ctrl.* u:object_r:rmnet_device:s0
/dev/dpl_ctrl u:object_r:rmnet_device:s0
/dev/wcnss_ctrl u:object_r:wcnss_device:s0
/dev/wcnss_wlan u:object_r:wcnss_device:s0
/dev/pta u:object_r:pta_device:s0
/dev/mdss_rotator u:object_r:graphics_device:s0
/dev/hbtp_input u:object_r:hbtp_device:s0
/dev/hbtp_vm u:object_r:hbtp_device:s0
/dev/jdi-bu21150 u:object_r:bu21150_device:s0
/dev/avtimer u:object_r:avtimer_device:s0
/dev/coresight-stm u:object_r:qdss_device:s0
/dev/coresight-tmc-etf u:object_r:qdss_device:s0
/dev/coresight-tmc-etr u:object_r:qdss_device:s0
/dev/coresight-tmc-etr-stream u:object_r:qdss_device:s0
/dev/system_health_monitor u:object_r:system_health_monitor_device:s0
/dev/qce u:object_r:qce_device:s0
/dev/msm-rng u:object_r:rng_device:s0
/dev/qbt1000 u:object_r:qbt1000_device:s0
/dev/at_.* u:object_r:at_device:s0
/dev/sg.* u:object_r:sg_device:s0
/dev/dri/card0 u:object_r:graphics_device:s0
/dev/dri/controlD64 u:object_r:graphics_device:s0
/dev/dri/renderD128 u:object_r:graphics_device:s0
/dev/wlan u:object_r:wlan_device:s0
/dev/bg_com_dev u:object_r:bg_daemon_device:s0
/dev/msm_npu u:object_r:npu_device:s0
/dev/qg u:object_r:qg_device:s0
/dev/qg_battery u:object_r:qg_device:s0
/dev/ipa_odl_ctl u:object_r:ipa_dev:s0
/dev/ipa_adpl u:object_r:ipa_dev:s0
###################################
# Dev block nodes
#
/dev/block/zram0 u:object_r:swap_block_device:s0
/data/vendor/swap(/.*)? u:object_r:swap_data_file:s0
###################################
# Dev socket nodes
#
/dev/socket/chre u:object_r:chre_socket:s0
/dev/socket/qmux_audio(/.*)? u:object_r:qmuxd_socket:s0
/dev/socket/qmux_bluetooth(/.*)? u:object_r:qmuxd_socket:s0
/dev/socket/qmux_gps(/.*)? u:object_r:qmuxd_socket:s0
/dev/socket/qmux_radio(/.*)? u:object_r:qmuxd_socket:s0
/dev/socket/qmux_nfc(/.*)? u:object_r:qmuxd_socket:s0
/dev/socket/netmgr(/.*)? u:object_r:netmgrd_socket:s0
/dev/socket/sensor_ctl_socket u:object_r:sensors_socket:s0
/dev/socket/cnd u:object_r:cnd_socket:s0
/dev/socket/nims u:object_r:cnd_socket:s0
/dev/socket/thermal-send-client u:object_r:thermal_socket:s0
/dev/socket/thermal-recv-client u:object_r:thermal_socket:s0
/dev/socket/thermal-recv-passive-client u:object_r:thermal_socket:s0
/dev/socket/thermal-send-rule u:object_r:thermal_socket:s0
/dev/socket/ims_qmid u:object_r:ims_socket:s0
/dev/socket/ims_datad u:object_r:ims_socket:s0
/dev/socket/iop u:object_r:iop_socket:s0
/dev/socket/qlogd u:object_r:qlogd_socket:s0
/dev/socket/ipacm_log_file u:object_r:ipacm_socket:s0
/dev/socket/pps u:object_r:pps_socket:s0
/dev/socket/qdcmsocket u:object_r:qdcmsocket_socket:s0
/dev/socket/rild2 u:object_r:rild_socket:s0
/dev/socket/rild2-debug u:object_r:rild_debug_socket:s0
/dev/socket/rild-debug2 u:object_r:rild_debug_socket:s0
/dev/socket/rild3 u:object_r:rild_socket:s0
/dev/socket/rild3-debug u:object_r:rild_debug_socket:s0
/dev/socket/rild-debug3 u:object_r:rild_debug_socket:s0
/dev/socket/msm_irqbalance u:object_r:msm_irqbalance_socket:s0
/dev/socket/mlid u:object_r:mlid_socket:s0
/dev/socket/ssgqmig u:object_r:ssgqmig_socket:s0
/dev/socket/ssgtzd u:object_r:ssgtzd_socket:s0
/dev/socket/wififtmd_server u:object_r:wififtmd_socket:s0
/dev/socket/wpa_wigig[0-9] u:object_r:wifi_vendor_wpa_socket:s0
/dev/socket/vendor_wpa_wlan[0-9] u:object_r:wifi_vendor_wpa_socket:s0
/dev/socket/mmi u:object_r:vendor_mmi_socket:s0
/dev/socket/location(/.*)? u:object_r:location_socket:s0
/dev/socket/wigignpt u:object_r:wigignpt_socket:s0
/dev/socket/qdma(/.*)? u:object_r:qdma_socket:s0
###################################
# System files
#
/(vendor|system/vendor)/bin/ATFWD-daemon u:object_r:atfwd_exec:s0
/(vendor|system/vendor)/bin/PktRspTest u:object_r:diag_exec:s0
/(vendor|system/vendor)/bin/audiod u:object_r:audiod_exec:s0
/(vendor|system/vendor)/bin/nqnfcinfo u:object_r:nqnfcinfo_exec:s0
/(vendor|system/vendor)/bin/charger_monitor u:object_r:charger_monitor_exec:s0
/(vendor|system/vendor)/bin/hvdcp_opti u:object_r:hvdcp_exec:s0
/(vendor|system/vendor)/bin/cnd u:object_r:cnd_exec:s0
/(vendor|system/vendor)/bin/diag_callback_client u:object_r:diag_exec:s0
/(vendor|system/vendor)/bin/diag_dci_sample u:object_r:diag_exec:s0
/(vendor|system/vendor)/bin/diag_klog u:object_r:diag_exec:s0
/(vendor|system/vendor)/bin/diag_mdlog u:object_r:qlogd_exec:s0
/(vendor|system/vendor)/bin/drmdiagapp u:object_r:diag_exec:s0
/(vendor|system/vendor)/bin/diag_qshrink4_daemon u:object_r:diag_exec:s0
/(vendor|system/vendor)/bin/diag_socket_log u:object_r:diag_exec:s0
/(vendor|system/vendor)/bin/diag_uart_log u:object_r:diag_exec:s0
/(vendor|system/vendor)/bin/diag_buffering_test u:object_r:diag_exec:s0
/(vendor|system/vendor)/bin/irsc_util u:object_r:irsc_util_exec:s0
/(vendor|system/vendor)/bin/qrtr-cfg u:object_r:qrtr_exec:s0
/(vendor|system/vendor)/bin/qrtr-ns u:object_r:qrtr_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.class_core\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.bt\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.early_boot\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.class_main\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.post_boot\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.sensors\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.usb\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.mdm\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.mdm\.crashdata\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.syspart_fixup\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/hcidump.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/hsic\.control\.bt\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.ath3k\.bt\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.crda\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.coex\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.debug-sdm660\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.debug\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.efs\.sync\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qti\.fm\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.sdio\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qcom\.wifi\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.qti\.ims\.sh u:object_r:init-qti-ims-sh_exec:s0
/(vendor|system/vendor)/bin/qca6234-service.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/mm-pp-daemon u:object_r:mm-pp-daemon_exec:s0
/(vendor|system/vendor)/bin/mm-pp-dpps u:object_r:mm-pp-daemon_exec:s0
/(vendor|system/vendor)/bin/mm-audio-ftm u:object_r:vendor_audioftm_exec:s0
/(vendor|system/vendor)/bin/mmi u:object_r:vendor_mmi_exec:s0
/(vendor|system/vendor)/bin/mmid u:object_r:vendor_mmi_exec:s0
/(vendor|system/vendor)/bin/qdcmss u:object_r:qdcm-ss_exec:s0
/(vendor|system/vendor)/bin/msm_irqbalance u:object_r:msm_irqbalanced_exec:s0
/(vendor|system/vendor)/bin/imsdatadaemon u:object_r:ims_exec:s0
/(vendor|system/vendor)/bin/imsqmidaemon u:object_r:ims_exec:s0
/(vendor|system/vendor)/bin/ims_rtp_daemon u:object_r:hal_imsrtp_exec:s0
/(vendor|system/vendor)/bin/netmgrd u:object_r:netmgrd_exec:s0
/(vendor|system/vendor)/bin/qmuxd u:object_r:qmuxd_exec:s0
/(vendor|system/vendor)/bin/port-bridge u:object_r:port-bridge_exec:s0
/(vendor|system/vendor)/bin/sensors.qcom u:object_r:sensors_exec:s0
/(vendor|system/vendor)/bin/sensors.qti u:object_r:sensors_exec:s0
/(vendor|system/vendor)/bin/test_diag u:object_r:diag_exec:s0
/(vendor|system/vendor)/bin/thermal-engine u:object_r:thermal-engine_exec:s0
/(vendor|system/vendor)/bin/vm_bms u:object_r:vm_bms_exec:s0
/(vendor|system/vendor)/bin/mm-qcamera-daemon u:object_r:mm-qcamerad_exec:s0
/(vendor|system/vendor)/bin/qfp-daemon u:object_r:qfp-daemon_exec:s0
/(vendor|system/vendor)/bin/qvop-daemon u:object_r:qvop-daemon_exec:s0
/system/rfs.* u:object_r:rfs_system_file:s0
/(vendor|system/vendor)/bin/time_daemon u:object_r:time_daemon_exec:s0
/(vendor|system/vendor)/bin/rmt_storage u:object_r:rmt_storage_exec:s0
/(vendor|system/vendor)/bin/rfs_access u:object_r:rfs_access_exec:s0
/(vendor|system/vendor)/bin/tftp_server u:object_r:rfs_access_exec:s0
/(vendor|system/vendor)/bin/hvdcp u:object_r:hvdcp_exec:s0
/(vendor|system/vendor)/bin/qseecomd u:object_r:tee_exec:s0
/(vendor|system/vendor)/bin/spdaemon u:object_r:spdaemon_exec:s0
/(vendor|system/vendor)/bin/sec_nvm u:object_r:sec_nvm_exec:s0
/(vendor|system/vendor)/bin/cnss-daemon u:object_r:wcnss_service_exec:s0
/(vendor|system/vendor)/bin/hostapd_cli u:object_r:hostapd_exec:s0
/(vendor|system/vendor)/bin/adsprpcd u:object_r:adsprpcd_exec:s0
/(vendor|system/vendor)/bin/cdsprpcd u:object_r:cdsprpcd_exec:s0
/(vendor|system/vendor)/bin/wpa_cli u:object_r:wcnss_service_exec:s0
/(vendor|system/vendor)/bin/mdm_helper u:object_r:mdm_helper_exec:s0
/(vendor|system/vendor)/bin/mdm_helper_proxy u:object_r:mdm_helper_exec:s0
/(vendor|system/vendor)/bin/ks u:object_r:mdm_helper_exec:s0
/(vendor|system/vendor)/bin/pm-service u:object_r:vendor_per_mgr_exec:s0
/(vendor|system/vendor)/bin/pm-proxy u:object_r:vendor_per_mgr_exec:s0
/(vendor|system/vendor)/bin/pd-mapper u:object_r:vendor_pd_mapper_exec:s0
/(vendor|system/vendor)/bin/pd-api-test u:object_r:vendor_pd_mapper_exec:s0
/(vendor|system/vendor)/bin/qcom-system-daemon u:object_r:vendor_qcomsysd_exec:s0
/(vendor|system/vendor)/bin/poweroffhandler u:object_r:poweroffhandler_exec:s0
/(vendor|system/vendor)/xbin/qlogd u:object_r:qlogd_exec:s0
/(vendor|system/vendor)/bin/ipacm u:object_r:ipacm_exec:s0
/(vendor|system/vendor)/bin/ipacm-diag u:object_r:ipacm-diag_exec:s0
/(vendor|system/vendor)/bin/dpmQmiMgr u:object_r:hal_dpmQmiMgr_exec:s0
#/(vendor|system/vendor)/bin/dpmd u:object_r:dpmd_exec:s0
/(vendor|system/vendor)/bin/ssr_setup u:object_r:vendor_ssr_setup_exec:s0
/(vendor|system/vendor)/bin/subsystem_ramdump u:object_r:vendor_subsystem_ramdump_exec:s0
/(vendor|system/vendor)/bin/ssr_diag u:object_r:vendor_ssr_diag_exec:s0
/(vendor|system/vendor)/bin/hw/qcrild u:object_r:rild_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.1-service.widevine u:object_r:hal_drm_widevine_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.1-service.clearkey u:object_r:hal_drm_clearkey_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@.*-service-qti u:object_r:hal_gnss_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.gnss@.*-service u:object_r:hal_gnss_qti_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti u:object_r:hal_bluetooth_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.display\.color@1\.0-service u:object_r:hal_display_color_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.perf@1\.0-service u:object_r:hal_perf_default_exec:s0
/(vendor|system/vendor)/bin/ssgqmigd u:object_r:ssgqmigd_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.iop@1\.0-service u:object_r:hal_iop_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.iop@2\.0-service u:object_r:hal_iop_default_exec:s0
/(vendor|system/vendor)/bin/mlid u:object_r:mlid_exec:s0
/(vendor|system/vendor)/bin/ssgtzd u:object_r:ssgtzd_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.esepowermanager@1\.0-service u:object_r:hal_esepowermanager_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.secure_element@1\.0-service u:object_r:hal_secure_element_default_exec:s0
/(vendor|system/vendor)/bin/loc_launcher u:object_r:location_exec:s0
/(vendor|system/vendor)/bin/lowi-server u:object_r:location_exec:s0
/(vendor|system/vendor)/bin/xtwifi-inet-agent u:object_r:location_exec:s0
/(vendor|system/vendor)/bin/xtwifi-client u:object_r:location_exec:s0
/(vendor|system/vendor)/bin/garden_app u:object_r:location_exec:s0
/(vendor|system/vendor)/bin/DR_AP_Service u:object_r:location_exec:s0
/(vendor|system/vendor)/bin/slim_daemon u:object_r:location_exec:s0
/(vendor|system/vendor)/bin/xtra-daemon u:object_r:location_exec:s0
/(vendor|system/vendor)/bin/energy-awareness u:object_r:energyawareness_exec:s0
/(vendor|system/vendor)/bin/fidodaemon u:object_r:fidodaemon_exec:s0
/(vendor|system/vendor)/bin/esepmdaemon u:object_r:esepmdaemon_exec:s0
/(vendor|system/vendor)/bin/secotad u:object_r:secotad_exec:s0
/(vendor|system/vendor)/bin/qseeproxydaemon u:object_r:qseeproxy_exec:s0
/(vendor|system/vendor)/bin/dts_configurator u:object_r:dtsconfigurator_exec:s0
/(vendor|system/vendor)/bin/dts_eagle_service u:object_r:dtseagleservice_exec:s0
/(vendor|system/vendor)/bin/qti u:object_r:qti_exec:s0
/(vendor|system/vendor)/bin/adpl u:object_r:adpl_exec:s0
/(vendor|system/vendor)/bin/wcnss_service u:object_r:wcnss_service_exec:s0
/(vendor|system/vendor)/bin/hbtp_daemon u:object_r:hbtp_exec:s0
/(vendor|system/vendor)/bin/touch_fusion u:object_r:touchfusion_exec:s0
/(vendor|system/vendor)/bin/seemp_healthd u:object_r:seemp_health_daemon_exec:s0
/(vendor|system/vendor)/bin/sapd u:object_r:sapd_exec:s0
/(vendor|system/vendor)/bin/btnvtool u:object_r:btnvtool_exec:s0
/(vendor|system/vendor)/bin/btsnoop u:object_r:btsnoop_exec:s0
/(vendor|system/vendor)/bin/wifidisplayhalservice u:object_r:wifidisplayhalservice_qti_exec:s0
/(vendor|system/vendor)/bin/wcnss_filter u:object_r:wcnss_filter_exec:s0
/(vendor|system/vendor)/bin/fmhal_service u:object_r:fmhal_service_exec:s0
/(vendor|system/vendor)/bin/usf_epos u:object_r:usf_exec:s0
/(vendor|system/vendor)/bin/usf_gesture u:object_r:usf_exec:s0
/(vendor|system/vendor)/bin/usf_hovering u:object_r:usf_exec:s0
/(vendor|system/vendor)/bin/usf_p2p u:object_r:usf_exec:s0
/(vendor|system/vendor)/bin/usf_proximity u:object_r:usf_exec:s0
/(vendor|system/vendor)/bin/usf_sync_gesture u:object_r:usf_exec:s0
