From 1e53e4f534319e9c253f6a58f4672ea9ada69e97 Mon Sep 17 00:00:00 2001 From: basamaryan Date: Mon, 17 Mar 2025 01:25:44 -0400 Subject: [PATCH] sm6375-common: Use hardware/motorola/sepolicy Change-Id: I3db249a436d258867d431b6a0e837d9053b85ddd --- BoardConfigCommon.mk | 3 +- sepolicy/private/linkerconfig.te | 1 - sepolicy/private/permissioncontroller_app.te | 1 - sepolicy/private/platform_app.te | 1 - sepolicy/private/property_contexts | 7 -- sepolicy/private/radio.te | 2 - sepolicy/private/service.te | 2 - sepolicy/private/service_contexts | 3 - sepolicy/private/system_server.te | 1 - sepolicy/private/system_suspend.te | 17 ---- sepolicy/private/toolbox.te | 1 - sepolicy/private/vendor_qtelephony.te | 2 - sepolicy/public/attributes | 1 - sepolicy/vendor/capsense_reset.te | 14 --- sepolicy/vendor/device.te | 12 --- sepolicy/vendor/domain.te | 1 - sepolicy/vendor/file.te | 35 ------- sepolicy/vendor/file_contexts | 90 ------------------ sepolicy/vendor/fsck.te | 1 - sepolicy/vendor/genfs_contexts | 96 -------------------- sepolicy/vendor/hal_audio_default.te | 2 - sepolicy/vendor/hal_bootctl_default.te | 8 -- sepolicy/vendor/hal_camera_default.te | 28 ------ sepolicy/vendor/hal_cameradesktop.te | 17 ---- sepolicy/vendor/hal_cameradesktop_default.te | 1 - sepolicy/vendor/hal_fingerprint_default.te | 35 ------- sepolicy/vendor/hal_light_default.te | 5 - sepolicy/vendor/hal_lineage_touch_default.te | 2 - sepolicy/vendor/hal_nfc_default.te | 5 - sepolicy/vendor/hal_power_default.te | 6 -- sepolicy/vendor/hal_sensors_default.te | 11 --- sepolicy/vendor/hwservice.te | 3 - sepolicy/vendor/hwservice_contexts | 13 --- sepolicy/vendor/init.te | 26 ------ sepolicy/vendor/installd.te | 3 - sepolicy/vendor/kernel.te | 7 -- sepolicy/vendor/property.te | 7 -- sepolicy/vendor/property_contexts | 27 ------ sepolicy/vendor/rild.te | 11 --- sepolicy/vendor/tee.te | 2 - sepolicy/vendor/ueventd.te | 1 - sepolicy/vendor/update_engine_common.te | 5 - sepolicy/vendor/vdc.te | 1 - sepolicy/vendor/vendor_hal_gnss_qti.te | 1 - sepolicy/vendor/vendor_hal_perf_default.te | 2 - sepolicy/vendor/vendor_init.te | 6 -- sepolicy/vendor/vendor_init_fingerprint.te | 28 ------ sepolicy/vendor/vendor_init_hw.te | 20 ---- sepolicy/vendor/vendor_init_touch.te | 16 ---- sepolicy/vendor/vendor_mdm_helper.te | 4 - sepolicy/vendor/vendor_mmi_boot.te | 15 --- sepolicy/vendor/vendor_mmi_laser.te | 16 ---- sepolicy/vendor/vendor_netmgrd.te | 1 - sepolicy/vendor/vendor_qti_init_shell.te | 7 -- sepolicy/vendor/vendor_qti_media.te | 1 - sepolicy/vendor/vendor_rmt_storage.te | 1 - sepolicy/vendor/vendor_thermal-engine.te | 4 - sepolicy/vendor/vendor_wcnss_service.te | 1 - 58 files changed, 1 insertion(+), 639 deletions(-) delete mode 100644 sepolicy/private/linkerconfig.te delete mode 100644 sepolicy/private/permissioncontroller_app.te delete mode 100644 sepolicy/private/platform_app.te delete mode 100644 sepolicy/private/property_contexts delete mode 100644 sepolicy/private/radio.te delete mode 100644 sepolicy/private/service.te delete mode 100644 sepolicy/private/service_contexts delete mode 100644 sepolicy/private/system_server.te delete mode 100644 sepolicy/private/system_suspend.te delete mode 100644 sepolicy/private/toolbox.te delete mode 100644 sepolicy/private/vendor_qtelephony.te delete mode 100644 sepolicy/public/attributes delete mode 100644 sepolicy/vendor/capsense_reset.te delete mode 100644 sepolicy/vendor/device.te delete mode 100644 sepolicy/vendor/domain.te delete mode 100644 sepolicy/vendor/file.te delete mode 100644 sepolicy/vendor/fsck.te delete mode 100644 sepolicy/vendor/genfs_contexts delete mode 100644 sepolicy/vendor/hal_audio_default.te delete mode 100644 sepolicy/vendor/hal_bootctl_default.te delete mode 100644 