Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 66c955f445 |
@@ -654,7 +654,7 @@ PRODUCT_PACKAGES += \
|
||||
|
||||
# Properties
|
||||
TARGET_PRODUCT_PROP += device/google/gs201/product.prop
|
||||
TARGET_SYSTEM_EXT_PROP += device/google/gs201/system_ext.prop
|
||||
TARGET_SYSTEM_PROP += device/google/gs201/system.prop
|
||||
|
||||
# Tethering
|
||||
PRODUCT_PACKAGES += \
|
||||
@@ -664,6 +664,8 @@ PRODUCT_PACKAGES += \
|
||||
include hardware/google/pixel/touch/device.mk
|
||||
|
||||
# VINTF
|
||||
DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE += \
|
||||
device/google/gs201/vintf/vendor_framework_compatibility_matrix.xml
|
||||
DEVICE_MANIFEST_FILE += \
|
||||
device/google/gs201/vintf/manifest.xml
|
||||
DEVICE_MATRIX_FILE += \
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
user=_app isPrivApp=true seinfo=platform name=com.android.omadm.service domain=omadm_app type=app_data_file levelFrom=all
|
||||
user=_app seinfo=CameraServices name=com.google.android.apps.camera.services domain=vendor_pcs_app type=app_data_file levelFrom=all
|
||||
user=_app seinfo=CameraServices name=com.google.android.apps.camera.services:* domain=vendor_pcs_app type=app_data_file levelFrom=all
|
||||
user=system seinfo=platform name=com.google.pixel.camera.services domain=vendor_pbcs_app type=system_app_data_file levelFrom=all
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
type omadm_app, domain;
|
||||
@@ -3,7 +3,6 @@ type connectivity_thermal_power_manager, coredomain, domain, system_suspend_inte
|
||||
app_domain(connectivity_thermal_power_manager)
|
||||
|
||||
hal_client_domain(connectivity_thermal_power_manager, hal_power_stats)
|
||||
hal_client_domain(connectivity_thermal_power_manager, hal_thermal)
|
||||
|
||||
allow connectivity_thermal_power_manager app_api_service:service_manager find;
|
||||
allow connectivity_thermal_power_manager radio_service:service_manager find;
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
type edgetpu_app_server_exec, exec_type, file_type, system_file_type;
|
||||
|
||||
binder_service(edgetpu_app_server)
|
||||
|
||||
add_service(edgetpu_app_server, edgetpu_app_service)
|
||||
|
||||
binder_call(edgetpu_app_server, system_server)
|
||||
|
||||
binder_use(edgetpu_app_server)
|
||||
|
||||
init_daemon_domain(edgetpu_app_server)
|
||||
|
||||
perfetto_producer(edgetpu_app_server)
|
||||
|
||||
allow edgetpu_app_server fwk_stats_service:service_manager find;
|
||||
allow edgetpu_app_server package_native_service:service_manager find;
|
||||
allow edgetpu_app_server privapp_data_file:file { map read };
|
||||
allow edgetpu_app_server self:capability ipc_lock;
|
||||
allow edgetpu_app_server shell_data_file:file { map read };
|
||||
@@ -2,4 +2,3 @@
|
||||
/metadata/repair-mode/config(/.*)? u:object_r:repair_mode_metadata_config_file:s0
|
||||
/system_ext/bin/bluetooth_gci u:object_r:bluetooth_gci_exec:s0
|
||||
/system_ext/bin/gs_watchdogd u:object_r:gs_watchdogd_exec:s0
|
||||
/system_ext/bin/hw/vendor\.google\.edgetpu_app_service@1\.0-service u:object_r:edgetpu_app_server_exec:s0
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
app_domain(grilservice_app)
|
||||
|
||||
typeattribute grilservice_app coredomain;
|
||||
@@ -1 +1,3 @@
|
||||
hal_client_domain(platform_app, hal_fingerprint)
|
||||
|
||||
get_prop(platform_app, bluetooth_lea_prop)
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
app_domain(vendor_rcs_app)
|
||||
|
||||
net_domain(vendor_rcs_app)
|
||||
|
||||
typeattribute vendor_rcs_app coredomain;
|
||||
|
||||
allow vendor_rcs_app app_api_service:service_manager find;
|
||||
allow vendor_rcs_app radio_service:service_manager find;
|
||||
@@ -1,8 +1,5 @@
|
||||
user=_app isPrivApp=true name=com.google.android.apps.pixel.dcservice domain=dcservice_app type=privapp_data_file levelFrom=user
|
||||
user=_app isPrivApp=true name=com.google.android.apps.pixel.dcservice.ui domain=dcservice_app type=privapp_data_file levelFrom=user