/(vendor|system/vendor)/bin/usf_sw_calib u:object_r:usf_exec:s0
/(vendor|system/vendor)/bin/usf_pairing u:object_r:usf_exec:s0
/(vendor|system/vendor)/bin/usf_tester u:object_r:usf_exec:s0
/(vendor|system/vendor)/bin/LKCore u:object_r:qti_logkit_exec:s0
/(vendor|system/vendor)/bin/tbaseLoader u:object_r:tbaseLoader_exec:s0
/(vendor|system/vendor)/bin/mcStarter u:object_r:mcStarter_exec:s0
/(vendor|system/vendor)/bin/fstman u:object_r:fstman_exec:s0
/(vendor|system/vendor)/bin/wigighalsvc u:object_r:wigighalsvc_exec:s0
/(vendor|system/vendor)/bin/wigignpt u:object_r:wigignpt_exec:s0
/(vendor|system/vendor)/bin/mdtpd u:object_r:mdtpdaemon_exec:s0
/(vendor|system/vendor)/bin/wifi_ftmd u:object_r:wifi_ftmd_exec:s0
/(vendor|system/vendor)/bin/fingerprint.qcom u:object_r:fps_hal_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-strongbox-service-qti u:object_r:hal_keymaster_qti_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti u:object_r:hal_gatekeeper_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.nxp\.hardware\.nfc@1\.0-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.nxp\.hardware\.nfc@1\.1-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/qdmastatsd u:object_r:qdmastatsd_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.alarm@1\.0-service u:object_r:hal_alarm_qti_default_exec:s0
/(vendor|system/vendor)/bin/imsrcsd u:object_r:hal_rcsservice_exec:s0
/(vendor|system/vendor)/bin/vppservice u:object_r:vendor_vppservice_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qteeconnector@1\.0-service u:object_r:hal_qteeconnector_qti_exec:s0
/(vendor|system/vendor)/bin/fm_qsoc_patches u:object_r:fm_qsoc_patches_exec:s0
/(vendor|system/vendor)/bin/chre u:object_r:chre_exec:s0
/(vendor|system/vendor)/bin/tloc_daemon u:object_r:tlocd_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.factory@1\.0-service u:object_r:vendor_hal_factory_qti_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator@1\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.tui_comm@1\.0-service-qti u:object_r:hal_tui_comm_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.soter@1\.0-service u:object_r:hal_soter_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qdutils_disp@1\.0-service-qti u:object_r:hal_qdutils_disp_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.sensorscalibrate@1\.0-service u:object_r:hal_sensorscalibrate_qti_default_exec:s0
/(vendor|system/vendor)/bin/power_off_alarm u:object_r:power_off_alarm_exec:s0
/vendor/bin/hw/vendor\.qti\.hardware\.vibrator@1\.[0-2]-service u:object_r:hal_vibrator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget@1\.0-service-qti u:object_r:hal_usb_gadget_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.scve\.panorama@1\.0-service u:object_r:vendor_scve_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.scve\.objecttracker@1\.0-service u:object_r:vendor_scve_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.mlshal@1\.0-service u:object_r:hal_mirrorlink_qti_exec:s0
/(vendor|system/vendor)/bin/hdcp_srm u:object_r:hdcp_srm_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.power\.pasrmanager\@1\.0-service u:object_r:hal_pasrmanager_qti_exec:s0
###################################
# sysfs files
#
/sys/class/graphics/fb0/mdp/caps u:object_r:sysfs_graphics:s0
/sys/class/thermal(/.*)? u:object_r:sysfs_thermal:s0
/sys/class/sensors(/.*)? u:object_r:sysfs_sensors:s0
/sys/class/uio(/.*)? u:object_r:sysfs_uio:s0
/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,rmtfs_sharedmem/uio/uio[0-9]+(/.*)? u:object_r:sysfs_uio_file:s0
/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,rmtfs_sharedmem/uio/uio[0-9]+/maps/map[0-9]+(/.*)? u:object_r:sysfs_uio_file:s0
/sys/devices(/platform)?/soc.0/[a-z0-9]+.qcom,rmtfs_sharedmem/uio/uio[0-9]+(/.*)? u:object_r:sysfs_uio_file:s0
/sys/devices(/platform)?/soc.0/[a-z0-9]+.qcom,rmtfs_sharedmem/uio/uio[0-9]+/maps/map[0-9]+(/.*)? u:object_r:sysfs_uio_file:s0
/sys/devices/[^/]+bcl[^/]+(/.*)? u:object_r:sysfs_thermal:s0
/sys/devices/f9200000.*/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0
/sys/devices/msm_dwc3/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0
/sys/devices/msm_otg/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0
/sys/devices/platform/battery_current_limit u:object_r:sysfs_thermal:s0
/sys/devices/qpnp-charger.*/power_supply/battery(/.*)? u:object_r:sysfs_battery_supply:s0
/sys/class/qcom-battery(/.*)? u:object_r:sysfs_battery_supply:s0
/sys/class/charge_pump(/.*)? u:object_r:sysfs_battery_supply:s0
/sys/devices/soc/[a-z0-9]+.ssusb/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0
/sys/devices/soc/qpnp-vadc-[0-9]+(/.*)? u:object_r:sysfs_vadc_dev:s0
/sys/bus/spmi/devices(/.*)? u:object_r:sysfs_spmi_dev:s0
/sys/kernel/irq_helper/irq_blacklist_on u:object_r:sysfs_irqbalance:s0
/sys/devices/virtual/graphics/fb([0-3])+/idle_time u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/dynamic_fps u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/product_description u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/vendor_name u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/hdcp/tp u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_panel_status u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/lineptr_value u:object_r:sysfs_graphics:s0
/sys/devices/virtual/hsicctl/hsicctl1[0-9]/modem_wait u:object_r:sysfs_hsic_modem_wait:s0
/sys/devices/virtual/hsicctl/hsicctl[0-9]/modem_wait u:object_r:sysfs_hsic_modem_wait:s0
/sys/devices/virtual/net/bond0/bonding/queue_id u:object_r:sysfs_bond0:s0
/sys/devices/virtual/net/bond0/queues/rx-0/rps_cpus u:object_r:sysfs_bond0:s0
/sys/devices/virtual/smdpkt/smdcntl1[0-9]/open_timeout u:object_r:sysfs_smd_open_timeout:s0
/sys/devices/virtual/smdpkt/smdcntl[0-9]/open_timeout u:object_r:sysfs_smd_open_timeout:s0
/sys/devices/virtual/thermal(/.*)? u:object_r:sysfs_thermal:s0
/sys/module/msm_serial_hs/parameters/debug_mask u:object_r:sysfs_msmuart_file:s0
/sys/module/msm_thermal(/.*)? u:object_r:sysfs_thermal:s0
/sys/module/msm_thermal/core_control/cpus_offlined u:object_r:sysfs_mpdecision:s0
/sys/devices/f9a55000.*/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0
/sys/devices/virtual/graphics/fb([0-3])+/hpd u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/res_info u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/s3d_mode u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_panel_info u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_type u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_split u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/show_blank_event u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/bl_event u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/ad_event u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/ad_bl_event u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/hist_event u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/vsync_event u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/lineptr_event u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/idle_notify u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_thermal_level u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/idle_power_collapse u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/mode u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/name u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/connected u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_cmd_autorefresh_en u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/mdp/bw_mode_bitmap u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/edid_modes u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/hdcp2p2(/.*) u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/scan_info u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/edid_3d_modes u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_dfps_mode u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_src_split_info u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/hdr_stream u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/cec(/.*) u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msmfb_b10(/.*) u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/modes u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/edid_raw_data u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/packpattern u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/dyn_pu u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/ad u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/pp_bl_event u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_persist_mode u:object_r:sysfs_graphics:s0
/sys/devices/virtual/graphics/fb([0-3])+/config u:object_r:sysfs_graphics:s0
/sys/devices/virtual/rotator/mdss_rotator/caps u:object_r:sysfs_graphics:s0
/sys/devices/platform/vfb.([0-3])+/graphics/fb([0-3])+/modes u:object_r:sysfs_graphics:s0
/sys/devices/platform/vfb.([0-3])+/graphics/fb([0-3])+/mode u:object_r:sysfs_graphics:s0
/sys/module/drm/parameters/vblankoffdelay u:object_r:sysfs_graphics:s0
/sys/devices/platform/soc/[a-z0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/modes u:object_r:sysfs_graphics:s0
/sys/devices/platform/soc/[a-z0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/status u:object_r:sysfs_graphics:s0
/sys/devices/virtual/workqueue/kgsl-events/cpumask u:object_r:sysfs_kgsl:s0
/sys/devices/virtual/workqueue/kgsl-events/nice u:object_r:sysfs_kgsl:s0
/sys/devices/virtual/workqueue/kgsl-workqueue/cpumask u:object_r:sysfs_kgsl:s0
/sys/devices/virtual/workqueue/kgsl-workqueue/nice u:object_r:sysfs_kgsl:s0
/sys/class/graphics/fb([0-3])+/mdp/caps u:object_r:sysfs_graphics:s0
/sys/class/graphics/fb([0-3])+/ad u:object_r:sysfs_graphics:s0
/sys/devices/platform/soc/ae00000.qcom,mdss_mdp/backlight(/.*)? u:object_r:sysfs_graphics:s0
/sys/devices/virtual/switch/hdmi(/.*)? u:object_r:sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_mdp/[a-z0-9]+.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight(/.*)? u:object_r:sysfs_graphics:s0
/sys/devices/soc.0/[a-z0-9]+.qcom,mdss_mdp/qcom,mdss_fb_primary.+[a-z0-9]/leds/lcd-backlight(/.*)? u:object_r:sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_mdp/caps u:object_r:sysfs_graphics:s0
/sys/devices/soc/[a-z0-9]+.qcom,mdss_mdp/bw_mode_bitmap u:object_r:sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_mdp/bw_mode_bitmap u:object_r:sysfs_graphics:s0
/sys/devices/soc.0/[a-z0-9]+.qcom,mdss_mdp/bw_mode_bitmap u:object_r:sysfs_graphics:s0
/sys/devices/soc.0/[a-z0-9]+.qcom,mdss_mdp/caps u:object_r:sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_cam/video4linux/video[0-33]/name(/.*)? u:object_r:sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_rotator/video4linux/video[0-33]/name(/.*)? u:object_r:sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_rotator/caps u:object_r:sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,vidc/video4linux/video[0-33]/name(/.*)? u:object_r:sysfs_graphics:s0
/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,cci/[a-z0-9]+.qcom,cci:qcom,camera@[0-2]/video4linux/video[0-33]/name(/.*)? u:object_r:sysfs_graphics:s0
/sys/bus/platform/drivers/xhci_msm_hsic(/.*)? u:object_r:sysfs_hsic:s0
/sys/devices/msm_hsic_host/host_ready u:object_r:sysfs_hsic_host_rdy:s0
/sys/bus/esoc(/.*)? u:object_r:sysfs_esoc:s0
/sys/bus/msm_subsys(/.*)? u:object_r:sysfs_ssr:s0
/sys/bus/msm_subsys/devices/subsys0/restart_level u:object_r:sysfs_ssr_toggle:s0
/sys/bus/msm_subsys/devices/subsys1/restart_level u:object_r:sysfs_ssr_toggle:s0
/sys/bus/msm_subsys/devices/subsys2/restart_level u:object_r:sysfs_ssr_toggle:s0
/sys/bus/msm_subsys/devices/subsys3/restart_level u:object_r:sysfs_ssr_toggle:s0
/sys/bus/msm_subsys/devices/subsys4/restart_level u:object_r:sysfs_ssr_toggle:s0
/sys/devices/soc0/.* u:object_r:sysfs_socinfo:s0
/sys/devices/soc/soc:qcom,ipa_fws@[a-f0-9]+/subsys0/name u:object_r:sysfs_data:s0
/sys/devices/soc/soc:hbtp/secure_touch u:object_r:hbtp_kernel_sysfs:s0
/sys/devices/soc/soc:hbtp/secure_touch_enable u:object_r:hbtp_kernel_sysfs:s0
/sys/devices/soc/soc:hbtp/secure_touch_userspace u:object_r:hbtp_kernel_sysfs:s0
/sys/kernel/hbtp/display_pwr u:object_r:hbtp_kernel_sysfs:s0
/sys/firmware/devicetree/base/cpus(/.*)? u:object_r:sysfs_devices_system_cpu:s0
/sys/devices/vendor/vendor:bt_wcn3990/extldo u:object_r:sysfs_bluetooth_writable:s0
/sys/devices/vendor/vendor:bt_wcn3990/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
/sys/devices/bt_qca6174/extldo u:object_r:sysfs_bluetooth_writable:s0
/sys/devices/bt_qca6174/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
/sys/module/diagchar(/.*)? u:object_r:sysfs_diag:s0
/sys/devices(/platform)?/soc/soc:qcom,gpubw/devfreq/soc:qcom,gpubw(/.*)? u:object_r:sysfs_devfreq:s0
/sys/devices(/platform)?/soc/soc:qcom,llccbw/devfreq/soc:qcom,llccbw(/.*)? u:object_r:sysfs_devfreq:s0
/sys/devices(/platform)?/soc/soc:qcom,l3-cpu[0-9]/devfreq/soc:qcom,l3-cpu[0-9](/.*)? u:object_r:sysfs_devfreq:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.ufshc/clkscale_enable u:object_r:sysfs_scsi_host:s0
/sys/devices(/platform)?/soc/[a-f0-9]+/host0/scsi_host/host0(/.*)? u:object_r:sysfs_scsi_host:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0(/.*)? u:object_r:sysfs_kgsl:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/devfreq/[a-f0-9]+.qcom,kgsl-3d0(/.*)? u:object_r:sysfs_kgsl:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/snapshot(/.*)? u:object_r:sysfs_kgsl_snapshot:s0
