Evolution-X-Devices/device_google_redfin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add 'sepolicy/' from tag 'android-14.0.0_r1'

Browse Source 
git-subtree-dir: sepolicy
git-subtree-mainline: 806f102839
git-subtree-split: 1cc8fb4af4
Change-Id: I46b391c74795fa2a352567af0166e994a424330d
This commit is contained in:
Michael Bestas
2023-10-10 04:26:19 +03:00
parent 806f102839 1cc8fb4af4
commit c5447af9f8
23 changed files with 116 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sepolicy/OWNERS Normal file
View File

@@ -0,0 +1,3 @@
include platform/system/sepolicy:/OWNERS
rurumihong@google.com

3
sepolicy/PREUPLOAD.cfg Normal file
View File

@@ -0,0 +1,3 @@
[Hook Scripts]
aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "."

3
sepolicy/redfin-sepolicy.mk Normal file
View File

@@ -0,0 +1,3 @@
# vendors
BOARD_SEPOLICY_DIRS += device/google/redfin-sepolicy/vendor/google
BOARD_SEPOLICY_DIRS += device/google/redfin-sepolicy/tracking_denials

9
sepolicy/tracking_denials/bug_map Normal file
View File

@@ -0,0 +1,9 @@
adbd sysfs_msm_subsys dir b/269369858
derive_sdk system_app dir b/269044764
dumpstate hal_input_processor_default process b/238263647
dumpstate incident process b/238263647
dumpstate system_data_file dir b/264600011
hal_camera_default graphics_config_prop file b/268147541
hal_drm_widevine default_prop file b/238263747
shell build_attestation_prop file b/269370035
system_server vendor_incremental_module file b/264483807

2
sepolicy/tracking_denials/dumpstate.te Normal file
View File

@@ -0,0 +1,2 @@
# b/277155912
dontaudit dumpstate default_android_service:service_manager { find };

3
sepolicy/tracking_denials/hal_power_default.te Normal file
View File

@@ -0,0 +1,3 @@
# b/178988508
dontaudit hal_power_default hal_power_default:capability dac_override ;
dontaudit hal_power_default hal_power_default:capability dac_override ;

10
sepolicy/tracking_denials/shell.te Normal file
View File

@@ -0,0 +1,10 @@
# b/269370035
dontaudit shell incident_service:service_manager { find };
dontaudit shell installd_service:service_manager { find };
dontaudit shell mdns_service:service_manager { find };
dontaudit shell netd_service:service_manager { find };
dontaudit shell system_suspend_control_service:service_manager { find };
dontaudit shell system_suspend_control_internal_service:service_manager { find };
dontaudit shell vold_service:service_manager { find };
dontaudit shell dnsresolver_service:service_manager { find };
dontaudit shell gatekeeper_service:service_manager { find };

5
sepolicy/vendor/google/file_contexts vendored Normal file
View File

@@ -0,0 +1,5 @@
# vendor binaries
/vendor/bin/hw/android\.hardware\.usb-service\.redfin u:object_r:hal_usb_impl_exec:s0
/vendor/bin/hw/android\.hardware\.usb\.gadget-service\.redfin u:object_r:hal_usb_gadget_impl_exec:s0
/vendor/bin/hw/android\.hardware\.vibrator-service\.redfin u:object_r:hal_vibrator_default_exec:s0
/vendor/bin/hw/android\.hardware\.dumpstate@1\.1-service\.redfin u:object_r:hal_dumpstate_impl_exec:s0

1
sepolicy/vendor/google/genfs_contexts vendored Normal file
View File

@@ -0,0 +1 @@
genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-1/1-003b u:object_r:sysfs_wlc:s0

3
sepolicy/vendor/google/hal_dumpstate_impl.te vendored Normal file
View File

@@ -0,0 +1,3 @@
# Access to WLC firmware info
allow hal_dumpstate_impl sysfs_wlc:dir r_dir_perms;
allow hal_dumpstate_impl sysfs_wlc:file r_file_perms;

2
sepolicy/vendor/google/hal_health_default.te vendored Normal file
View File

@@ -0,0 +1,2 @@
r_dir_file(hal_health_default, sysfs_wlc)
allow hal_health_default sysfs_wlc:dir r_dir_perms;