|
||||
user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_app levelFrom=all
|
||||
user=_app isPrivApp=true name=com.shannon.rcsservice domain=vendor_rcs_app levelFrom=all
|
||||
user=_app isPrivApp=true name=com.shannon.rcsservice:shannonrcsservice domain=vendor_rcs_service_app levelFrom=all
|
||||
user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
|
||||
user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
|
||||
user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
com.google.edgetpu.IEdgeTpuAppService/default u:object_r:edgetpu_app_service:s0
|
||||
@@ -1,2 +0,0 @@
|
||||
type edgetpu_app_server, coredomain, domain;
|
||||
type edgetpu_app_service, app_api_service, isolated_compute_allowed_service, service_manager_type;
|
||||
@@ -1 +0,0 @@
|
||||
type grilservice_app, domain;
|
||||
@@ -1 +0,0 @@
|
||||
type vendor_rcs_app, domain;
|
||||
2
sepolicy/vendor/appdomain.te
vendored
2
sepolicy/vendor/appdomain.te
vendored
@@ -3,6 +3,4 @@ get_prop(appdomain, vendor_gxp_prop)
|
||||
get_prop(appdomain, vendor_hetero_runtime_prop)
|
||||
get_prop(appdomain, vendor_tflite_delegate_prop)
|
||||
|
||||
allowxperm appdomain gpu_device:chr_file ioctl { 0x8000 0x8001 0x8003 0x8005 0x8006 0x8007 0x800c 0x800d 0x800e 0x800f 0x8010 0x8011 0x8014 0x8015 0x8016 0x8017 0x8018 0x8019 0x801b 0x801d 0x801e 0x801f 0x8024 0x8025 0x8026 0x8027 0x8028 0x8029 0x802b 0x802c 0x802d 0x802e 0x802f 0x8030 0x8031 0x8032 0x8033 0x8034 0x8035 0x8036 0x8037 0x803a 0x803b 0x803c 0x803d 0x803e 0x803f 0x8043 };
|
||||
|
||||
neverallow appdomain edgetpu_device:chr_file open;
|
||||
|
||||
2
sepolicy/vendor/audioserver.te
vendored
2
sepolicy/vendor/audioserver.te
vendored
@@ -1,3 +1 @@
|
||||
allow audioserver audio_device:chr_file r_file_perms;
|
||||
|
||||
dontaudit audioserver hal_power_stats_service:service_manager find;
|
||||
|
||||
51
sepolicy/vendor/bug_map
vendored
51
sepolicy/vendor/bug_map
vendored
@@ -1,19 +1,48 @@
|
||||
aconfigd apex_info_file file b/381326452
|
||||
dump_modem sscoredump_vendor_data_coredump_file dir b/416212184
|
||||
dump_modem sscoredump_vendor_data_logcat_file dir b/422941831
|
||||
hal_bluetooth_synabtlinux device chr_file b/440967127
|
||||
hal_camera_default system_userdir_file dir b/435072101
|
||||
hal_health_default sysfs_typec dir b/443867649
|
||||
hal_sensors_default sysfs file b/434596796
|
||||
hal_usb_gadget_impl sysfs_typec dir b/443868569
|
||||
hal_usb_impl sysfs_typec dir b/443868884
|
||||
insmod-sh insmod-sh key b/433610447
|
||||
insmod-sh vendor_edgetpu_debugfs dir b/442704233
|
||||
kernel kernel capability b/433610268
|
||||
grilservice_app graphics_config_writable_prop file b/409896525
|
||||
gyotaku_app graphics_config_writable_prop file b/409896487
|
||||
hal_audio_default hal_audio_default binder b/395745737
|
||||
hal_bluetooth_synabtlinux device chr_file b/386303831
|
||||
hal_camera_default aconfig_storage_metadata_file dir b/383013727
|
||||
hal_contexthub_default hal_bluetooth_service service_manager b/396573096
|
||||
hal_sensors_default property_socket sock_file b/373755350
|
||||
hal_sensors_default sysfs file b/336451433
|
||||
hardware_info_app graphics_config_writable_prop file b/409895934
|
||||
incidentd debugfs_wakeup_sources file b/282626428
|
||||
incidentd incidentd anon_inode b/282626428
|
||||
init init capability b/379591559
|
||||
init-display-sh kmsg_device chr_file b/388949662
|
||||
insmod-sh insmod-sh key b/336451874
|
||||
insmod-sh kmsg_debug_device chr_file b/410729205
|
||||
insmod-sh kmsg_device chr_file b/388949536
|
||||
insmod-sh vendor_edgetpu_debugfs dir b/385858933
|
||||
kernel kernel capability b/340722537
|
||||
logger_app graphics_config_writable_prop file b/409896486
|
||||
modem_diagnostic_app graphics_config_writable_prop file b/409895878
|
||||
pixelstats_vendor block_device dir b/369540701
|
||||