sepolicy/vendor/hal_camera_default.te delete mode 100644 sepolicy/vendor/hal_cameradesktop.te delete mode 100644 sepolicy/vendor/hal_cameradesktop_default.te delete mode 100644 sepolicy/vendor/hal_fingerprint_default.te delete mode 100644 sepolicy/vendor/hal_light_default.te delete mode 100644 sepolicy/vendor/hal_lineage_touch_default.te delete mode 100644 sepolicy/vendor/hal_nfc_default.te delete mode 100644 sepolicy/vendor/hal_power_default.te delete mode 100644 sepolicy/vendor/hal_sensors_default.te delete mode 100644 sepolicy/vendor/hwservice.te delete mode 100644 sepolicy/vendor/hwservice_contexts delete mode 100644 sepolicy/vendor/init.te delete mode 100644 sepolicy/vendor/installd.te delete mode 100644 sepolicy/vendor/kernel.te delete mode 100644 sepolicy/vendor/property.te delete mode 100644 sepolicy/vendor/property_contexts delete mode 100644 sepolicy/vendor/rild.te delete mode 100644 sepolicy/vendor/tee.te delete mode 100644 sepolicy/vendor/ueventd.te delete mode 100644 sepolicy/vendor/update_engine_common.te delete mode 100644 sepolicy/vendor/vdc.te delete mode 100644 sepolicy/vendor/vendor_hal_gnss_qti.te delete mode 100644 sepolicy/vendor/vendor_hal_perf_default.te delete mode 100644 sepolicy/vendor/vendor_init.te delete mode 100644 sepolicy/vendor/vendor_init_fingerprint.te delete mode 100644 sepolicy/vendor/vendor_init_hw.te delete mode 100644 sepolicy/vendor/vendor_init_touch.te delete mode 100644 sepolicy/vendor/vendor_mdm_helper.te delete mode 100644 sepolicy/vendor/vendor_mmi_boot.te delete mode 100644 sepolicy/vendor/vendor_mmi_laser.te delete mode 100644 sepolicy/vendor/vendor_netmgrd.te delete mode 100644 sepolicy/vendor/vendor_qti_init_shell.te delete mode 100644 sepolicy/vendor/vendor_qti_media.te delete mode 100644 sepolicy/vendor/vendor_rmt_storage.te delete mode 100644 sepolicy/vendor/vendor_thermal-engine.te delete mode 100644 sepolicy/vendor/vendor_wcnss_service.te diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index 5f4a04a..01ab4f0 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -156,9 +156,8 @@ ENABLE_VENDOR_RIL_SERVICE := true # SELinux include device/qcom/sepolicy_vndr/SEPolicy.mk +include hardware/motorola/sepolicy/qti/SEPolicy.mk BOARD_VENDOR_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor -PRODUCT_PRIVATE_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/private -PRODUCT_PUBLIC_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/public # Verified Boot BOARD_AVB_ENABLE := true diff --git a/sepolicy/private/linkerconfig.te b/sepolicy/private/linkerconfig.te deleted file mode 100644 index 2d090d2..0000000 --- a/sepolicy/private/linkerconfig.te +++ /dev/null @@ -1 +0,0 @@ -allow linkerconfig self:capability kill; diff --git a/sepolicy/private/permissioncontroller_app.te b/sepolicy/private/permissioncontroller_app.te deleted file mode 100644 index f006c72..0000000 --- a/sepolicy/private/permissioncontroller_app.te +++ /dev/null @@ -1 +0,0 @@ -allow permissioncontroller_app tethering_service:service_manager find; diff --git a/sepolicy/private/platform_app.te b/sepolicy/private/platform_app.te deleted file mode 100644 index 07cc05f..0000000 --- a/sepolicy/private/platform_app.te +++ /dev/null @@ -1 +0,0 @@ -hal_client_domain(platform_app, vendor_hal_soter); diff --git a/sepolicy/private/property_contexts b/sepolicy/private/property_contexts deleted file mode 100644 index 7d814b9..0000000 --- a/sepolicy/private/property_contexts +++ /dev/null @@ -1,7 +0,0 @@ -# Camera -camera.mot.is.coming.cts u:object_r:moto_camera_config_prop:s0 exact bool -ro.camera.req.fmq.size u:object_r:moto_camera_config_prop:s0 exact bool -ro.camera.res.fmq.size u:object_r:moto_camera_config_prop:s0 exact bool - -# Motorola -ro.mot.build.customerid u:object_r:build_prop:s0 diff --git