/sys/devices(/platform)?/soc(.[0-9])?/[a-f0-9]+.sdhci/mmc_host/mmc0/clk_scaling(/.*)? u:object_r:sysfs_mmc_host:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.sdhci/mmc_host/mmc[0-9]/mmc0:[0-9]+/block/mmcblk[0-9]/bdi/read_ahead_kb u:object_r:sysfs_mmc_host:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.sdhci/mmc_host/mmc[0-9]/mmc0:[0-9]+/block/mmcblk[0-9]/queue/read_ahead_kb u:object_r:sysfs_mmc_host:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.sdhci/mmc_host/mmc[0-9]/mmc0:[0-9]+/block/mmcblk[0-9]/mmcblk0rpmb/bdi/read_ahead_kb u:object_r:sysfs_mmc_host:s0
/sys/devices(/platform)?/soc/[a-f0-9]+.sdhci/mmc_host/mmc[0-9]/mmc0:[0-9]+/block/mmcblk[0-9]/mmcblk0rpmb/queue/read_ahead_kb u:object_r:sysfs_mmc_host:s0
/sys/devices/virtual/bdi/[0-9]+:[0-9]+/read_ahead_kb u:object_r:sysfs_mmc_host:s0
/sys/devices/virtual/block/dm-[0-9]+/queue/read_ahead_kb u:object_r:sysfs_mmc_host:s0
/sys/module/cpu_boost(/.*)? u:object_r:sysfs_cpu_boost:s0
/sys/module/msm_performance(/.*)? u:object_r:sysfs_msm_perf:s0
/sys/kernel/mm/ksm(/.*)? u:object_r:sysfs_memory:s0
/sys/devices/virtual/input/input[0-9]+/do_flush u:object_r:sysfs_laser:s0
/sys/devices/virtual/input/input[0-9]+/enable_ps_sensor u:object_r:sysfs_laser:s0
/sys/devices(/platform)?/soc/[a-z0-9]+\.qcom,pcie/pci[0-9:]+/[0-9:\.]+/[0-9:\.]+/wil6210/fst_link_loss u:object_r:sysfs_wigig:s0
/sys/devices(/platform)?/soc/[a-z0-9]+\.qcom,pcie/pci[0-9:]+/[0-9:\.]+/[0-9:\.]+/wil6210/thermal_throttling u:object_r:sysfs_wigig:s0
/sys/devices(/platform)?/soc/[a-z0-9]+\.qcom,pcie/pci[0-9:]+/[0-9:\.]+/[0-9:\.]+/wil6210/snr_thresh u:object_r:sysfs_wigig:s0
/sys/devices(/platform)?/soc/[a-z0-9]+\.qcom,pcie/pci[0-9:]+/[0-9:\.]+/[0-9:\.]+/net/wigig0/queues/rx-0/rps_cpus u:object_r:sysfs_wigig:s0
/sys/devices(/platform)?/soc/[a-z0-9]+\.qcom,pcie/pci[0-9:]+/[0-9:\.]+/[0-9:\.]+/net/wigig0/gro_flush_timeout u:object_r:sysfs_wigig:s0
/sys/module/msm_core(/.*)? u:object_r:sysfs_ea:s0
/sys/module/lpm_stats(/.*)? u:object_r:sysfs_msm_stats:s0
/sys/module/lpm_levels(/.*)? u:object_r:sysfs_msm_power:s0
/sys/module/radio_iris_transport/parameters/fmsmd_set u:object_r:sysfs_fm:s0
/sys/module/app_setting/parameters/lib_name u:object_r:sysfs_lib:s0
/sys/kernel/boot_adsp/boot u:object_r:sysfs_boot_adsp:s0
/sys/kernel/boot_slpi(/.*)? u:object_r:sysfs_slpi:s0
/sys/module/process_reclaim(/.*)? u:object_r:sysfs_process_reclaim:s0
/sys/module/vmpressure(/.*)? u:object_r:sysfs_vmpressure:s0
/sys/board_properties/virtualkeys.synaptics_dsx u:object_r:sysfs_virtualkeys:s0
/sys/board_properties/virtualkeys.ft5x06_ts u:object_r:sysfs_virtualkeys:s0
###################################
# data files
#
/data/time(/.*)? u:object_r:time_data_file:s0
/data/vendor/nfc(/.*)? u:object_r:nfc_vendor_data_file:s0
/data/vendor/audio(/.*)? u:object_r:vendor_audio_data_file:s0
/data/vendor/connectivity(/.*)? u:object_r:cnd_data_file:s0
/data/vendor/misc/qti_fp(/.*)? u:object_r:qfp-daemon_data_file:s0
/data/vendor/time(/.*)? u:object_r:vendor_time_data_file:s0
/data/vendor/perfd(/.*)? u:object_r:mpctl_data_file:s0
/data/vendor/iop(/.*)? u:object_r:iop_data_file:s0
/data/vendor/lm(/.*)? u:object_r:lm_data_file:s0
/data/vendor/display(/.*)? u:object_r:display_vendor_data_file:s0
/data/vendor/ipa(/.*)? u:object_r:ipa_vendor_data_file:s0
/data/vendor/qtee(/.*)? u:object_r:data_qtee_file:s0
/data/vendor/location(/.*)? u:object_r:location_data_file:s0
/data/vendor/location/mq/location-mq-s u:object_r:location_socket:s0
/data/vendor/location/mq/alarm_svc u:object_r:location_socket:s0
/data/vendor/hbtp(/.*)? u:object_r:hbtp_log_file:s0
/data/vendor/qti-logkit(/.*)? u:object_r:qti_logkit_priv_data_file:s0
/data/vendor/qti-logkit/shared-public(/.*)? u:object_r:qti_logkit_pub_data_file:s0
/data/vendor/qti-logkit/logdata(/.*)? u:object_r:qti_logkit_pub_data_file:s0
/data/vendor/qti-logkit/socket-privileged(/.*)? u:object_r:qti_logkit_priv_socket:s0
/data/vendor/qti-logkit/socket-public(/.*)? u:object_r:qti_logkit_pub_socket:s0
/data/vendor/radio(/.*)? u:object_r:vendor_radio_data_file:s0
/data/vendor/modem_config(/.*)? u:object_r:vendor_mbn_data_file:s0
/data/vendor/dataqti(/.*)? u:object_r:vendor_qti_data_file:s0
/data/vendor/netmgr(/.*)? u:object_r:netmgrd_data_file:s0
/data/vendor/port_bridge(/.*)? u:object_r:port_bridge_data_file:s0
/data/vendor/rfs.* u:object_r:rfs_file:s0
/data/vendor/hlos_rfs(/.*)? u:object_r:rfs_shared_hlos_file:s0
/data/vendor/wifi(/.*)? u:object_r:wifi_vendor_data_file:s0
/data/vendor/wifi/sockets(/.*)? u:object_r:wifi_vendor_wpa_socket:s0
/data/vendor/wifi/wigig_sockets(/.*)? u:object_r:wifi_vendor_wpa_socket:s0
/data/vendor/wifi/wigig_sockets/wpa_ctrl.* u:object_r:wifi_vendor_wpa_socket:s0
/data/vendor/qdmastats(/.*)? u:object_r:vendor_qdma_data_file:s0
/data/vendor/qdma(/.*)? u:object_r:vendor_qdma_data_file:s0
/data/vendor/vpp(/.*)? u:object_r:vendor_vpp_data_file:s0
/data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0
/data/vendor/wifi/wigig_hostapd(/.*)? u:object_r:wigig_hostapd_socket:s0
/data/vendor/tombstones(/.*)? u:object_r:vendor_tombstone_data_file:s0
/data/vendor/tzstorage(/.*)? u:object_r:data_tzstorage_file:s0
/data/vendor/tloc(/.*)? u:object_r:tlocd_data_file:s0
/data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
/data/vendor/ssrdump(/.*)? u:object_r:ramdump_vendor_data_file:s0
/data/vendor/ramdump(/.*)? u:object_r:vendor_ramdump_data_file:s0
/data/vendor/mdmhelperdata(/.*)? u:object_r:vendor_mdmhelperdata_data_file:s0
/sys/kernel/debug/ipc_logging(/.*)? u:object_r:qti_debugfs:s0
/data/vendor/misc/qsee(/.*)? u:object_r:data_qsee_file:s0
/data/vendor/tui(/.*)? u:object_r:vendor_tui_data_file:s0
/data/vendor/nnhal(/.*)? u:object_r:hal_neuralnetworks_data_file:s0
/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0
/data/vendor/scve(/.*)? u:object_r:vendor_scve_data_file:s0
/data/vendor/fm(/.*)? u:object_r:vendor_fm_data_file:s0
###################################
# persist files
#
/persist(/.*)? u:object_r:mnt_vendor_file:s0
/mnt/vendor/persist/bluetooth(/.*)? u:object_r:persist_bluetooth_file:s0
/mnt/vendor/persist/drm(/.*)? u:object_r:persist_drm_file:s0
/mnt/vendor/persist/sensors(/.*)? u:object_r:sensors_persist_file:s0
/mnt/vendor/persist/alarm(/.*)? u:object_r:persist_alarm_file:s0
/mnt/vendor/persist/time(/.*)? u:object_r:persist_time_file:s0
/mnt/vendor/persist/data(/.*)? u:object_r:persist_drm_file:s0
/mnt/vendor/persist/data/tz(/.*)? u:object_r:persist_drm_file:s0
/mnt/vendor/persist/data/sfs(/.*)? u:object_r:persist_drm_file:s0
/mnt/vendor/persist/qti_fp(/.*)? u:object_r:persist_qti_fp_file:s0
/mnt/vendor/persist/usf(/.*)? u:object_r:persist_usf_file:s0
/mnt/vendor/persist/hlos_rfs(/.*)? u:object_r:persist_rfs_shared_hlos_file:s0
/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0
/mnt/vendor/persist/rfs.* u:object_r:persist_rfs_file:s0
/mnt/vendor/persist/speccfg(/.*)? u:object_r:regionalization_file:s0
/mnt/vendor/persist/misc(/.*)? u:object_r:persist_misc_file:s0
/mnt/vendor/persist/bms(/.*)? u:object_r:persist_bms_file:s0
/mnt/vendor/persist/vpp(/.*)? u:object_r:persist_vpp_file:s0
/mnt/vendor/persist/secnvm(/.*)? u:object_r:persist_secnvm_file:s0
/mnt/vendor/persist/FTM_AP(/.*)? u:object_r:vendor_persist_mmi_file:s0
/mnt/vendor/persist/hvdcp_opti(/.*)? u:object_r:persist_hvdcp_file:s0
###################################
# persist changes for backword comptaibily
# this changes would be removed once tech team make the changes
#
/persist/bluetooth(/.*)? u:object_r:persist_bluetooth_file:s0
/persist/drm(/.*)? u:object_r:persist_drm_file:s0
/persist/sensors(/.*)? u:object_r:sensors_persist_file:s0
/persist/alarm(/.*)? u:object_r:persist_alarm_file:s0
/persist/time(/.*)? u:object_r:persist_time_file:s0
/persist/data(/.*)? u:object_r:persist_drm_file:s0
/persist/data/tz(/.*)? u:object_r:persist_drm_file:s0
/persist/data/sfs(/.*)? u:object_r:persist_drm_file:s0
/persist/qti_fp(/.*)? u:object_r:persist_qti_fp_file:s0
/persist/usf(/.*)? u:object_r:persist_usf_file:s0
/persist/hlos_rfs(/.*)? u:object_r:persist_rfs_shared_hlos_file:s0
/persist/display(/.*)? u:object_r:persist_display_file:s0
/persist/rfs.* u:object_r:persist_rfs_file:s0
/persist/speccfg(/.*)? u:object_r:regionalization_file:s0
/persist/misc(/.*)? u:object_r:persist_misc_file:s0
/persist/bms(/.*)? u:object_r:persist_bms_file:s0
/persist/vpp(/.*)? u:object_r:persist_vpp_file:s0
/persist/secnvm(/.*)? u:object_r:persist_secnvm_file:s0
/persist/FTM_AP(/.*)? u:object_r:vendor_persist_mmi_file:s0
###################################
# etc files
#
/vendor/etc/hbtp/* u:object_r:hbtp_cfg_file:s0
###################################
# adsp files
#
/(vendor|system/vendor)/dsp(/.*)? u:object_r:adsprpcd_file:s0
/dsp(/.*)? u:object_r:adsprpcd_file:s0
###################################
# cache files
#
###################################
# vendor files
#
/vendor/package(/.*)? u:object_r:vendor_carrier_file:s0
/vendor/package(/.*)?/overlay(/.*)? u:object_r:vendor_overlay_file:s0
/vendor/package(/.*)?/app(/.*)? u:object_r:vendor_app_file:s0
# same-process HAL files and their dependencies
#
/vendor/lib(64)?/hw/gralloc\.msm8998\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl-qti-display\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@1\.0\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libqdMetaData\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libqservice\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libqdutils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libadreno_utils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgsl\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/vulkan\.msm8998\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libEGL_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv1_CM_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv2_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libdrmutils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libavenhancements\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgrallocutils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgralloccore\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libExtendedExtractor.so u:object_r:same_process_hal_file:s0
# RenderScript dependencies.
# To test: run cts -m CtsRenderscriptTestCases
/vendor/lib(64)?/libRSDriver_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libCB\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libllvm-qgl\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libbccQTI\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libllvm-qcom\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/librs_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/librs_adreno_sha1\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libqti-perfd-client\.so u:object_r:same_process_hal_file:s0
# perf-hal client lib (included by libqti-perfd-client.so)
/vendor/lib(64)?/vendor\.qti\.hardware\.perf@1\.0\.so u:object_r:same_process_hal_file:s0
# libGLESv2_adreno depends on this
/vendor/lib(64)?/libllvm-glnext\.so u:object_r:same_process_hal_file:s0
# libOpenCL and its dependencies
/vendor/lib(64)?/libOpenCL\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libq3dtools_adreno\.so u:object_r:same_process_hal_file:s0
# hbtp dependencies
/vendor/lib(64)?/libhbtpitsjni\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libhbtpdbgclientjni\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libhbtpjni\.so u:object_r:same_process_hal_file:s0
#Loaded by native loader (zygote) for all processes
/vendor/lib(64)?/libhalide_hexagon_host\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libadsprpc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libcdsprpc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libsdsprpc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libdiag\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libtime_genoff\.so u:object_r:same_process_hal_file:s0
# libmmi_jni
/vendor/lib(64)?/libmmi_jni\.so u:object_r:same_process_hal_file:s0
# libqti_vndfwk_detect libs
/vendor/lib(64)?/libvndfwk_detect_jni\.qti\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libqti_vndfwk_detect\.so u:object_r:same_process_hal_file:s0
# Fastcv libs
/vendor/lib(64)?/libfastcvdsp_stub\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libfastcvadsp_stub\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libfastcvopt\.so u:object_r:same_process_hal_file:s0
# SVA files
/vendor/lib(64)?/liblistenjni\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/liblistensoundmodel2\.so u:object_r:same_process_hal_file:s0
# libnpu
/vendor/lib(64)?/libnpu\.so u:object_r:same_process_hal_file:s0
###################################
# firmware images
#
/vendor/firmware(/.*)? u:object_r:vendor_firmware_file:s0
/system/etc/firmware(/.*)? u:object_r:firmware_file:s0
/system/vendor/firmware(/.*)? u:object_r:firmware_file:s0
/firmware/image(/.*)? u:object_r:firmware_file:s0
/vendor/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0
/vendor/firmware_mnt(/.*)? u:object_r:firmware_file:s0
/bt_firmware/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0
/(vendor|system/vendor)/bin/grep u:object_r:vendor_toolbox_exec:s0
##################################
#vendor toolbox
#
/(vendor|system/vendor)/bin/toolbox_vendor u:object_r:vendor_toolbox_exec:s0
#Android NN Driver
/(vendor|system/vendor)/bin/hw/android\.hardware\.neuralnetworks@1\.1-service-qti u:object_r:hal_neuralnetworks_default_exec:s0
#wifilearner daemon
/(vendor|system/vendor)/bin/wifilearner u:object_r:wifilearnersvc_exec:s0