pixelstats_vendor sysfs_pixel_stat dir b/422900204
|
||||
pixelstats_vendor sysfs_pixel_stat file b/422900204
|
||||
platform_app vendor_fw_file dir b/377811773
|
||||
platform_app vendor_rild_prop file b/377811773
|
||||
priv_app audio_config_prop file b/379246129
|
||||
priv_app metadata_file dir b/383438008
|
||||
ramdump proc_bootconfig file b/181615626
|
||||
ramdump public_vendor_default_prop file b/161103878
|
||||
ramdump ramdump capability b/369475655
|
||||
ramdump vendor_hw_plat_prop file b/161103878
|
||||
ramdump_app default_prop file b/386149375
|
||||
ramdump_app graphics_config_writable_prop file b/409895818
|
||||
rfsd vendor_cbd_prop file b/412237886
|
||||
shell vendor_intelligence_prop file b/378120929
|
||||
ssr_detector_app default_prop file b/319270181
|
||||
ssr_detector_app default_prop file b/422943113
|
||||
ssr_detector_app graphics_config_writable_prop file b/409895951
|
||||
system_server build_bootimage_prop file b/413561511
|
||||
system_server vendor_default_prop file b/366116786
|
||||
untrusted_app audio_config_prop file b/379245515
|
||||
uwb_vendor_app graphics_config_writable_prop file b/409895896
|
||||
vendor_init debugfs_trace_marker file b/433610249
|
||||
vendor_init debugfs_trace_marker file b/336451787
|
||||
vendor_init default_prop file b/315104479
|
||||
zygote aconfig_storage_metadata_file dir b/383949172
|
||||
zygote zygote capability b/379591519
|
||||
|
||||
2
sepolicy/vendor/dump_modem.te
vendored
2
sepolicy/vendor/dump_modem.te
vendored
@@ -5,10 +5,8 @@ allow dump_modem modem_stat_data_file:dir search;
|
||||
allow dump_modem modem_stat_data_file:file r_file_perms;
|
||||
allow dump_modem radio_vendor_data_file:dir search;
|
||||
allow dump_modem radio_vendor_data_file:file r_file_perms;
|
||||
allow dump_modem sscoredump_vendor_data_coredump_file:dir getattr;
|
||||
allow dump_modem sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
|
||||
allow dump_modem sscoredump_vendor_data_crashinfo_file:file r_file_perms;
|
||||
allow dump_modem sscoredump_vendor_data_logcat_file:dir getattr;
|
||||
allow dump_modem sysfs_dump_modem:file r_file_perms;
|
||||
allow dump_modem vendor_log_file:dir search;
|
||||
allow dump_modem vendor_rfsd_log_file:dir r_dir_perms;
|
||||
|
||||
1
sepolicy/vendor/dumpstate.te
vendored
1
sepolicy/vendor/dumpstate.te
vendored
@@ -16,6 +16,7 @@ allow dumpstate rlsservice:binder call;
|
||||
allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
|
||||
allow dumpstate touch_context_service:service_manager find;
|
||||
allow dumpstate twoshay_file_dump_service:service_manager find;
|
||||
allow dumpstate vold:binder call;
|
||||
|
||||
dontaudit dumpstate hal_power_stats_vendor_service:service_manager find;
|
||||
dontaudit dumpstate intelligence_data_file:dir getattr;
|
||||
|
||||
20
sepolicy/vendor/edgetpu_app.te
vendored
20
sepolicy/vendor/edgetpu_app.te
vendored
@@ -1,9 +1,29 @@
|
||||
type edgetpu_app_server, coredomain, domain;
|
||||
type edgetpu_app_server_exec, exec_type, file_type, system_file_type;
|
||||
type edgetpu_app_service, app_api_service, isolated_compute_allowed_service, service_manager_type;
|
||||
|
||||
binder_service(edgetpu_app_server)
|
||||
|
||||
add_service(edgetpu_app_server, edgetpu_app_service)
|
||||
|
||||
binder_call(edgetpu_app_server, edgetpu_vendor_server)
|
||||
binder_call(edgetpu_app_server, system_server)
|
||||
|
||||
binder_use(edgetpu_app_server)
|
||||
|
||||
get_prop(edgetpu_app_server, device_config_edgetpu_native_prop)
|
||||
get_prop(edgetpu_app_server, vendor_edgetpu_service_prop)
|
||||
|
||||
init_daemon_domain(edgetpu_app_server)
|
||||
|
||||
perfetto_producer(edgetpu_app_server)
|
||||
|
||||
allow edgetpu_app_server edgetpu_device:chr_file rw_file_perms;
|
||||
allow edgetpu_app_server edgetpu_vendor_service:service_manager find;
|
||||
allow edgetpu_app_server fwk_stats_service:service_manager find;
|
||||