a/sepolicy/private/radio.te b/sepolicy/private/radio.te deleted file mode 100644 index d2d11f2..0000000 --- a/sepolicy/private/radio.te +++ /dev/null @@ -1,2 +0,0 @@ -allow radio mot_radio_service:service_manager { add find }; -allow radio mot_system_service:service_manager find; diff --git a/sepolicy/private/service.te b/sepolicy/private/service.te deleted file mode 100644 index 3568a3e..0000000 --- a/sepolicy/private/service.te +++ /dev/null @@ -1,2 +0,0 @@ -type mot_radio_service, service_manager_type; -type mot_system_service, service_manager_type; diff --git a/sepolicy/private/service_contexts b/sepolicy/private/service_contexts deleted file mode 100644 index ddc0d01..0000000 --- a/sepolicy/private/service_contexts +++ /dev/null @@ -1,3 +0,0 @@ -motoexttelephony u:object_r:mot_radio_service:s0 -moto_ext_telephony.registry u:object_r:mot_system_service:s0 -motsettings u:object_r:mot_system_service:s0 diff --git a/sepolicy/private/system_server.te b/sepolicy/private/system_server.te deleted file mode 100644 index 5c18951..0000000 --- a/sepolicy/private/system_server.te +++ /dev/null @@ -1 +0,0 @@ -allow system_server mot_system_service:service_manager add; diff --git a/sepolicy/private/system_suspend.te b/sepolicy/private/system_suspend.te deleted file mode 100644 index 0d845e9..0000000 --- a/sepolicy/private/system_suspend.te +++ /dev/null @@ -1,17 +0,0 @@ -init_daemon_domain(system_suspend) - -# To serve ISuspendControlService.aidl. -binder_use(system_suspend) -add_service(system_suspend, system_suspend_control_service) - -# Access to /sys/power/{ wakeup_count, state } suspend interface. -allow system_suspend sysfs_power:file rw_file_perms; - -allow system_suspend sysfs:dir { open read }; -allow system_suspend sysfs:file { getattr }; - -dontaudit system_suspend sysfs:file { open read }; - -# Access to /sys/power/{ wake_lock, wake_unlock } suspend blocker interface. -allow system_suspend self:global_capability2_class_set block_suspend; -allow system_suspend sysfs_wake_lock:file rw_file_perms; diff --git a/sepolicy/private/toolbox.te b/sepolicy/private/toolbox.te deleted file mode 100644 index 64f5780..0000000 --- a/sepolicy/private/toolbox.te +++ /dev/null @@ -1 +0,0 @@ -allow toolbox self:capability kill; diff --git a/sepolicy/private/vendor_qtelephony.te b/sepolicy/private/vendor_qtelephony.te deleted file mode 100644 index 610e1dc..0000000 --- a/sepolicy/private/vendor_qtelephony.te +++ /dev/null @@ -1,2 +0,0 @@ -allow vendor_qtelephony mot_radio_service:service_manager find; -allow vendor_qtelephony mot_system_service:service_manager find; diff --git a/sepolicy/public/attributes b/sepolicy/public/attributes deleted file mode 100644 index e388086..0000000 --- a/sepolicy/public/attributes +++ /dev/null @@ -1 +0,0 @@ -hal_attribute_lineage(cameradesktop) diff --git a/sepolicy/vendor/capsense_reset.te b/sepolicy/vendor/capsense_reset.te deleted file mode 100644 index 94f137b..0000000 --- a/sepolicy/vendor/capsense_reset.te +++ /dev/null @@ -1,14 +0,0 @@ -type capsense_reset, domain; -type capsense_reset_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(capsense_reset) - -# Write to /dev/kmsg -allow capsense_reset kmsg_device:chr_file rw_file_perms; - -allow capsense_reset input_device:dir r_dir_perms; -allow capsense_reset input_device:chr_file r_file_perms; - -allow capsense_reset self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; - -allow capsense_reset vendor_sysfs_sensors:dir r_dir_perms; -allow capsense_reset vendor_sysfs_sensors:file rw_file_perms; diff --git a/sepolicy/vendor/device.te b/sepolicy/vendor/device.te deleted file mode 100644 index fc470fd..0000000 --- a/sepolicy/vendor/device.te +++ /dev/null @@ -1,12 +0,0 @@ -# Fingerprint -type egis_device, dev_type; -type