14
sepolicy/vendor/google/hal_usb_gadget_impl.te vendored Normal file
View File

@@ -0,0 +1,14 @@
type hal_usb_gadget_impl, domain;
hal_server_domain(hal_usb_gadget_impl, hal_usb)
hal_server_domain(hal_usb_gadget_impl, hal_usb_gadget)
type hal_usb_gadget_impl_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(hal_usb_gadget_impl)
allow hal_usb_gadget_impl configfs:dir { create rmdir };
allow hal_usb_gadget_impl functionfs:dir { watch watch_reads };
set_prop(hal_usb_gadget_impl, vendor_usb_prop)
allow hal_usb_gadget_impl sysfs_batteryinfo:dir r_dir_perms;
allow hal_usb_gadget_impl sysfs_batteryinfo:file rw_file_perms;
allow hal_usb_gadget_impl sysfs_extcon:dir search;

22
sepolicy/vendor/google/pixelstats_vendor.te vendored Normal file
View File

@@ -0,0 +1,22 @@
r_dir_file(pixelstats_vendor, sysfs_pixelstats)
unix_socket_connect(pixelstats_vendor, chre, chre)
get_prop(pixelstats_vendor, hwservicemanager_prop)
hwbinder_use(pixelstats_vendor)
allow pixelstats_vendor hal_pixelstats_hwservice:hwservice_manager find;
allow pixelstats_vendor fwk_stats_hwservice:hwservice_manager find;
binder_call(pixelstats_vendor, statsd)
binder_use(pixelstats_vendor)
allow pixelstats_vendor fwk_stats_service:service_manager find;
allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms;
# OrientationCollector
# HIDL sensorservice
allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find;
# AIDL sensorservice
allow pixelstats_vendor fwk_sensor_service:service_manager find;
binder_call(pixelstats_vendor, system_server)

2
sepolicy/vendor/google/shell.te vendored Normal file
View File

@@ -0,0 +1,2 @@
# wlc
dontaudit shell sysfs_wlc:dir search;

2
sepolicy/vendor/google/system_server.te vendored Normal file
View File

@@ -0,0 +1,2 @@
# pixelstats_vendor/OrientationCollector
binder_call(system_server, pixelstats_vendor)

1
sepolicy/wireless_charger/file_contexts Normal file
View File

@@ -0,0 +1 @@
/vendor/bin/hw/vendor\.google\.wireless_charger-default u:object_r:hal_wireless_charger_exec:s0

3
sepolicy/wireless_charger/hal_dumpstate_default.te Normal file
View File

@@ -0,0 +1,3 @@
allow hal_dumpstate_default sysfs_wlc:dir search;
allow hal_dumpstate_default sysfs_wlc:dir r_dir_perms;
allow hal_dumpstate_default sysfs_wlc:file r_file_perms;

2
sepolicy/wireless_charger/hal_googlebattery.te Normal file
View File

@@ -0,0 +1,2 @@
r_dir_file(hal_googlebattery, sysfs_wlc)
allow hal_googlebattery sysfs_wlc:file rw_file_perms;

1
sepolicy/wireless_charger/hal_health_default.te Normal file
View File

@@ -0,0 +1 @@
allow hal_health_default sysfs_wlc:dir search;

1
sepolicy/wireless_charger/hal_sensors_default.te Normal file
View File

@@ -0,0 +1 @@
allow hal_sensors_default sysfs_wlc:dir r_dir_perms;

20
sepolicy/wireless_charger/hal_wireless_charger.te Normal file
View File

@@ -0,0 +1,20 @@
init_daemon_domain(hal_wireless_charger)
r_dir_file(hal_wireless_charger, sysfs_batteryinfo)
r_dir_file(hal_wireless_charger, sysfs_wlc)
allow hal_wireless_charger sysfs_batteryinfo:file rw_file_perms;
allow hal_wireless_charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow hal_wireless_charger sysfs_wlc:file rw_file_perms;
binder_call(hal_wireless_charger, servicemanager)
add_service(hal_wireless_charger, hal_wireless_charger_service)
userdebug_or_eng(`
domain_auto_trans(shell, hal_wireless_charger_exec, hal_wireless_charger)
')
binder_call(hal_wireless_charger, platform_app)
binder_call(hal_wireless_charger, system_app)

3
sepolicy/wireless_charger/pixelstats_vendor.te Normal file
View File

@@ -0,0 +1,3 @@
# Wireless charge
allow pixelstats_vendor sysfs_wlc:dir search;
allow pixelstats_vendor sysfs_wlc:file rw_file_perms;

1
sepolicy/wireless_charger/service_contexts Normal file
View File

@@ -0,0 +1 @@
vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0