allow edgetpu_app_server package_native_service:service_manager find;
|
||||
allow edgetpu_app_server privapp_data_file:file { map read };
|
||||
allow edgetpu_app_server self:capability ipc_lock;
|
||||
allow edgetpu_app_server shell_data_file:file { map read };
|
||||
allow edgetpu_app_server sysfs_edgetpu:dir r_dir_perms;
|
||||
allow edgetpu_app_server sysfs_edgetpu:file rw_file_perms;
|
||||
|
||||
2
sepolicy/vendor/euiccpixel_app.te
vendored
2
sepolicy/vendor/euiccpixel_app.te
vendored
@@ -12,5 +12,3 @@ allow euiccpixel_app nfc_service:service_manager find;
|
||||
allow euiccpixel_app radio_service:service_manager find;
|
||||
allow euiccpixel_app sysfs_st33spi:dir search;
|
||||
allow euiccpixel_app sysfs_st33spi:file rw_file_perms;
|
||||
|
||||
dontaudit euiccpixel_app secure_element_service:service_manager find;
|
||||
|
||||
2
sepolicy/vendor/file.te
vendored
2
sepolicy/vendor/file.te
vendored
@@ -35,7 +35,6 @@ type radio_vendor_data_file, data_file_type, file_type;
|
||||
type ramdump_vendor_data_file, data_file_type, file_type, mlstrustedobject;
|
||||
type ramdump_vendor_mnt_file, data_file_type, file_type, mlstrustedobject;
|
||||
type rild_vendor_data_file, data_file_type, file_type;
|
||||
type sensor_data_file, data_file_type, file_type;
|
||||
type sensor_debug_data_file, data_file_type, file_type;
|
||||
type sensor_reg_data_file, data_file_type, file_type;
|
||||
type sg_util_exec, exec_type, file_type, vendor_file_type;
|
||||
@@ -96,7 +95,6 @@ type vendor_cma_debugfs, debugfs_type, fs_type;
|
||||
type vendor_dmabuf_debugfs, debugfs_type, fs_type;
|
||||
type vendor_dri_debugfs, debugfs_type, fs_type;
|
||||
type vendor_dumpsys, file_type, vendor_file_type;
|
||||
type vendor_edgetpu_debugfs, debugfs_type, fs_type;
|
||||
type vendor_fw_file, file_type, vendor_file_type;
|
||||
type vendor_hwc_log_file, data_file_type, file_type;
|
||||
type vendor_log_file, data_file_type, file_type;
|
||||
|
||||
11
sepolicy/vendor/file_contexts
vendored
11
sepolicy/vendor/file_contexts
vendored
@@ -22,7 +22,6 @@
|
||||
/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
|
||||
/data/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_data_file:s0
|
||||
/data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0
|
||||
/data/vendor/sensors(/.*)? u:object_r:sensor_data_file:s0
|
||||
/data/vendor/sensors/debug(/.*)? u:object_r:sensor_debug_data_file:s0
|
||||
/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0
|
||||
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
|
||||
@@ -55,7 +54,6 @@
|
||||
/dev/acd-chre_bt_offload_data_tx u:object_r:aoc_device:s0
|
||||
/dev/acd-chre_ctl u:object_r:aoc_device:s0
|
||||
/dev/acd-chre_data_rx u:object_r:aoc_device:s0
|
||||
/dev/acd-chre_data_rx_nonwake u:object_r:aoc_device:s0
|
||||
/dev/acd-chre_data_tx u:object_r:aoc_device:s0
|
||||
/dev/acd-com.google.bt u:object_r:aoc_device:s0
|
||||
/dev/acd-com.google.bt.non_wake_up u:object_r:aoc_device:s0
|
||||
@@ -63,11 +61,7 @@
|
||||
/dev/acd-com.google.chre.non_wake_up u:object_r:aoc_device:s0
|
||||
/dev/acd-com.google.umfw_stat u:object_r:aoc_device:s0
|
||||
/dev/acd-com.google.usf u:object_r:aoc_device:s0
|
||||
/dev/acd-com.google.usf.a3 u:object_r:aoc_device:s0
|
||||
/dev/acd-com.google.usf.a3.non_wake_up u:object_r:aoc_device:s0
|
||||
/dev/acd-com.google.usf.non_wake_up u:object_r:aoc_device:s0
|
||||
/dev/acd-com.google.usf.sc u:object_r:aoc_device:s0
|
||||
/dev/acd-com.google.usf.sc.non_wake_up u:object_r:aoc_device:s0
|
||||
/dev/acd-debug u:object_r:aoc_device:s0
|
||||
/dev/acd-hotword_notification u:object_r:aoc_device:s0
|
||||
/dev/acd-hotword_pcm u:object_r:aoc_device:s0
|
||||
@@ -227,6 +221,7 @@
|
||||
/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0
|
||||
/mnt/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0
|
||||
/sys/devices/platform/[0-9a-z]+\.ufs/pixel/enable_pixel_ufs_logging u:object_r:sysfs_scsi_devices_0000:s0