30
legacy/vendor/common/fingerprintd.te vendored Normal file
View File

@@ -0,0 +1,30 @@
# Copyright (c) 2015, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#==========================fingerprintd================================
allow fingerprintd iqfp_service:service_manager find;
binder_call(fingerprintd, qfp-daemon);

29
legacy/vendor/common/fm.te vendored Normal file
View File

@@ -0,0 +1,29 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type fm_qsoc_patches, domain;
type fm_qsoc_patches_exec, exec_type, vendor_file_type, file_type;

39
legacy/vendor/common/fps_hal.te vendored Normal file
View File

@@ -0,0 +1,39 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#==========================fps_hal================================
type fps_hal, domain;
type fps_hal_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(fps_hal)
#binder_use(fps_hal)
#allow fps_hal iqfp_service:service_manager find;
binder_call(fps_hal, system_server);
binder_call(fps_hal, qfp-daemon);

29
legacy/vendor/common/fsck.te vendored Normal file
View File

@@ -0,0 +1,29 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow fsck persist_block_device:blk_file rw_file_perms;

72
legacy/vendor/common/fstman.te vendored Normal file
View File

@@ -0,0 +1,72 @@
# Copyright (c) 2015,2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type fstman, domain;
type fstman_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(fstman)
net_domain(fstman)
# fstman requires special network privileges.
# access traffic control (TC) for marking packets to identify from
# which slave interface they arrive, drop multicast packets and
# duplicate packets. This requires the net_raw capability.
# network admin operations mainly on the bonding driver:
# interface up/down, add/remove slave interfaces, set queue parameters
# This requires the net_admin capability.
allow fstman self:capability { net_admin net_raw };
# netlink socket is used to access traffic control (TC)
allow fstman self:netlink_route_socket nlmsg_write;
# allow privileged socket operations: interface up/down, bond interface management
allowxperm fstman self:udp_socket ioctl { SIOCGIFFLAGS SIOCSIFFLAGS SIOCSIFTXQLEN SIOCBONDENSLAVE SIOCBONDRELEASE SIOCETHTOOL};
# need access to bond0 sysfs in order to manage attached interfaces
allow fstman sysfs_net:dir r_dir_perms;
allow fstman sysfs_bond0:file rw_file_perms;
# need access to wigig sysfs in order to control fst_link_loss
allow fstman sysfs_wigig:file rw_file_perms;
#allow fstman to read FST properties
get_prop(fstman, fst_prop);
# create/read fstman configuration file (/data/vendor/wifi/fstman.ini)
r_dir_file(fstman, wifi_vendor_data_file)
allow fstman wifi_vendor_data_file:dir rw_dir_perms;
allow fstman wifi_vendor_data_file:file create_file_perms;
# fstman needs to communicate with wpa_supplicant and hostapd using socket
# for managing FST state
allow fstman { hal_wifi_supplicant hal_wifi_hostapd_default }:unix_dgram_socket sendto;
# supplicant interface sockets
allow fstman wifi_vendor_wpa_socket:dir rw_dir_perms;
allow fstman wifi_vendor_wpa_socket:sock_file create_file_perms;
# hostapd global socket
allow fstman hostapd_data_file:dir rw_dir_perms;
allow fstman hostapd_data_file:sock_file create_file_perms;

33
legacy/vendor/common/gatekeeper.te vendored Normal file
View File

@@ -0,0 +1,33 @@
# Copyright (c) 2016, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Allow interacting with esepmdaemon
#allow gatekeeperd esepmdaemon_service:service_manager find;
# Allow gatekeeper to bind to esepmdaemon
#binder_call(gatekeeperd, esepmdaemon)

77
legacy/vendor/common/genfs_contexts vendored Executable file
View File

@@ -0,0 +1,77 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
genfscon proc /debug/fwdump u:object_r:proc_wifi_dbg:s0
genfscon proc /debugdriver/driverdump u:object_r:proc_wifi_dbg:s0
genfscon proc /ath_pktlog/cld u:object_r:proc_wifi_dbg:s0
genfscon proc /asound/card0/state u:object_r:proc_audiod:s0
genfscon proc /asound/cards u:object_r:proc_audiod:s0
genfscon proc /sys/vm/dirty_ratio u:object_r:proc_dirty_ratio:s0
genfscon sysfs /module/msm_performance/workload_modes u:object_r:sysfs_msm_perf:s0
genfscon sysfs /devices/platform/soc/soc:qcom,cpubw/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu0/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu2/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu4/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu6/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu0/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu2/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu4/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu6/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,mincpubw/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,llccbw/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /module/big_cluster_min_freq_adjust u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/soc/soc:qcom,cpubw/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/soc/soc:qcom,memlat-cpu0/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/soc/soc:qcom,memlat-cpu2/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/soc/soc:qcom,memlat-cpu4/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/soc/soc:qcom,memlat-cpu6/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/soc/soc:qcom,mincpubw/devfreq u:object_r:sysfs_devfreq:s0
genfscon debugfs /kgsl/proc u:object_r:qti_debugfs:s0
genfscon sysfs /kernel/wcd_cpe0 u:object_r:sysfs_audio:s0
genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_thermal:s0
genfscon sysfs /module/tcp_cubic/parameters u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/kgsl/kgsl/proc u:object_r:sysfs_kgsl_proc:s0
genfscon sysfs /module/qpnp_rtc/parameters/poweron_alarm u:object_r:sysfs_poweron_alarm:s0
genfscon sysfs /devices/platform/cam_sync/video4linux/video0/name u:object_r:sysfs_graphics:s0
genfscon sysfs /devices/virtual/npu/msm_npu/pwr u:object_r:sysfs_npu:s0
genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon0/name u:object_r:sysfs_graphics:s0
genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon0/cable.0/ u:object_r:sysfs_graphics:s0
genfscon sysfs /devices/platform/soc/soc:qcom,mdm3/esoc0 u:object_r:sysfs_esoc:s0
genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon1/name u:object_r:sysfs_graphics:s0
genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon1/cable.0/ u:object_r:sysfs_graphics:s0
genfscon sysfs /devices/system/memory/ u:object_r:sysfs_memory_offline:s0
genfscon sysfs /kernel/qvr_external_sensor u:object_r:sysfs_qvr_external_sensor:s0
genfscon sysfs /devices/virtual/xt_hardidletimer/timers u:object_r:sysfs_data:s0
genfscon sysfs /devices/virtual/xt_idletimer/timers u:object_r:sysfs_data:s0

33
legacy/vendor/common/hal_alarm_qti.te vendored Normal file
View File

@@ -0,0 +1,33 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
binder_call(hal_alarm_qti_client, hal_alarm_qti_server)
binder_call(hal_alarm_qti_server, hal_alarm_qti_client)
add_hwservice(hal_alarm_qti_server, hal_alarm_qti_hwservice)
allow hal_alarm_qti_client hal_alarm_qti_hwservice:hwservice_manager find;

34
legacy/vendor/common/hal_alarm_qti_default.te vendored Normal file
View File

@@ -0,0 +1,34 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type hal_alarm_qti_default, domain;
hal_server_domain(hal_alarm_qti_default, hal_alarm_qti)
type hal_alarm_qti_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_alarm_qti_default)
allow hal_alarm_qti_default rtc_device:chr_file r_file_perms;

30
legacy/vendor/common/hal_atfwd.te vendored Normal file
View File

@@ -0,0 +1,30 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
binder_call(atfwd, qtelephony);
allow atfwd hal_atfwd_hwservice:hwservice_manager find;

70
legacy/vendor/common/hal_audio.te vendored Normal file
View File

@@ -0,0 +1,70 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Allow hal_audio to read soundcard state under /proc/asound
allow hal_audio proc_audiod:file r_file_perms;
allow hal_audio_default vendor_audio_data_file:dir rw_dir_perms;
allow hal_audio_default vendor_audio_data_file:file create_file_perms;
# Allow hal_audio_default to read sysfs_thermal dir/files for speaker protection
r_dir_file(hal_audio_default, sysfs_thermal)
#Allow hal audio to use Binder IPC
vndbinder_use(hal_audio)
userdebug_or_eng(`
diag_use(hal_audio)
#Allow access to debug fs
allow hal_audio_default debugfs:dir r_dir_perms;
allow hal_audio_default qti_debugfs:dir r_dir_perms;
allow hal_audio_default qti_debugfs:file rw_file_perms;
')
#Allow access to firmware
allow hal_audio firmware_file:dir r_dir_perms;
allow hal_audio firmware_file:file r_file_perms;
#Split A2dp specific
binder_call(hal_audio,bluetooth)
# audio properties
get_prop(hal_audio, vendor_audio_prop)
#to read bt props
get_prop(hal_audio, vendor_bluetooth_prop)
#for perf hal call
hal_client_domain(hal_audio_default, hal_perf)
hal_client_domain(hal_audio_default, hal_power)
# Allow audio HAL to get updates from health hal
hal_client_domain(hal_audio_default, hal_health)
#allow acess to wcd_cpe
allow hal_audio sysfs_audio:file rw_file_perms;
allow hal_audio sysfs_audio:dir r_dir_perms ;

30
legacy/vendor/common/hal_bluetooth.te vendored Normal file
View File

@@ -0,0 +1,30 @@
# Copyright (c) 2017 The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow hal_bluetooth {
smd_device
}:chr_file rw_file_perms;

