Add 'sepolicy/' from tag 'android-14.0.0_r17'

git-subtree-dir: sepolicy git-subtree-mainline: 4458f0bf68 git-subtree-split: 2ef3b7d7a3 Change-Id: Ifd54af34ee1e44d00ed34e70040d3eb673f02dbc
2023-12-14 13:35:50 +02:00
parent 4458f0bf68 2ef3b7d7a3
commit ec2cb2ecb5
16 changed files with 113 additions and 0 deletions
--- a/sepolicy/OWNERS
+++ b/sepolicy/OWNERS
@@ -0,0 +1,3 @@
+include platform/system/sepolicy:/OWNERS
+
+rurumihong@google.com
--- a/sepolicy/husky-sepolicy.mk
+++ b/sepolicy/husky-sepolicy.mk
@@ -0,0 +1,5 @@
+# sepolicy exclusively for husky.
+BOARD_SEPOLICY_DIRS += device/google/shusky-sepolicy/husky
+
+# unresolved SELinux error log with bug tracking
+BOARD_SEPOLICY_DIRS += device/google/shusky-sepolicy/tracking_denials
--- a/sepolicy/husky/README.txt
+++ b/sepolicy/husky/README.txt
@@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.
--- a/sepolicy/husky/file_contexts
+++ b/sepolicy/husky/file_contexts
@@ -0,0 +1,4 @@
+# Bluetooth
+/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
+/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
+/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
--- a/sepolicy/husky/genfs_contexts
+++ b/sepolicy/husky/genfs_contexts
@@ -0,0 +1,19 @@
+# Haptics
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
+
+# WLC
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c                            u:object_r:sysfs_wlc:s0
+
+# GPS
+genfscon sysfs /devices/platform/111e0000.spi/spi_master/spi21/spi21.0/nstandby  u:object_r:sysfs_gps:s0
--- a/sepolicy/husky/vendor_init.te
+++ b/sepolicy/husky/vendor_init.te
@@ -0,0 +1,2 @@
+# Display
+set_prop(vendor_init, vendor_display_prop)
--- a/sepolicy/ripcurrent-sepolicy.mk
+++ b/sepolicy/ripcurrent-sepolicy.mk
@@ -0,0 +1,3 @@
+# sepolicy that are shared among devices using whitechapel
+BOARD_SEPOLICY_DIRS += device/google/shusky-sepolicy/ripcurrent
+
--- a/sepolicy/ripcurrent/README.txt
+++ b/sepolicy/ripcurrent/README.txt
@@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.
--- a/sepolicy/ripcurrent/file_contexts
+++ b/sepolicy/ripcurrent/file_contexts
@@ -0,0 +1,4 @@
+# Bluetooth
+/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
+/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
+/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
--- a/sepolicy/ripcurrent/genfs_contexts
+++ b/sepolicy/ripcurrent/genfs_contexts
@@ -0,0 +1,33 @@
+# Haptics
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
+
+# WLC
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c                            u:object_r:sysfs_wlc:s0
+
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                            u:object_r:sysfs_wlc:s0
+
+# GPS
+genfscon sysfs /devices/platform/111e0000.spi/spi_master/spi21/spi21.0/nstandby  u:object_r:sysfs_gps:s0
--- a/sepolicy/shiba-sepolicy.mk
+++ b/sepolicy/shiba-sepolicy.mk
@@ -0,0 +1,5 @@
+# sepolicy exclusively for shiba.
+BOARD_SEPOLICY_DIRS += device/google/shusky-sepolicy/shiba
+
+# unresolved SELinux error log with bug tracking
+BOARD_SEPOLICY_DIRS += device/google/shusky-sepolicy/tracking_denials
--- a/sepolicy/shiba/README.txt
+++ b/sepolicy/shiba/README.txt
@@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.
--- a/sepolicy/shiba/file_contexts
+++ b/sepolicy/shiba/file_contexts
@@ -0,0 +1,4 @@
+# Bluetooth
+/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
+/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
+/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
--- a/sepolicy/shiba/genfs_contexts
+++ b/sepolicy/shiba/genfs_contexts
@@ -0,0 +1,19 @@
+# Haptics
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
+
+# WLC
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c                            u:object_r:sysfs_wlc:s0
+
+# GPS
+genfscon sysfs /devices/platform/111e0000.spi/spi_master/spi21/spi21.0/nstandby  u:object_r:sysfs_gps:s0
--- a/sepolicy/tracking_denials/file.te
+++ b/sepolicy/tracking_denials/file.te
@@ -0,0 +1,2 @@
+# b/301300623
+typeattribute sysfs_touch_gti mlstrustedobject;
--- a/sepolicy/tracking_denials/priv_app.te
+++ b/sepolicy/tracking_denials/priv_app.te
@@ -0,0 +1,4 @@
+# b/301300623
+allow priv_app app_api_service:service_manager find;
+allow priv_app sysfs_touch_gti:file rw_file_perms;
+allow priv_app sysfs_touch_gti:file { getattr open read write };