|
||||
/system_ext/bin/hw/vendor\.google\.edgetpu_app_service@1\.0-service u:object_r:edgetpu_app_server_exec:s0
|
||||
/vendor/bin/CitadelProvision u:object_r:citadel_provision_exec:s0
|
||||
/vendor/bin/aocd u:object_r:aocd_exec:s0
|
||||
/vendor/bin/aocdump u:object_r:aocdump_exec:s0
|
||||
@@ -270,7 +265,7 @@
|
||||
/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.drm-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.drm-service\.widevine u:object_r:hal_drm_widevine_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.dumpstate\.3-service u:object_r:hal_dumpstate_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.dumpstate-service u:object_r:hal_dumpstate_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.edgetpu\.logging@service-edgetpu-logging u:object_r:edgetpu_logging_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0
|
||||
@@ -358,7 +353,7 @@
|
||||
/vendor/lib(64)?/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib64/com\.google\.edgetpu_app_service-V[1-6]-ndk\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib64/com\.google\.edgetpu_app_service-V[1-4]-ndk\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib64/libedgetpu_client\.google\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib64/libedgetpu_tachyon\.google\.so u:object_r:same_process_hal_file:s0
|
||||
|
||||
1
sepolicy/vendor/genfs_contexts
vendored
1
sepolicy/vendor/genfs_contexts
vendored
@@ -10,7 +10,6 @@ genfscon debugfs /page_pinner u:object_r:vendor_page_pinner_debugfs:s0
|
||||
genfscon debugfs /dri/0/crtc- u:object_r:vendor_dri_debugfs:s0
|
||||
genfscon debugfs /maxfg_base u:object_r:vendor_maxfg_debugfs:s0
|
||||
genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0
|
||||
genfscon debugfs /edgetpu u:object_r:vendor_edgetpu_debugfs:s0
|
||||
genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0
|
||||
genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0
|
||||
genfscon debugfs /f2fs u:object_r:debugfs_f2fs:s0
|
||||
|
||||
2
sepolicy/vendor/gpu_device.te
vendored
2
sepolicy/vendor/gpu_device.te
vendored
@@ -1,2 +0,0 @@
|
||||
neverallowxperm { appdomain -mali_target_sdk } gpu_device:chr_file ioctl { 0x8008 0x8020 0x8021 0x8022 0x8023 0x802a 0xbe00 0xbe01 0xbe10 0xbe11 0xbe20 0xbe21 0xbe30 0xbe40 0xbe41 0xbeff };
|
||||
neverallowxperm { appdomain -runas_app -shell -mali_target_sdk } gpu_device:chr_file ioctl { 0x8012 0x8013 0x8038 0x8039 0x8102 0xbf00 0xbf01 0xbf10 };
|
||||
4
sepolicy/vendor/grilservice_app.te
vendored
4
sepolicy/vendor/grilservice_app.te
vendored
@@ -1,3 +1,7 @@
|
||||
type grilservice_app, domain;
|
||||
|
||||
app_domain(grilservice_app)
|
||||
|
||||
hal_client_domain(grilservice_app, hal_power_stats)
|
||||
|
||||
binder_call(grilservice_app, hal_audiometricext_default)
|
||||
|
||||
1
sepolicy/vendor/hal_dumpstate.te
vendored
1
sepolicy/vendor/hal_dumpstate.te
vendored
@@ -8,5 +8,6 @@ allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms;
|
||||
allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms;
|
||||
allow hal_dumpstate_default shell_data_file:file getattr;
|
||||
allow hal_dumpstate_default touch_context_service:service_manager find;
|
||||
allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans;
|
||||
|
||||
neverallow hal_dumpstate_default { vendor_file_type -vendor_toolbox_exec }:file execute_no_trans;
|
||||
|
||||
2
sepolicy/vendor/hal_fingerprint.te
vendored
2
sepolicy/vendor/hal_fingerprint.te
vendored
@@ -15,8 +15,6 @@ allow hal_fingerprint trusty_log_device:chr_file r_file_perms;
|
||||
allow hal_fingerprint_default block_device:dir search;
|
||||
allow hal_fingerprint_default dmabuf_system_heap_device:chr_file r_file_perms;
|
||||
allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default fingerprint_vendor_data_file:dir create_dir_perms;
|
||||
allow hal_fingerprint_default fingerprint_vendor_data_file:file create_file_perms;
|
||||