82
legacy/vendor/common/hal_bluetooth_qti.te vendored Normal file
View File

@@ -0,0 +1,82 @@
# Copyright (c) 2017 The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type hal_bluetooth_qti, domain;
hal_server_domain(hal_bluetooth_qti, hal_bluetooth)
type hal_bluetooth_qti_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_bluetooth_qti)
# bluetooth properties
set_prop(hal_bluetooth, vendor_bluetooth_prop)
r_dir_file(hal_bluetooth_qti, firmware_file)
allow hal_bluetooth {
serial_device
smd_device
}:chr_file rw_file_perms;
#For bluetooth firmware
r_dir_file(hal_bluetooth, bt_firmware_file)
allow hal_bluetooth_qti persist_bluetooth_file:dir r_dir_perms;
allow hal_bluetooth_qti persist_bluetooth_file:file r_file_perms;
r_dir_file(hal_bluetooth_qti, mnt_vendor_file)
allow hal_bluetooth self:socket create_socket_perms;
allowxperm hal_bluetooth self:socket ioctl msm_sock_ipc_ioctls;
allow hal_bluetooth_qti vendor_bt_data_file:dir ra_dir_perms;
allow hal_bluetooth_qti vendor_bt_data_file:file create_file_perms;
#bt power node access
allow hal_bluetooth {
smd_device
bt_device
}:chr_file rw_file_perms;
#diag access
userdebug_or_eng(`
diag_use(hal_bluetooth)
')
userdebug_or_eng(`
# Logging for backward compatibility
allow hal_bluetooth_qti ramdump_vendor_data_file:file create_file_perms;
allow hal_bluetooth_qti ramdump_vendor_data_file:dir rw_dir_perms;
allow hal_bluetooth proc_sysrq:file w_file_perms;
allow hal_bluetooth_qti qti_debugfs:file r_file_perms;
allow hal_bluetooth_qti qti_debugfs:dir rw_dir_perms;
allow hal_bluetooth_qti self:{ socket qipcrtr_socket } create_socket_perms_no_ioctl;
')
#Blocked by hal_attribute_hwservice(hal_bluetooth, hal_bluetooth_hwservice)
#allow system_app hal_bluetooth_hwservice :hwservice_manager find;
#FM IPC with BT/FM hal daemon
binder_call(system_app, hal_bluetooth);
binder_call(hal_bluetooth, system_app);

62
legacy/vendor/common/hal_bootctl.te vendored Normal file
View File

@@ -0,0 +1,62 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# These are the permissions required to use the boot_control HAL implemented
# here: hardware/qcom/bootctrl/boot_control.c
# Getting and setting GPT attributes for the bootloader iterates over all the
# partition names in the block_device directory /dev/block/.../by-name
allow hal_bootctl block_device:dir { open read search };
# Allow boot_control_hal to get attributes on all the A/B partitions.
allow hal_bootctl {
custom_ab_block_device
xbl_block_device
boot_block_device
ssd_device
modem_block_device
system_block_device
mdtp_device
}:blk_file { getattr };
# Allow the boot_control_hal to edit the attributes stored in the GPT.
allow hal_bootctl gpt_block_device:blk_file rw_file_perms;
allow hal_bootctl root_block_device:blk_file rw_file_perms;
# Allow boot_control_hal to access /dev/sgN devices (generic SCSI) to write the
# A/B slot selection for the XBL partition. Allow also to issue a
# UFS_IOCTL_QUERY ioctl.
allow hal_bootctl sg_device:chr_file rw_file_perms;
allow hal_bootctl sysfs:dir r_dir_perms;
# The sys_rawio denial message is benign, and shows up due to a capability()
# call made by the scsi driver to check for CAP_SYS_RAWIO. Not having this
# does not result in a error
dontaudit hal_bootctl self:capability sys_rawio;
# Allow boot_control_hal to write to the XBL devices.
allow hal_bootctl xbl_block_device:blk_file rw_file_perms;

87
legacy/vendor/common/hal_camera.te vendored Normal file
View File

@@ -0,0 +1,87 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow hal_camera qdisplay_service:service_manager find;
#allow hal_camera surfaceflinger_service:service_manager find;
# added now for camera functionality. This should be using HIDL
#userdebug_or_eng(`
#binder_use(hal_camera)
#')
binder_call(hal_camera, surfaceflinger)
set_prop(hal_camera, camera_prop)
allow hal_camera gpu_device:chr_file rw_file_perms;
allow hal_camera sysfs_jpeg:file r_file_perms;
#changes to access laser device
allow hal_camera input_device:chr_file r_file_perms;
r_dir_file(hal_camera, input_device);
allow hal_camera sysfs_laser:file w_file_perms;
r_dir_file(hal_camera, sysfs_laser);
vndbinder_use(hal_camera);
hal_client_domain(hal_camera_default, hal_perf)
#needed for full_treble
binder_call(hal_camera, hal_graphics_composer_default)
allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find;
allow hal_camera_default mnt_vendor_file:dir r_dir_perms;
r_dir_file(hal_camera_default, sensors_persist_file);
r_dir_file(hal_camera_default, sysfs_graphics)
#allow hal_camera to access Isensormanager
allow hal_camera fwk_sensor_hwservice:hwservice_manager find;
binder_call(hal_camera, system_server)
allow hal_camera_default fwk_display_hwservice:hwservice_manager find;
# from sensors team
allow hal_camera self:{ socket qipcrtr_socket } create_socket_perms;
allowxperm hal_camera self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
allow hal_camera_default sysfs_data:file read;
allow hal_camera sysfs_data:file r_file_perms;
allow hal_camera vendor_camera_data_file:dir rw_dir_perms;
allow hal_camera vendor_camera_data_file:file create_file_perms;
allow hal_camera vendor_camera_data_file:sock_file write;
userdebug_or_eng(`
allow hal_camera vendor_camera_data_file:file create_file_perms;
')
unix_socket_connect(hal_camera, thermal, thermal-engine)
#Allows camera to call ADSP QDSP6 functionality
allow hal_camera qdsp_device:chr_file r_file_perms;
#allow camera to access /dsp
r_dir_file(hal_camera, adsprpcd_file);
#allow camera to access adsprpc_prop
get_prop(hal_camera, adsprpc_prop)
allow hal_camera_default mm-qcamerad:unix_dgram_socket sendto;
get_prop(hal_camera, mm_video_prop)

31
legacy/vendor/common/hal_configstore.te vendored Normal file
View File

@@ -0,0 +1,31 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# allow configstore client to find display config service.
allow hal_configstore_default hal_display_config_hwservice:hwservice_manager find;
binder_call(hal_configstore_default, hal_graphics_composer_default)

29
legacy/vendor/common/hal_contexthub.te vendored Normal file
View File

@@ -0,0 +1,29 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Allow context hub HAL to communicate with daemon via socket
unix_socket_connect(hal_contexthub, chre, chre)

55
legacy/vendor/common/hal_display_color.te vendored Normal file
View File

@@ -0,0 +1,55 @@
# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Define domain
type hal_display_color_default, domain;
hal_server_domain(hal_display_color_default, hal_display_color)
type hal_display_color_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_display_color_default)
# Allow hwbinder call from hal client to server
binder_call(hal_display_color_client, hal_display_color_server)
# Add hwservice related rules
add_hwservice(hal_display_color_server, hal_display_color_hwservice)
allow hal_display_color_client hal_display_color_hwservice:hwservice_manager find;
# Rule for vndbinder usage
allow hal_display_color qdisplay_service:service_manager find;
vndbinder_use(hal_display_color);
binder_call(hal_display_color, hal_graphics_composer)
# Rule for pps socket usage
unix_socket_connect(hal_display_color, pps, hal_graphics_composer_default)
unix_socket_connect(hal_display_color, pps, mm-pp-daemon)
#Add rules for postproc hal
add_hwservice(hal_display_color_server, hal_display_postproc_hwservice)
allow hal_display_postproc_client hal_display_postproc_hwservice:hwservice_manager find;
# Set vendor_qdcmss property
set_prop(hal_display_color, vendor_qdcmss_prop);

67
legacy/vendor/common/hal_dpmQmiMgr.te vendored Normal file
View File

@@ -0,0 +1,67 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#dpmQmiMgr as domain
type hal_dpmQmiMgr, domain;
type hal_dpmQmiMgr_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_dpmQmiMgr)
net_domain(hal_dpmQmiMgr)
#Add hal_dpmQMiMgr as hwservice
add_hwservice(hal_dpmQmiMgr, hal_dpmqmi_hwservice)
#Allow hwbinder usage
hwbinder_use(hal_dpmQmiMgr)
#Allow to get hwservice_prop
get_prop(hal_dpmQmiMgr, hwservicemanager_prop)
#Allow binder call from dpmd
binder_call(hal_dpmQmiMgr,dpmd)
#sysfs_data file permissions
allow hal_dpmQmiMgr sysfs_data:file r_file_perms;
#Allow reading proc/net entries
r_dir_file(hal_dpmQmiMgr,proc_net)
r_dir_file(hal_dpmQmiMgr,proc_net_tcp_udp)
#Allow creating socket and IOCTLs
allow hal_dpmQmiMgr self:{ socket qipcrtr_socket } create_socket_perms;
#Rules below are needed to communicate with IPC_ROUTER for QMI
allowxperm hal_dpmQmiMgr self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
allow hal_dpmQmiMgr self:capability net_bind_service;
allow hal_dpmQmiMgr self:udp_socket create_socket_perms;
allowxperm hal_dpmQmiMgr self:udp_socket ioctl priv_sock_ioctls;
userdebug_or_eng(`
diag_use(hal_dpmQmiMgr)
')

33
legacy/vendor/common/hal_drm.te vendored Normal file
View File

@@ -0,0 +1,33 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
vndbinder_use(hal_drm_default);
#Allow firmware file access
allow hal_drm firmware_file:dir r_dir_perms;
allow hal_drm firmware_file:file r_file_perms;

38
legacy/vendor/common/hal_drm_clearkey.te vendored Normal file
View File

@@ -0,0 +1,38 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# policy for /vendor/bin/hw/android.hardware.drm@1.1-service.clearkey
type hal_drm_clearkey, domain;
type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_drm_clearkey)
hal_server_domain(hal_drm_clearkey, hal_drm)
vndbinder_use(hal_drm_clearkey);
allow hal_drm_clearkey { appdomain -isolated_app }:fd use;

46
legacy/vendor/common/hal_drm_widevine.te vendored Normal file
View File

@@ -0,0 +1,46 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# define SELinux domain
type hal_drm_widevine, domain;
hal_server_domain(hal_drm_widevine, hal_drm)
type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_drm_widevine)
allow hal_drm_widevine mediacodec:fd use;
allow hal_drm_widevine { appdomain -isolated_app }:fd use;
# The QTI DRM-HAL implementation uses a vendor-binder service provided
# by the HWC HAL.
vndbinder_use(hal_drm_widevine);
allow hal_drm_widevine qdisplay_service:service_manager { find };
#binder_call(hal_drm_widevine, hal_graphics_composer)
hal_client_domain(hal_drm_widevine, hal_graphics_composer);
allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
allow hal_drm_widevine hal_allocator:fd use;

57
legacy/vendor/common/hal_esepowermanager_qti.te vendored Normal file
View File

@@ -0,0 +1,57 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type hal_esepowermanager_qti, domain;
hal_server_domain(hal_esepowermanager_qti, hal_esepowermanager)
type hal_esepowermanager_qti_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(hal_esepowermanager_qti)
hwbinder_use(hal_esepowermanager_qti)
add_hwservice(hal_esepowermanager_qti, hal_esepowermanager_hwservice)
hal_client_domain(hal_esepowermanager_qti, hal_allocator)
#Allow access to nfc device
allow hal_esepowermanager_qti {
nfc_device
}:chr_file rw_file_perms;
# allow esepmdaemon to load firmware images
r_dir_file(hal_esepowermanager_qti, firmware_file)
# Allow esepmdaemon to interract with ion_device
allow hal_esepowermanager_qti ion_device:chr_file r_file_perms;
# Allow esepmdaemon to interract with qseecom
allow hal_esepowermanager_qti tee_device:chr_file rw_file_perms;
#Allow hal_esepowermanager_client client domain apps to find hwservice
binder_call(hal_esepowermanager_client, hal_esepowermanager_server)
binder_call(hal_esepowermanager_server, hal_esepowermanager_client)
allow hal_esepowermanager_client hal_esepowermanager_hwservice:hwservice_manager find;

33
legacy/vendor/common/hal_factory_qti.te vendored Normal file
View File

@@ -0,0 +1,33 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
binder_call(vendor_hal_factory_qti_client, vendor_hal_factory_qti_server)
binder_call(vendor_hal_factory_qti_server, vendor_hal_factory_qti_client)
add_hwservice(vendor_hal_factory_qti_server, vendor_hal_factory_qti_hwservice)
allow vendor_hal_factory_qti_client vendor_hal_factory_qti_hwservice:hwservice_manager find;

41
legacy/vendor/common/hal_factory_qti_default.te vendored Executable file
View File

@@ -0,0 +1,41 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_hal_factory_qti_default, domain;
hal_server_domain(vendor_hal_factory_qti_default, vendor_hal_factory_qti)
type vendor_hal_factory_qti_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_hal_factory_qti_default)
set_prop(vendor_hal_factory_qti, ctl_vendor_mmid_prop)
# Allow read/write to mmi socket
allow vendor_hal_factory_qti vendor_mmi_socket:sock_file rw_file_perms;
allow vendor_hal_factory_qti vendor_mmi:unix_stream_socket connectto;
allow vendor_hal_factory_qti_default mnt_vendor_file:dir search;
allow vendor_hal_factory_qti_default vendor_persist_mmi_file:dir rw_dir_perms;
allow vendor_hal_factory_qti_default vendor_persist_mmi_file:file create_file_perms;

48
legacy/vendor/common/hal_gatekeeper_qti.te vendored Normal file
View File

@@ -0,0 +1,48 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# call into gatekeeperd process (callbacks)
type hal_gatekeeper_qti, domain;
hal_server_domain(hal_gatekeeper_qti, hal_gatekeeper)
type hal_gatekeeper_qti_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(hal_gatekeeper_qti)
# allow tee to load firmware images
r_dir_file(hal_gatekeeper, firmware_file)
get_prop(hal_gatekeeper, vendor_tee_listener_prop)
# allow access to /dev/spcom
allow hal_gatekeeper_qti spcom_device:chr_file rw_file_perms;
# allow access to skp
allow hal_gatekeeper_qti skp_device:chr_file rw_file_perms;
allow hal_gatekeeper_qti sp_keymaster_device:chr_file rw_file_perms;
allow hal_gatekeeper_qti sp_ssr_device:chr_file rw_file_perms;
get_prop(hal_gatekeeper_qti, spcomlib_prop)