allow hal_fingerprint_default fwk_sensor_hwservice:hwservice_manager find;
|
||||
allow hal_fingerprint_default fwk_stats_service:service_manager find;
|
||||
allow hal_fingerprint_default hal_pixel_display_service:service_manager find;
|
||||
|
||||
2
sepolicy/vendor/hal_sensors.te
vendored
2
sepolicy/vendor/hal_sensors.te
vendored
@@ -26,8 +26,6 @@ allow hal_sensors_default hidraw_device:chr_file rw_file_perms;
|
||||
allow hal_sensors_default mnt_vendor_file:dir search;
|
||||
allow hal_sensors_default persist_file:dir search;
|
||||
allow hal_sensors_default persist_file:file r_file_perms;
|
||||
allow hal_sensors_default sensor_data_file:dir { add_name remove_name search write };
|
||||
allow hal_sensors_default sensor_data_file:sock_file { create unlink };
|
||||
allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms;
|
||||
allow hal_sensors_default sensor_reg_data_file:file create_file_perms;
|
||||
allow hal_sensors_default sysfs_aoc:dir search;
|
||||
|
||||
1
sepolicy/vendor/insmod-sh.te
vendored
1
sepolicy/vendor/insmod-sh.te
vendored
@@ -13,7 +13,6 @@ allow insmod-sh self:capability sys_nice;
|
||||
allow insmod-sh system_dlkm_file:dir r_dir_perms;
|
||||
allow insmod-sh system_dlkm_file:file r_file_perms;
|
||||
allow insmod-sh system_dlkm_file:system module_load;
|
||||
allow insmod-sh vendor_edgetpu_debugfs:dir search;
|
||||
allow insmod-sh vendor_kernel_modules:system module_load;
|
||||
allow insmod-sh vendor_regmap_debugfs:dir search;
|
||||
allow insmod-sh vendor_toolbox_exec:file execute_no_trans;
|
||||
|
||||
1
sepolicy/vendor/kernel.te
vendored
1
sepolicy/vendor/kernel.te
vendored
@@ -4,7 +4,6 @@ allow kernel self:perf_event cpu;
|
||||
allow kernel userdata_exp_block_device:blk_file { read write };
|
||||
allow kernel vendor_fw_file:dir r_dir_perms;
|
||||
allow kernel vendor_fw_file:file r_file_perms;
|
||||
allow kernel vendor_fw_file:system firmware_load;
|
||||
|
||||
dontaudit kernel sepolicy_file:file getattr;
|
||||
dontaudit kernel system_bootstrap_lib_file:{ dir file } getattr;
|
||||
|
||||
6
sepolicy/vendor/mali_target_sdk.te
vendored
6
sepolicy/vendor/mali_target_sdk.te
vendored
@@ -1,6 +0,0 @@
|
||||
attribute mali_target_sdk;
|
||||
|
||||
allowxperm mali_target_sdk gpu_device:chr_file ioctl { 0x8008 0x8020 0x8021 0x8022 0x8023 0x802a 0xbe00 0xbe01 0xbe10 0xbe11 0xbe20 0xbe21 0xbe30 0xbe40 0xbe41 0xbeff };
|
||||
allowxperm mali_target_sdk gpu_device:chr_file ioctl { 0x8012 0x8013 0x8038 0x8039 };
|
||||
allowxperm mali_target_sdk gpu_device:chr_file ioctl 0x8102;
|
||||
allowxperm mali_target_sdk gpu_device:chr_file ioctl { 0xbf00 0xbf01 0xbf10 };
|
||||
7
sepolicy/vendor/modem_diagnostic_app.te
vendored
7
sepolicy/vendor/modem_diagnostic_app.te
vendored
@@ -1 +1,8 @@
|
||||
type modem_diagnostic_app, domain;
|
||||
|
||||
app_domain(modem_diagnostic_app)
|
||||
|
||||
net_domain(modem_diagnostic_app)
|
||||
|
||||
allow modem_diagnostic_app app_api_service:service_manager find;
|
||||
allow modem_diagnostic_app radio_service:service_manager find;
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
type omadm_app, domain;
|
||||
|
||||
app_domain(omadm_app)
|
||||
|
||||
net_domain(omadm_app)
|
||||
|
||||
typeattribute omadm_app coredomain;
|
||||
|
||||
allow omadm_app app_api_service:service_manager find;
|
||||
allow omadm_app radio_service:service_manager find;
|
||||
allow omadm_app radio_vendor_data_file:dir rw_dir_perms;
|
||||
allow omadm_app radio_vendor_data_file:file create_file_perms;
|
||||
1
sepolicy/vendor/ot_rcp.te
vendored
1
sepolicy/vendor/ot_rcp.te
vendored
@@ -1 +0,0 @@
|
||||
allowxperm ot_rcp self:netlink_route_socket nlmsg { RTM_GETACTION RTM_GETADDR RTM_GETADDRLABEL RTM_GETANYCAST RTM_GETCHAIN RTM_GETDCB RTM_GETLINK RTM_GETMDB RTM_GETMULTICAST RTM_GETNETCONF RTM_GETNEXTHOP RTM_GETNEXTHOPBUCKET RTM_GETNSID RTM_GETQDISC RTM_GETROUTE RTM_GETRULE RTM_GETSTATS RTM_GETTCLASS RTM_GETTFILTER RTM_GETTUNNEL RTM_GETVLAN RTM_NEWCACHEREPORT RTM_NEWSTATS };
|
||||
4
sepolicy/vendor/pixelstats_vendor.te
vendored
4
sepolicy/vendor/pixelstats_vendor.te
vendored
@@ -53,8 +53,8 @@ allow pixelstats_vendor sysfs_fs_f2fs:file rw_file_perms;
|
||||
allow pixelstats_vendor sysfs_ion:dir search;
|
||||
allow pixelstats_vendor sysfs_ion:file r_file_perms;
|
||||
allow pixelstats_vendor sysfs_pca:file rw_file_perms;
|
||||
allow pixelstats_vendor sysfs_pixel_stat:dir r_dir_perms;
|
||||
allow pixelstats_vendor sysfs_pixel_stat:file r_file_perms;
|
||||
allow pixelstats_vendor sysfs_pixel_stat:dir search;
|
||||
allow pixelstats_vendor sysfs_pixel_stat:file getattr;
|
||||
allow pixelstats_vendor sysfs_pixelstats:file r_file_perms;
|
||||
allow pixelstats_vendor sysfs_scsi_devices_0000:dir search;
|
||||
allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms;
|
||||
|
||||
2
sepolicy/vendor/property.te
vendored
2
sepolicy/vendor/property.te
vendored
@@ -2,7 +2,6 @@ system_internal_prop(vendor_pss_systemphenotype_prop)
|
||||
|
||||
system_public_prop(vendor_edgetpu_service_prop)
|
||||
system_public_prop(vendor_intelligence_prop)
|
||||
system_public_prop(vendor_logger_prop)
|
||||
|
||||
system_vendor_config_prop(vendor_camera_pbcs_debug_prop)
|
||||
system_vendor_config_prop(vendor_edgetpu_cpu_scheduler_prop)
|
||||
@@ -32,6 +31,7 @@ vendor_internal_prop(vendor_gps_prop)
|
||||
vendor_internal_prop(vendor_gril_prop)
|
||||
vendor_internal_prop(vendor_ims_prop)
|
||||
vendor_internal_prop(vendor_imssvc_prop)
|
||||
vendor_internal_prop(vendor_logger_prop)
|
||||
vendor_internal_prop(vendor_mitigation_ready_prop)
|
||||
vendor_internal_prop(vendor_modem_prop)
|
||||
vendor_internal_prop(vendor_nfc_prop)
|
||||
|
||||
1
sepolicy/vendor/property_contexts
vendored
1
sepolicy/vendor/property_contexts
vendored
@@ -6,7 +6,6 @@ persist.vendor.camera.pbcs.debug. u:object_r:vendor_camera_pbcs_debug_prop:s0
|
||||
persist.vendor.cbd. u:object_r:vendor_cbd_prop:s0
|
||||
persist.vendor.config. u:object_r:vendor_persist_config_default_prop:s0
|
||||
persist.vendor.display. u:object_r:vendor_display_prop:s0
|
||||
persist.vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0
|
||||
persist.vendor.gps. u:object_r:vendor_gps_prop:s0
|
||||
persist.vendor.ims. u:object_r:vendor_imssvc_prop:s0
|
||||
persist.vendor.intelligence u:object_r:vendor_intelligence_prop:s0
|
||||
|
||||
8
sepolicy/vendor/rcs_app.te
vendored
8
sepolicy/vendor/rcs_app.te
vendored
@@ -1,3 +1,11 @@
|
||||
type vendor_rcs_app, domain;
|
||||
|
||||
app_domain(vendor_rcs_app)
|
||||
|
||||
net_domain(vendor_rcs_app)
|
||||
|
||||
binder_call(vendor_rcs_app, rild)
|
||||
|
||||
allow vendor_rcs_app app_api_service:service_manager find;
|
||||
allow vendor_rcs_app hal_exynos_rild_hwservice:hwservice_manager find;
|
||||
allow vendor_rcs_app radio_service:service_manager find;
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
type vendor_rcs_service_app, coredomain, domain;
|
||||
type vendor_rcs_service_app, domain;
|
||||
|
||||
app_domain(vendor_rcs_service_app)
|
||||
|
||||
3
sepolicy/vendor/runas_app.te
vendored
3
sepolicy/vendor/runas_app.te
vendored
@@ -1,3 +0,0 @@
|
||||
allowxperm runas_app gpu_device:chr_file ioctl { 0x8012 0x8013 0x8038 0x8039 };
|
||||
allowxperm runas_app gpu_device:chr_file ioctl 0x8102;
|
||||
allowxperm runas_app gpu_device:chr_file ioctl { 0xbf00 0xbf01 0xbf10 };
|
||||
4
sepolicy/vendor/seapp_contexts
vendored
4
sepolicy/vendor/seapp_contexts
vendored
@@ -1,11 +1,15 @@
|
||||
user=_app isPrivApp=true name=.ShannonImsService domain=vendor_ims_app levelFrom=all
|
||||
user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_app levelFrom=all
|
||||
user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all
|
||||
user=_app isPrivApp=true name=com.samsung.slsi.telephony.oemril domain=oemrilservice_app levelFrom=all
|
||||
user=_app isPrivApp=true name=com.shannon.imsservice domain=vendor_ims_app levelFrom=all