64
legacy/vendor/common/hal_gnss_qti.te vendored Normal file
View File

@@ -0,0 +1,64 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# hal_gnss_qti - binerized gnss hal
type hal_gnss_qti, domain;
type hal_gnss_qti_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_gnss_qti)
hal_server_domain(hal_gnss_qti, hal_gnss)
allow hal_gnss_qti location_data_file:dir r_dir_perms;
allow hal_gnss location_data_file:file create_file_perms;
allow hal_gnss location_socket:sock_file create_file_perms;
allow hal_gnss location_socket:dir rw_dir_perms;
allow hal_gnss location:unix_stream_socket connectto;
allow hal_gnss location:unix_dgram_socket sendto;
unix_socket_connect(hal_gnss, location, location)
netmgr_socket(hal_gnss)
allow hal_gnss self:{
socket
netlink_socket
netlink_generic_socket
qipcrtr_socket
} create_socket_perms_no_ioctl;
allow hal_gnss self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
allow hal_gnss self:{ socket qipcrtr_socket } rw_socket_perms;
allow hal_gnss sysfs_data:file r_file_perms;
allow hal_gnss sysfs:dir r_dir_perms;
allow hal_gnss self:socket { create ioctl };
allowxperm hal_gnss self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
userdebug_or_eng(`
diag_use(hal_gnss);
')
use_vendor_per_mgr(hal_gnss)

102
legacy/vendor/common/hal_graphics_composer.te vendored Normal file
View File

@@ -0,0 +1,102 @@
# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
userdebug_or_eng(`
diag_use(hal_graphics_composer)
# Allow read to /sys/kernel/debug/*
allow hal_graphics_composer qti_debugfs:dir r_dir_perms;
allow hal_graphics_composer qti_debugfs:file r_file_perms;
')
hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator);
get_prop(hal_graphics_composer, vendor_display_prop)
allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow hal_graphics_composer sysfs_graphics:dir r_dir_perms;
allow hal_graphics_composer sysfs_graphics:file rw_file_perms;
# Rules for brightness change during display calibration
allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;
allow hal_graphics_composer_default sysfs_leds:file rw_file_perms;
allow hal_graphics_composer_default sysfs_leds:lnk_file read;
# Rules for vndbinder
allow hal_graphics_composer_default qdisplay_service:service_manager { add find };
#binder_service(hal_graphics_composer_default);
vndbinder_use(hal_graphics_composer_default);
# Allow video node access
allow hal_graphics_composer video_device:chr_file rw_file_perms;
allow hal_graphics_composer video_device:dir r_dir_perms;
# Allow reading/writing to '/data/vendor/display/*'
allow hal_graphics_composer_default display_vendor_data_file:dir create_dir_perms;
allow hal_graphics_composer_default display_vendor_data_file:file create_file_perms;
# Allow reading/writing to '/mnt/vendor/persist/display/*'
allow hal_graphics_composer_default persist_display_file:dir rw_dir_perms;
allow hal_graphics_composer_default persist_display_file:file create_file_perms;
# Allow only directory search to '/mnt/vendor/persist/'
allow hal_graphics_composer_default mnt_vendor_file:dir search;
# Allow dir search in '/oem'
allow hal_graphics_composer oemfs:dir r_dir_perms;
# Allow pps socket access
unix_socket_connect(hal_graphics_composer_default, pps, mm-pp-daemon)
# Allow sensor service access
allow hal_graphics_composer fwk_sensor_hwservice:hwservice_manager find;
binder_call(hal_graphics_composer, system_server)
# Allow read to sensor device and read/write to sensor socket
allow hal_graphics_composer sensors_device:chr_file r_file_perms;
allow hal_graphics_composer_default sensors_socket:sock_file rw_file_perms;
allow hal_graphics_composer_default sensors:unix_stream_socket connectto;
# Allow qdcmss socket access
unix_socket_connect(hal_graphics_composer_default, qdcmsocket, qdcm-ss)
# TBD: remove when dependency on libpowermanager is removed
#allow hal_graphics_composer power_service:service_manager find;
# allow composer client to find display config service.
allow hal_graphics_composer_client hal_display_config_hwservice:hwservice_manager find;
# Rule for pps socket usage
unix_socket_connect(hal_graphics_composer_default, pps, mm-pp-daemon)
# allow composer to register display config
add_hwservice(hal_graphics_composer_server, hal_display_config_hwservice);
# Allow composer access to perf
hal_client_domain(hal_graphics_composer_default, hal_perf)
# Access /dev/graphics/fb0.
allow hal_graphics_composer graphics_device:chr_file rw_file_perms;
allow hal_graphics_composer graphics_device:dir r_dir_perms;
allow hal_graphics_composer_default sysfs_jpeg:file r_file_perms;

36
legacy/vendor/common/hal_health.te vendored Normal file
View File

@@ -0,0 +1,36 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
r_dir_file(hal_health, sysfs_battery_supply);
r_dir_file(hal_health, sysfs_usb_supply);
allow hal_health hal_health_default:dir search;
allow hal_health {
sysfs_battery_supply
sysfs_usb_supply
}:file rw_file_perms;

63
legacy/vendor/common/hal_imsrtp.te vendored Normal file
View File

@@ -0,0 +1,63 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#ims rtp service
type hal_imsrtp, domain;
type hal_imsrtp_exec, exec_type, vendor_file_type, file_type;
# Started by init
init_daemon_domain(hal_imsrtp)
net_domain(hal_imsrtp)
hwbinder_use(hal_imsrtp)
get_prop(hal_imsrtp, hwservicemanager_prop)
add_hwservice(hal_imsrtp, hal_imsrtp_hwservice)
#diag
userdebug_or_eng(`
diag_use(hal_imsrtp)
')
allow hal_imsrtp self:{ socket qipcrtr_socket } create_socket_perms;
unix_socket_connect(hal_imsrtp, ims, ims)
# ioctlcmd=c302
allowxperm hal_imsrtp self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
allow hal_imsrtp self:capability net_bind_service;
# IMS needs permission to use avtimer
allow hal_imsrtp avtimer_device:chr_file r_file_perms;
allow hal_imsrtp ion_device:chr_file r_file_perms;
allow hal_imsrtp sysfs_data:file r_file_perms;
get_prop(hal_imsrtp, qcom_ims_prop)
binder_call(hal_imsrtp, radio)

50
legacy/vendor/common/hal_iop_default.te vendored Normal file
View File

@@ -0,0 +1,50 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type hal_iop_default, domain, mlstrustedsubject;
hal_server_domain(hal_iop_default, hal_iop)
type hal_iop_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_iop_default)
# Allow hwbinder call from hal client to server
binder_call(hal_iop_client, hal_iop_server)
# Add hwservice related rules
add_hwservice(hal_iop_server, hal_iop_hwservice)
allow hal_iop_client hal_iop_hwservice:hwservice_manager find;
#Allow access for vendor property
get_prop(hal_iop, vendor_iop_prop)
get_prop(hal_iop, vendor_mpctl_prop)
# Allow access for /proc
allow hal_iop_default proc:file rw_file_perms;
#Allow Access for /data/vendor/iop
allow hal_iop iop_data_file:dir rw_dir_perms;
allow hal_iop iop_data_file:file create_file_perms;

4
generic/vendor/sdm710/init_shell.te → legacy/vendor/common/hal_keymaster.te vendored
View File

@@ -25,5 +25,5 @@
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
r_dir_file(qti_init_shell, sysfs_devfreq_l3cdsp)
allow qti_init_shell sysfs_devfreq_l3cdsp:file setattr;
# Allow keymaster HAL to read listener property
get_prop(hal_keymaster_default, vendor_tee_listener_prop)

47
legacy/vendor/common/hal_keymaster_qti.te vendored Normal file
View File

@@ -0,0 +1,47 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type hal_keymaster_qti, domain;
hal_server_domain(hal_keymaster_qti, hal_keymaster)
type hal_keymaster_qti_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(hal_keymaster_qti)
# allow tee to load firmware images
r_dir_file(hal_keymaster_qti, firmware_file)
get_prop(hal_keymaster_qti, vendor_tee_listener_prop)
# allow access to /dev/spcom
allow hal_keymaster_qti spcom_device:chr_file rw_file_perms;
# allow access to skp
allow hal_keymaster_qti skp_device:chr_file rw_file_perms;
allow hal_keymaster_qti sp_keymaster_device:chr_file rw_file_perms;
allow hal_keymaster_qti sp_ssr_device:chr_file rw_file_perms;
get_prop(hal_keymaster_qti, spcomlib_prop)

29
legacy/vendor/common/hal_light.te vendored Normal file
View File

@@ -0,0 +1,29 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
r_dir_file(hal_light, sysfs_graphics)
allow hal_light sysfs_graphics:file rw_file_perms;

28
legacy/vendor/common/hal_light_default.te vendored Normal file
View File

@@ -0,0 +1,28 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow hal_light_default sysfs_graphics:file rw_file_perms;

35
legacy/vendor/common/hal_memtrack.te vendored Normal file
View File

@@ -0,0 +1,35 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# # Redistribution and use in source and binary forms, with or without
# # modification, are permitted provided that the following conditions are
# # met:
# # * Redistributions of source code must retain the above copyright
# # notice, this list of conditions and the following disclaimer.
# # * Redistributions in binary form must reproduce the above
# # copyright notice, this list of conditions and the following
# # disclaimer in the documentation and/or other materials provided
# # with the distribution.
# # * Neither the name of The Linux Foundation nor the names of its
# # contributors may be used to endorse or promote products derived
# # from this software without specific prior written permission.
# #
# # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#debugfs access to audio
userdebug_or_eng(`
allow hal_memtrack_default qti_debugfs:dir r_dir_perms;
allow hal_memtrack_default qti_debugfs:file rw_file_perms;
')
#Acess to kgsl memory /sys/class/kgsl/kgsl/proc/<pid>/mtrack
r_dir_file(hal_memtrack_default, sysfs_kgsl_proc);

37
generic/vendor/sdm710/genfs_contexts → legacy/vendor/common/hal_mirrorlink.te vendored
View File

@@ -24,16 +24,33 @@
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
###################################
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm660@0:qcom,pm660_rtc/rtc u:object_r:sysfs_rtc:s0
#Define Domain
type hal_mirrorlink_qti, domain;
type hal_mirrorlink_qti_exec, exec_type, vendor_file_type, file_type;
hal_server_domain(hal_mirrorlink_qti,hal_mirrorlink)
genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys0/restart_level u:object_r:sysfs_ssr_toggle:s0
genfscon sysfs /devices/platform/soc/aae0000.qcom,venus/subsys1/restart_level u:object_r:sysfs_ssr_toggle:s0
genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys2/restart_level u:object_r:sysfs_ssr_toggle:s0
genfscon sysfs /devices/platform/soc/62400000.qcom,lpass/subsys3/restart_level u:object_r:sysfs_ssr_toggle:s0
genfscon sysfs /devices/platform/soc/8300000.qcom,turing/subsys4/restart_level u:object_r:sysfs_ssr_toggle:s0
genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys5/restart_level u:object_r:sysfs_ssr_toggle:s0
#Allow for transition from init domain to hal_mirrorlink
init_daemon_domain(hal_mirrorlink_qti)
genfscon sysfs /devices/platform/soc/soc:qcom,l3-cdsp/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,l3-cdsp/devfreq/soc:qcom,l3-cdsp/userspace u:object_r:sysfs_devfreq_l3cdsp:s0
#Allow hal_mirrorlink to use Vendor Binder IPC
vndbinder_use(hal_mirrorlink)
#Allow hwbinder call from hal client to server
binder_call(hal_mirrorlink_client, hal_mirrorlink_server)
binder_call(hal_mirrorlink_server, hal_mirrorlink_client)
#Add hwservice related rules
add_hwservice(hal_mirrorlink_server, hal_mirrorlink_hwservice)
#Allow access to tee device
allow hal_mirrorlink_qti tee_device:chr_file rw_file_perms;
#Allow access to ion device
allow hal_mirrorlink_qti ion_device:chr_file rw_file_perms;
#Allow access to firmware
allow hal_mirrorlink_qti firmware_file:dir r_dir_perms;
allow hal_mirrorlink_qti firmware_file:file r_file_perms;
allow hal_mirrorlink_client hal_mirrorlink_hwservice:hwservice_manager find;

2
generic/vendor/sdm845/hal_neuralnetworks.te → legacy/vendor/common/hal_neuralnetworks.te vendored
View File

@@ -33,7 +33,6 @@ init_daemon_domain(hal_neuralnetworks_default)
allow hal_neuralnetworks_default fwk_sensor_hwservice:hwservice_manager find;
allow hal_neuralnetworks_default qdsp_device:chr_file r_file_perms;
allow hal_neuralnetworks_default xdsp_device:chr_file r_file_perms;
allow hal_neuralnetworks_default ion_device:chr_file r_file_perms;
allow hal_neuralnetworks_default app_data_file:file { read getattr };
@@ -43,3 +42,4 @@ allow hal_neuralnetworks_default hal_neuralnetworks_data_file:{ file fifo_file }
allow hal_neuralnetworks_default gpu_device:chr_file rw_file_perms;
r_dir_file(hal_neuralnetworks_default, adsprpcd_file)
get_prop(hal_neuralnetworks_default, adsprpc_prop)

34
legacy/vendor/common/hal_nfc.te vendored Normal file
View File

@@ -0,0 +1,34 @@
#Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
#met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Set NFC properties
set_prop(hal_nfc, nfc_nq_prop)
#Allow access to firmware
allow hal_nfc firmware_file:dir r_dir_perms;
allow hal_nfc firmware_file:file r_file_perms;
allow hal_nfc nfc_vendor_data_file:file rw_file_perms;

41
legacy/vendor/common/hal_pasrmanager.te vendored Normal file
View File

@@ -0,0 +1,41 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#Define Domain
type hal_pasrmanager_qti, domain;
type hal_pasrmanager_qti_exec, exec_type, vendor_file_type, file_type;
hal_server_domain(hal_pasrmanager_qti, hal_pasrmanager)
init_daemon_domain(hal_pasrmanager_qti)
binder_call(hal_pasrmanager_client, hal_pasrmanager_server)
add_hwservice(hal_pasrmanager_server, hal_pasrmanager_hwservice)
allow hal_pasrmanager_client hal_pasrmanager_hwservice:hwservice_manager find;
allow hal_pasrmanager_qti sysfs:dir r_dir_perms;
allow hal_pasrmanager_qti sysfs_memory_offline:file rw_file_perms;
allow hal_pasrmanager_qti sysfs_memory_offline:dir r_dir_perms;

91
legacy/vendor/common/hal_perf_default.te vendored Normal file
View File

@@ -0,0 +1,91 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type hal_perf_default, domain, mlstrustedsubject;
hal_server_domain_bypass(hal_perf_default, hal_perf)
type hal_perf_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_perf_default)
# Allow hwbinder call from hal client to server
binder_call(hal_perf_client, hal_perf_server)
# Add hwservice related rules
add_hwservice(hal_perf_server, hal_perf_hwservice)
allow hal_perf_client hal_perf_hwservice:hwservice_manager find;
allow hal_perf_default cgroup:file r_file_perms;
allow hal_perf_default proc:file rw_file_perms;
allow hal_perf device_latency:chr_file rw_file_perms;
get_prop(hal_perf, freq_prop)
get_prop(hal_perf, vendor_mpctl_prop)
allow hal_perf_default mpctl_data_file:dir rw_dir_perms;
allow hal_perf_default mpctl_data_file:file create_file_perms;
allow hal_perf_default lm_data_file:dir rw_dir_perms;
allow hal_perf_default lm_data_file:file create_file_perms;
allow hal_perf_default sysfs_lib:file w_file_perms;
r_dir_file(hal_perf_default, appdomain);
allow hal_perf {
sysfs_devices_system_cpu
sysfs_mpdecision
sysfs_devfreq
sysfs_mmc_host
sysfs_scsi_host
sysfs_kgsl
sysfs_cpu_boost
sysfs_msm_perf
sysfs_memory
sysfs_graphics
sysfs
sysfs_msm_power
sysfs_battery_supply
sysfs_process_reclaim
}:dir r_dir_perms;
allow hal_perf {
sysfs_devices_system_cpu
sysfs_mpdecision
sysfs_kgsl
sysfs_cpu_boost
sysfs_msm_perf
sysfs_memory
sysfs_graphics
sysfs_scsi_host
sysfs_devfreq
sysfs_mmc_host
sysfs_msm_power
sysfs_battery_supply
sysfs_process_reclaim
}:file rw_file_perms;
allow hal_perf {
sysfs_devfreq
sysfs_mmc_host
sysfs_scsi_host
sysfs_kgsl
}:lnk_file r_file_perms;

31
legacy/vendor/common/hal_power.te vendored Normal file
View File

@@ -0,0 +1,31 @@
# Copyright (c) 2017 The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
hal_client_domain(hal_power_default, hal_perf)
allow hal_power {
hbtp_kernel_sysfs
}:file rw_file_perms;

42
legacy/vendor/common/hal_qdutils_disp_qti.te vendored Normal file
View File

@@ -0,0 +1,42 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type hal_qdutils_disp_qti, domain;
hal_server_domain(hal_qdutils_disp_qti, hal_qdutils_disp)
type hal_qdutils_disp_qti_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(hal_qdutils_disp_qti)
binder_call(hal_qdutils_disp_client, hal_qdutils_disp_server)
binder_call(hal_qdutils_disp_server, hal_qdutils_disp_client)
add_hwservice(hal_qdutils_disp_server, hal_qdutils_disp_hwservice)
allow hal_qdutils_disp_client hal_qdutils_disp_hwservice:hwservice_manager find;
vndbinder_use(hal_qdutils_disp_qti);
allow hal_qdutils_disp_qti qdisplay_service:service_manager find;
#hal_client_domain(hal_qdutils_disp_qti, hal_display_config);
hal_client_domain(hal_qdutils_disp_qti, hal_graphics_composer);

67
legacy/vendor/common/hal_qteeconnector_qti.te vendored Normal file
View File

@@ -0,0 +1,67 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#define the type
type hal_qteeconnector_qti, domain;
#mark the type as hal_server_domain
hal_server_domain(hal_qteeconnector_qti, hal_qteeconnector)
#allow the service to be started by init
type hal_qteeconnector_qti_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(hal_qteeconnector_qti)
#allow the service to be added to hwservice list
add_hwservice(hal_qteeconnector_qti, hal_qteeconnector_hwservice)
#allow access to hal_allocator
hal_client_domain(hal_qteeconnector_qti, hal_allocator)
#allow access to ion device
allow hal_qteeconnector ion_device:chr_file rw_file_perms;
#allow access to and use of graphics allocator
hal_client_domain(hal_qteeconnector_qti, hal_graphics_allocator)
#Allow access to tee device
allow hal_qteeconnector_qti tee_device:chr_file rw_file_perms;
#Allow access to firmware
allow hal_qteeconnector firmware_file:dir r_dir_perms;
allow hal_qteeconnector firmware_file:file r_file_perms;
#Allow access to session files
allow hal_qteeconnector data_qtee_file:dir create_dir_perms;
allow hal_qteeconnector data_qtee_file:file create_file_perms;
#Allow access to qp_reqcancel socket
allow hal_qteeconnector tee:unix_dgram_socket sendto;
#Allow hal_qteeconnector client domain apps to find hwservice
binder_call(hal_qteeconnector_client, hal_qteeconnector_server)
binder_call(hal_qteeconnector_server, hal_qteeconnector_client)
allow hal_qteeconnector_client hal_qteeconnector_hwservice:hwservice_manager find;

68
legacy/vendor/common/hal_rcsservice.te vendored Normal file
View File

@@ -0,0 +1,68 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type hal_rcsservice, domain;
type hal_rcsservice_exec, exec_type, vendor_file_type, file_type;
# Started by init
init_daemon_domain(hal_rcsservice)
net_domain(hal_rcsservice)
# use hwBinder for imsrcsd
hwbinder_use(hal_rcsservice)
# add IUceSerive and IService to Hidl interface
add_hwservice(hal_rcsservice, hal_imsrcsd_hwservice)
get_prop(hal_rcsservice, hwservicemanager_prop)
add_hwservice(hal_rcsservice, hal_imscallinfo_hwservice)
# allow read datad property
get_prop(hal_rcsservice, qcom_ims_prop)
# allow imsrcsd to connect to imsdatad over socket
allow hal_rcsservice self: { socket qipcrtr_socket } create_socket_perms;
allowxperm hal_rcsservice self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
unix_socket_connect(hal_rcsservice, ims, ims)
# allow imsrcsd capabilities
wakelock_use(hal_rcsservice)
allow hal_rcsservice self:capability net_bind_service;
#diag
userdebug_or_eng(`
diag_use(hal_rcsservice)
')
allow hal_rcsservice self:capability2 wake_alarm;
allow hal_rcsservice sysfs_data:file r_file_perms;
binder_call(hal_rcsservice, dataservice_app)
userdebug_or_eng(`
binder_call(hal_rcsservice, radio)
')
set_prop(hal_rcsservice, ctl_vendor_imsrcsservice_prop)
set_prop(hal_rcsservice, qcom_ims_prop)

62
legacy/vendor/common/hal_scve.te vendored Normal file
View File

@@ -0,0 +1,62 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type vendor_scve, domain;
type vendor_scve_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_scve)
hal_server_domain(vendor_scve, hal_scve)
add_hwservice(hal_scve_server, hal_scve_hwservice)
allow hal_scve_client hal_scve_hwservice:hwservice_manager find;
binder_call(hal_scve_client, hal_scve_server)
binder_call(hal_scve_server, hal_scve_client)
r_dir_file(vendor_scve, adsprpcd_file)
# Access for ion memory
allow vendor_scve ion_device:chr_file rw_file_perms;
# Access for DSP/QDSP device
allow vendor_scve qdsp_device:chr_file rw_file_perms;
allow vendor_scve dsp_device:chr_file rw_file_perms;
# Access for GPU
allow vendor_scve gpu_device:chr_file rw_file_perms;
# Access for sdcard
userdebug_or_eng(`
allow vendor_scve sdcard_type:dir rw_dir_perms;
allow vendor_scve sdcard_type:file create_file_perms;
')
# Access for /data/vendor/scve
allow vendor_scve vendor_scve_data_file:dir create_dir_perms;
allow vendor_scve vendor_scve_data_file:file create_file_perms;

32
legacy/vendor/common/hal_secure_element_default.te vendored Normal file
View File

@@ -0,0 +1,32 @@
#Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
#met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#Allow access to the esepowermanager
hal_client_domain(hal_secure_element_default, hal_esepowermanager)
#Allow access to the qteeconnector
hal_client_domain(hal_secure_element_default, hal_qteeconnector)

58
legacy/vendor/common/hal_sensors.te vendored Normal file
View File

@@ -0,0 +1,58 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
userdebug_or_eng(`
diag_use(hal_sensors)
allow hal_sensors debugfs_tracing:file { open write };
')
set_prop(hal_sensors, slpi_prop);
allow hal_sensors self:{ socket qipcrtr_socket } create_socket_perms;
allowxperm hal_sensors self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
allow hal_sensors sysfs_data:file r_file_perms;
# Allow access to ion memory allocation device
allow hal_sensors ion_device:chr_file rw_file_perms;
allow hal_sensors hal_graphics_allocator:fd use;
# Allow access to FastRPC
allow hal_sensors qdsp_device:chr_file r_file_perms;
allow hal_sensors xdsp_device:chr_file r_file_perms;
allow hal_sensors sysfs_sensors:dir r_dir_perms;
allow hal_sensors sysfs_sensors:file rw_file_perms;
allow hal_sensors sysfs_sensors:lnk_file read;
allow hal_sensors input_device:dir r_dir_perms;
allow hal_sensors input_device:chr_file r_file_perms;
#following to set the ssr
allow hal_sensors_default sysfs_slpi:dir search;
allow hal_sensors_default sysfs_slpi:file w_file_perms;
allow hal_sensors_default sensors_persist_file:file create_file_perms;
allow hal_sensors_default sensors_persist_file:dir create_dir_perms;
allow hal_sensors_default mnt_vendor_file:dir r_dir_perms;

33
legacy/vendor/common/hal_sensorscalibrate_qti.te vendored Normal file
View File

@@ -0,0 +1,33 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
binder_call(hal_sensorscalibrate_qti_client, hal_sensorscalibrate_qti_server)
binder_call(hal_sensorscalibrate_qti_server, hal_sensorscalibrate_qti_client)
add_hwservice(hal_sensorscalibrate_qti_server, hal_sensorscalibrate_qti_hwservice)
allow hal_sensorscalibrate_qti_client hal_sensorscalibrate_qti_hwservice:hwservice_manager find;

37
legacy/vendor/common/hal_sensorscalibrate_qti_default.te vendored Normal file
View File

@@ -0,0 +1,37 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type hal_sensorscalibrate_qti_default, domain;
hal_server_domain(hal_sensorscalibrate_qti_default, hal_sensorscalibrate_qti)
type hal_sensorscalibrate_qti_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_sensorscalibrate_qti_default)
allow hal_sensorscalibrate_qti sysfs_data:file r_file_perms;
allow hal_sensorscalibrate_qti self:{ socket qipcrtr_socket } create_socket_perms;
allowxperm hal_sensorscalibrate_qti self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
allow hal_sensorscalibrate_qti_default mnt_vendor_file:dir r_dir_perms;

49
legacy/vendor/common/hal_soter_qti.te vendored Executable file
View File

@@ -0,0 +1,49 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type hal_soter_qti, domain;
hal_server_domain(hal_soter_qti, hal_soter)
type hal_soter_qti_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(hal_soter_qti)
binder_call(hal_soter_client, hal_soter_server)
binder_call(hal_soter_server, hal_soter_client)
add_hwservice(hal_soter_server, hal_soter_hwservice)
allow hal_soter_client hal_soter_hwservice:hwservice_manager find;
#Allow access to tee device
allow hal_soter_qti tee_device:chr_file rw_file_perms;
#Allow access to load firmware images
r_dir_file(hal_soter_qti, firmware_file)
#Allow access to interract with ion_device
allow hal_soter_qti ion_device:chr_file r_file_perms;
get_prop(hal_soter_qti, vendor_tee_listener_prop)

28
legacy/vendor/common/hal_telephony.te vendored Normal file
View File

@@ -0,0 +1,28 @@
#Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
#met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
set_prop(hal_telephony_server, vendor_radio_prop);

29
legacy/vendor/common/hal_thermal_default.te vendored Executable file
View File

@@ -0,0 +1,29 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# access to /proc/stat
allow hal_thermal proc_stat:file r_file_perms;

39
legacy/vendor/common/hal_tui_comm_qti.te vendored Normal file
View File

@@ -0,0 +1,39 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type hal_tui_comm_qti, domain;
hal_server_domain(hal_tui_comm_qti, hal_tui_comm)
type hal_tui_comm_qti_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(hal_tui_comm_qti)
binder_call(hal_tui_comm_client, hal_tui_comm_server)
binder_call(hal_tui_comm_server, hal_tui_comm_client)
add_hwservice(hal_tui_comm_server, hal_tui_comm_hwservice)
allow hal_tui_comm_client hal_tui_comm_hwservice:hwservice_manager find;
hal_client_domain(hal_tui_comm_qti, hal_graphics_allocator);

31
legacy/vendor/common/hal_usb_default.te vendored Normal file
View File

@@ -0,0 +1,31 @@
# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow hal_usb_default sysfs_usbpd_device:dir r_dir_perms;
allow hal_usb_default sysfs_usbpd_device:lnk_file r_file_perms;
allow hal_usb_default sysfs_usbpd_device:file rw_file_perms;
r_dir_file(hal_usb_default, sysfs_usb_supply);

40
legacy/vendor/common/hal_usb_gadget_qti.te vendored Normal file
View File

@@ -0,0 +1,40 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type hal_usb_gadget_qti, domain;
hal_server_domain(hal_usb_gadget_qti, hal_usb_gadget)
type hal_usb_gadget_qti_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_usb_gadget_qti)
get_prop(hal_usb_gadget, vendor_usb_prop)
set_prop(hal_usb_gadget, vendor_usb_prop)
allow hal_usb_gadget configfs:file create_file_perms;
allow hal_usb_gadget sysfs_usbpd_device:dir r_dir_perms;
allow hal_usb_gadget sysfs_usbpd_device:lnk_file r_file_perms;
allow hal_usb_gadget sysfs_usbpd_device:file rw_file_perms;