|
||||
user=_app isPrivApp=true name=com.shannon.imsservice:remote domain=vendor_ims_remote_app levelFrom=all
|
||||
user=_app isPrivApp=true name=com.shannon.qualifiednetworksservice domain=vendor_qualifiednetworks_app levelFrom=all
|
||||
user=_app isPrivApp=true name=com.shannon.rcsservice domain=vendor_rcs_app levelFrom=all
|
||||
user=_app isPrivApp=true name=com.shannon.rcsservice:shannonrcsservice domain=vendor_rcs_service_app levelFrom=all
|
||||
user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
|
||||
user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user
|
||||
user=_app isPrivApp=true seinfo=platform name=com.android.omadm.service domain=omadm_app type=app_data_file levelFrom=all
|
||||
user=_app isPrivApp=true seinfo=platform name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user
|
||||
user=_app isPrivApp=true seinfo=platform name=com.thales.device.ofl.app.basicagent domain=ofl_app type=app_data_file levelFrom=user
|
||||
user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
|
||||
|
||||
1
sepolicy/vendor/service_contexts
vendored
1
sepolicy/vendor/service_contexts
vendored
@@ -5,6 +5,7 @@ android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox u:obje
|
||||
android.hardware.security.sharedsecret.ISharedSecret/strongbox u:object_r:hal_sharedsecret_service:s0
|
||||
aocx.IAocx/default u:object_r:aocx:s0
|
||||
com.google.android.imageprocessing.hal.IImageProcessingHal/default u:object_r:vendor_image_processing_hal_service:s0
|
||||
com.google.edgetpu.IEdgeTpuAppService/default u:object_r:edgetpu_app_service:s0
|
||||
com.google.edgetpu.IEdgeTpuVendorService/default u:object_r:edgetpu_vendor_service:s0
|
||||
com.google.edgetpu.dba.IDevice/default u:object_r:edgetpu_dba_service:s0
|
||||
com.google.edgetpu.tachyon.IComputeService/default u:object_r:edgetpu_tachyon_service:s0
|
||||
|
||||
6
sepolicy/vendor/shell.te
vendored
6
sepolicy/vendor/shell.te
vendored
@@ -1,7 +1 @@
|
||||
get_prop(shell, vendor_intelligence_prop)
|
||||
|
||||
allowxperm shell gpu_device:chr_file ioctl { 0x8012 0x8013 0x8038 0x8039 };
|
||||
allowxperm shell gpu_device:chr_file ioctl 0x8102;
|
||||
allowxperm shell gpu_device:chr_file ioctl { 0xbf00 0xbf01 0xbf10 };
|
||||
|
||||
dontaudit shell sysfs_wlc:dir search;
|
||||
|
||||
2
sepolicy/vendor/storage_init.te
vendored
2
sepolicy/vendor/storage_init.te
vendored
@@ -3,8 +3,6 @@ type storage_init_exec, exec_type, file_type, vendor_file_type;
|
||||
|
||||
init_daemon_domain(storage_init)
|
||||
|
||||
set_prop(storage_init, logpersistd_logging_prop)
|
||||
|
||||
allow storage_init proc_f2fs:dir search;
|
||||
allow storage_init proc_f2fs:file { getattr open read };
|
||||
allow storage_init sysfs_fs_f2fs:dir search;
|
||||
|
||||
@@ -83,7 +83,7 @@
|
||||
</hal>
|
||||
<hal format="aidl">
|
||||
<name>com.google.hardware.pixel.display</name>
|
||||
<version>16-17</version>
|
||||
<version>16</version>
|
||||
<interface>
|
||||
<name>IDisplay</name>
|
||||
<instance>default</instance>
|
||||
|
||||
22
vintf/vendor_framework_compatibility_matrix.xml
Normal file
22
vintf/vendor_framework_compatibility_matrix.xml
Normal file
@@ -0,0 +1,22 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!--
|
||||
SPDX-FileCopyrightText: The LineageOS Project
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
-->
|
||||
<compatibility-matrix version="9.0" type="framework">
|
||||
<hal format="aidl">
|
||||
<name>aocx</name>
|
||||
<version>1-2</version>
|
||||
<interface>
|
||||
<name>IAocx</name>
|
||||
<instance>default</instance>
|
||||
</interface>
|
||||
</hal>
|
||||
<hal format="aidl">
|
||||
<name>com.google.android.imageprocessing.hal</name>
|
||||
<interface>
|
||||
<name>IImageProcessingHal</name>
|
||||
<instance>default</instance>
|
||||
</interface>
|
||||
</hal>
|
||||
</compatibility-matrix>
|
||||
Reference in New Issue
Block a user