31
legacy/vendor/common/hal_vibrator.te vendored Normal file
View File

@@ -0,0 +1,31 @@
# Copyright (c) 2017 - 2018, The Linux Foundation. All rights reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
r_dir_file(hal_vibrator, sysfs_leds)
allow hal_vibrator sysfs_leds:file w_file_perms;
allow hal_vibrator input_device:dir r_dir_perms;
allow hal_vibrator input_device:chr_file rw_file_perms;

38
legacy/vendor/common/hal_voiceprint.te vendored Normal file
View File

@@ -0,0 +1,38 @@
# Copyright (c) 2017 The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# IPC
binder_call(hal_voiceprint_client, hal_voiceprint_server)
binder_call(hal_voiceprint_server, hal_voiceprint_client)
add_hwservice(hal_voiceprint_server, hal_voiceprint_hwservice)
allow hal_voiceprint_client hal_voiceprint_hwservice:hwservice_manager find;
# memory alloc
allow hal_voiceprint ion_device:chr_file r_file_perms;
r_dir_file(hal_voiceprint, cgroup)

28
legacy/vendor/common/hal_vr_default.te vendored Executable file
View File

@@ -0,0 +1,28 @@
# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
unix_socket_connect(hal_vr, thermal, thermal-engine)

43
legacy/vendor/common/hal_wifi.te vendored Normal file
View File

@@ -0,0 +1,43 @@
#Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
#met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
allow hal_wifi wlan_device:chr_file rw_file_perms;
allow hal_wifi self:capability sys_module;
allow hal_wifi kernel:key search;
allow hal_wifi vendor_file:system module_load;
allow hal_wifi proc_modules:file r_file_perms;
# allow hal_wifi to write into /proc/debugdriver/driverdump
r_dir_file(hal_wifi_default, proc_wifi_dbg)
get_prop(hal_wifi_default, vendor_softap_prop)
# allow hal_wifi to write into /data/vendor/tombstones/wifi
userdebug_or_eng(`
allow hal_wifi_server vendor_tombstone_data_file:dir rw_dir_perms;
allow hal_wifi_server vendor_tombstone_data_file:file create_file_perms;
')

46
legacy/vendor/common/hal_wifi_hostapd.te vendored Normal file
View File

@@ -0,0 +1,46 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Allow hostapd to access it's data folder
r_dir_file(hal_wifi_hostapd_default, wifi_vendor_data_file)
allow hal_wifi_hostapd_default hostapd_data_file:dir rw_dir_perms;
allow hal_wifi_hostapd_default hostapd_data_file:file create_file_perms;
# Allow hostapd to connect to fstman using control socket
allow hal_wifi_hostapd_default fstman:unix_dgram_socket sendto;
# Allow hostapd to create control socket under its data folder
allow hal_wifi_hostapd_default hostapd_data_file:sock_file create_file_perms;
# wigig_hostapd has its own directory for sockets,
# in order to prevent conflicts with wifi hostapd
# allow wigig_hostapd to create the directory holding its control socket
allow hal_wifi_hostapd_default wigig_hostapd_socket:dir create_dir_perms;
# wigig_hostapd needs to create, bind to, read and write its control socket
allow hal_wifi_hostapd_default wigig_hostapd_socket:sock_file create_file_perms;
# allow wigig_hostapd to send replies to wigighalsvc
allow hal_wifi_hostapd_default wigighalsvc:unix_dgram_socket sendto;
# allow hostapd to attach to fstman socket
allow hal_wifi_hostapd_default wifi_vendor_wpa_socket:dir r_dir_perms;
allow hal_wifi_hostapd_default wifi_vendor_wpa_socket:sock_file rw_file_perms;

40
legacy/vendor/common/hal_wifi_supplicant.te vendored Normal file
View File

@@ -0,0 +1,40 @@
#Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
#met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
# Allow access to create socket and ioctl.
allow hal_wifi_supplicant_default self:socket create_socket_perms;
# ioctlcmd=c304, c302
allowxperm hal_wifi_supplicant self:socket ioctl msm_sock_ipc_ioctls;
# Allow write to proc_net.
allow hal_wifi_supplicant_default proc_net:file write;
# Permission for wpa socket which IMS use to communicate
# # Allow wpa_supplicant to send back wifi information to cnd
allow hal_wifi_supplicant_default { cnd ims }:unix_dgram_socket sendto;

83
legacy/vendor/common/hbtp.te vendored Normal file
View File

@@ -0,0 +1,83 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Policies for hbtp (host based touch processing)
type hbtp, domain;
type hbtp_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hbtp)
hal_server_domain(hbtp, hal_hbtp)
# Allow access for /dev/hbtp_input and /dev/jdi-bu21150
allow hbtp { hbtp_device qdsp_device dsp_device bu21150_device xdsp_device }:chr_file rw_file_perms;
allow hbtp hbtp_log_file:dir rw_dir_perms;
allow hbtp hbtp_log_file:file create_file_perms;
allow hbtp hbtp_cfg_file:dir r_dir_perms;
allow hbtp hbtp_cfg_file:file r_file_perms;
allow hbtp firmware_file:dir r_dir_perms;
allow hbtp firmware_file:file r_file_perms;
allow hbtp vendor_firmware_file:dir r_dir_perms;
allow hbtp vendor_firmware_file:file r_file_perms;
allow hbtp sysfs_usb_supply:file r_file_perms;
allow hbtp sysfs_usb_supply:dir r_dir_perms;
allow hbtp hbtp_kernel_sysfs:file rw_file_perms;
allow hbtp sysfs_graphics:file r_file_perms;
allow hbtp sysfs_graphics:dir r_dir_perms;
allow hbtp sysfs_battery_supply:file r_file_perms;
allow hbtp sysfs_battery_supply:dir r_dir_perms;
allow hbtp ion_device:chr_file r_file_perms;
allow hbtp self:netlink_kobject_uevent_socket { create read setopt bind };
# Allow the service to access wakelock sysfs
allow hbtp sysfs_wake_lock:file r_file_perms;
# Allow the service to change to system from root
allow hbtp self:capability { setgid setuid };
# Allow load touch driver as touchPD
r_dir_file(hbtp, adsprpcd_file)
get_prop(hbtp, adsprpc_prop)
# Allow the service to access wakelock capability
wakelock_use(hbtp)
# Allow hwbinder call from hal client to server and vice-versa
binder_call(hal_hbtp_client, hal_hbtp_server)
binder_call(hal_hbtp_server, hal_hbtp_client)
# Allow hwservice related rules
add_hwservice(hal_hbtp_server, hal_hbtp_hwservice)
allow hal_hbtp_client hal_hbtp_hwservice:hwservice_manager find;
hal_client_domain(hbtp, hal_allocator);

6
generic/vendor/sdm845/hdcp_srm.te → legacy/vendor/common/hdcp_srm.te vendored
View File

@@ -1,4 +1,4 @@
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -32,9 +32,9 @@ type hdcp_srm_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hdcp_srm)
# Allow to load SPSS firmware images
# Allow TEE to load firmware images
r_dir_file(hdcp_srm, firmware_file);
# TEE access
allow hdcp_srm tee_device:chr_file rw_file_perms;
allow hdcp_srm ion_device:chr_file r_file_perms;
allow hdcp_srm ion_device:chr_file r_file_perms;

44
legacy/vendor/common/healthd.te vendored Normal file
View File

@@ -0,0 +1,44 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
r_dir_file(healthd, sysfs_battery_supply)
r_dir_file(healthd, sysfs_usb_supply)
r_dir_file(healthd, sysfs_thermal);
r_dir_file(healthd, sysfs_graphics);
#allow healthd read rtc device file
allow healthd rtc_device:chr_file r_file_perms;
allow healthd {
sysfs_battery_supply
sysfs_usb_supply
sysfs_graphics
}:file rw_file_perms;
allow healthd self:capability2 wake_alarm;
allow healthd sysfs_graphics:dir r_dir_perms;
allow healthd sysfs_graphics:file rw_file_perms;

71
legacy/vendor/common/hostapd.te vendored Normal file
View File

@@ -0,0 +1,71 @@
# Copyright (c) 2015,2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Allow hostapd_cli to work. hostapd_cli creates a socket in
# /data/misc/wifi/sockets which hostapd communicates with.
#
# userspace wifi access points
type hostapd, domain;
type hostapd_exec, exec_type, vendor_file_type, file_type;
userdebug_or_eng(`
unix_socket_send(hostapd, wifi_vendor_wpa, su)
')
binder_call(hostapd, cnd)
unix_socket_connect(hostapd, cnd, cnd)
unix_socket_send(hostapd, cnd, cnd)
allow hostapd cnd:{
fifo_file
netlink_route_socket
netlink_tcpdiag_socket
unix_stream_socket
unix_dgram_socket} { read write };
allow hostapd cnd:fifo_file r_file_perms;
allow hostapd smem_log_device:chr_file rw_file_perms;
allow hostapd fstman:unix_dgram_socket sendto;
allow hostapd wifi_vendor_data_file:dir w_dir_perms;
allow hostapd wifi_vendor_data_file:file create_file_perms;
allow hostapd hostapd_data_file:dir w_dir_perms;
allow hostapd hostapd_data_file:sock_file create_file_perms;
# wigig_hostapd has its own directory for sockets,
# in order to prevent conflicts with wifi hostapd
# allow wigig_hostapd to create the directory holding its control socket
allow hostapd wigig_hostapd_socket:dir create_dir_perms;
# wigig_hostapd needs to create, bind to, read and write its control socket
allow hostapd wigig_hostapd_socket:sock_file create_file_perms;
# allow wigig_hostapd to send replies to wigighalsvc
allow hostapd wigighalsvc:unix_dgram_socket sendto;
# allow hostapd to attach to fstman socket
allow hostapd wifi_vendor_wpa_socket:dir r_dir_perms;
allow hostapd wifi_vendor_wpa_socket:sock_file rw_file_perms;
#diag
userdebug_or_eng(`
diag_use(hostapd)
')

76
legacy/vendor/common/hvdcp.te vendored Normal file
View File

@@ -0,0 +1,76 @@
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# HVDVP quickcharge
type hvdcp, domain;
type hvdcp_exec, exec_type, vendor_file_type, file_type;
# Make transition to its own HVDCP domain from init
init_daemon_domain(hvdcp)
# Add rules for access permissions
allow hvdcp hvdcp_device:chr_file rw_file_perms;
allow hvdcp qg_device:chr_file rw_file_perms;
allow hvdcp {
sysfs_battery_supply
sysfs_usb_supply
sysfs_usbpd_device
sysfs_vadc_dev
sysfs_spmi_dev
}:dir r_dir_perms;
allow hvdcp {
sysfs_battery_supply
sysfs_usb_supply
sysfs_usbpd_device
sysfs_vadc_dev
sysfs_spmi_dev
}:file rw_file_perms;
allow hvdcp {
sysfs_battery_supply
sysfs_usb_supply
sysfs_vadc_dev
sysfs_spmi_dev
}:lnk_file r_file_perms;
allow hvdcp self:capability { setgid setuid };
allow hvdcp self:capability2 wake_alarm;
allow hvdcp kmsg_device:chr_file rw_file_perms;
allow hvdcp cgroup:dir { create add_name };
allow hvdcp self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow hvdcp sysfs_battery_supply:file setattr;
allow hvdcp sysfs_usb_supply:file setattr;
allow hvdcp sysfs_usbpd_device:file setattr;
allow hvdcp mnt_vendor_file:dir search;
allow hvdcp persist_hvdcp_file:dir rw_dir_perms;
allow hvdcp persist_hvdcp_file:file create_file_perms;
get_prop(hvdcp, hvdcp_opti_prop)
wakelock_use(hvdcp)

60
legacy/vendor/common/hwservice.te vendored Normal file
View File

@@ -0,0 +1,60 @@
# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type hal_display_color_hwservice, hwservice_manager_type;
type hal_display_config_hwservice, hwservice_manager_type;
type hal_display_postproc_hwservice, hwservice_manager_type;
type hal_hbtp_hwservice, hwservice_manager_type;
type hal_dpmqmi_hwservice, hwservice_manager_type;
type hal_imsrtp_hwservice, hwservice_manager_type;
type hal_imscallinfo_hwservice, hwservice_manager_type;
type hal_perf_hwservice, hwservice_manager_type;
type wifidisplayhalservice_hwservice, hwservice_manager_type;
type hal_iop_hwservice, hwservice_manager_type;
type hal_alarm_qti_hwservice, hwservice_manager_type;
type hal_datafactory_hwservice, hwservice_manager_type;
type hal_dataconnection_hwservice, hwservice_manager_type;
type hal_latency_hwservice, hwservice_manager_type;
type hal_iwlan_hwservice, hwservice_manager_type;
type hal_cacert_hwservice, hwservice_manager_type;
type hal_imsrcsd_hwservice, hwservice_manager_type;
type hal_ipacm_hwservice, hwservice_manager_type;
type hal_vpp_hwservice, hwservice_manager_type;
type hal_wigig_hwservice, hwservice_manager_type;
type hal_qteeconnector_hwservice, hwservice_manager_type;
type hal_esepowermanager_hwservice, hwservice_manager_type;
type hal_voiceprint_hwservice, hwservice_manager_type;
type vendor_hal_factory_qti_hwservice, hwservice_manager_type;
type hal_wigig_npt_hwservice, hwservice_manager_type;
type hal_soter_hwservice, hwservice_manager_type;
type hal_tui_comm_hwservice, hwservice_manager_type;
type hal_qdutils_disp_hwservice, hwservice_manager_type;
type hal_sensorscalibrate_qti_hwservice, hwservice_manager_type;
type hal_scve_hwservice, hwservice_manager_type;
type hal_mirrorlink_hwservice, hwservice_manager_type;
type hal_pasrmanager_hwservice, hwservice_manager_type;
type hal_wifilearner_hwservice, hwservice_manager_type;

Some files were not shown because too many files have changed in this diff Show More