etsd_device, dev_type; -type goodix_device, dev_type; - -# Moto partitions -type vendor_hw_block_device, dev_type; -type vendor_prodpersist_block_device, dev_type; -type vendor_utags_block_device, dev_type; - -# Thermal -type vendor_thermal_device, dev_type; diff --git a/sepolicy/vendor/domain.te b/sepolicy/vendor/domain.te deleted file mode 100644 index 327521c..0000000 --- a/sepolicy/vendor/domain.te +++ /dev/null @@ -1 +0,0 @@ -get_prop({domain -coredomain -appdomain}, vendor_mot_hw_prop) diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te deleted file mode 100644 index 0ffb4c1..0000000 --- a/sepolicy/vendor/file.te +++ /dev/null @@ -1,35 +0,0 @@ -# Camera -type vendor_persist_camera_file, file_type, vendor_persist_type; -type vendor_imager_metadata_file, file_type, data_file_type; - -# Cutback -type cutback_data_file, file_type, data_file_type; -type cutback_socket, file_type; - -# Fingerprint -type vendor_persist_egis_file, file_type, vendor_persist_type; -type vendor_persist_fps_file, file_type, vendor_persist_type; - -# Input Devices -type vendor_sysfs_input, sysfs_type, fs_type; - -# Motorola -type proc_moto_boot, proc_type, fs_type; -type vendor_motobox_exec, exec_type, vendor_file_type, file_type; -type vendor_proc_hw, proc_type, fs_type; - -# Partitions -type fsg_file, file_type, contextmount_type, vendor_file_type; - -# Power -type proc_sched_lib_mask_cpuinfo, proc_type, fs_type; -type vendor_sysfs_dt2w, fs_type, sysfs_type; - -# SKU version -type vendor_sysfs_sku_version, fs_type, sysfs_type; - -# Touchscreen -type vendor_sysfs_touchpanel, fs_type, sysfs_type; - -# V4L2 Name -type vendor_sysfs_v4l2_name, fs_type, sysfs_type; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index 2c0626a..58f1ab1 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -1,93 +1,3 @@ -# A/B partitions -/dev/block/platform/soc/4804000\.ufshc/by-name/fsg_[ab] u:object_r:vendor_modem_efs_partition_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/logo_[ab] u:object_r:vendor_custom_ab_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/mdm1m9kefs3_[ab] u:object_r:vendor_efs_boot_dev:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/prov_[ab] u:object_r:vendor_custom_ab_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/spss_[ab] u:object_r:vendor_custom_ab_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/storsec_[ab] u:object_r:vendor_custom_ab_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/vendor_boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/sd[df] u:object_r:vendor_gpt_block_device:s0 - -# UFS Devices -/dev/block/platform/soc/4804000\.ufshc/by-name/hw u:object_r:vendor_hw_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/prodpersist u:object_r:vendor_prodpersist_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/utags u:object_r:vendor_utags_block_device:s0 -/dev/block/platform/soc/4804000\.ufshc/by-name/utagsBackup u:object_r:vendor_utags_block_device:s0 - -# Partition Mountpoints -/fsg u:object_r:fsg_file:s0 -/(vendor|system/vendor)/fsg u:object_r:fsg_file:s0 -/(vendor|system/vendor)/super_fsg u:object_r:fsg_file:s0 -/(vendor|system/vendor)/super_modem u:object_r:firmware_file:s0 - -# Awinic -/(mnt/vendor/persist|persist)/factory/audio/aw_cali.bin u:object_r:vendor_persist_audio_file:s0 - -# Camera -/data/vendor/misc/imager/metadata(/.*)? u:object_r:vendor_imager_metadata_file:s0 -/(mnt/vendor/persist|persist)/camera(/.*)? u:object_r:vendor_persist_camera_file:s0 -/(vendor|system/vendor)/bin/hw/motorola\.hardware\.camera\.desktop@2\.0-service u:object_r:hal_cameradesktop_default_exec:s0 -/(vendor|system/vendor)/lib64/libipebpsstriping\.so u:object_r:same_process_hal_file:s0 -/data/vendor/misc/imager u:object_r:vendor_camera_data_file:s0 -/sys/devices/platform/soc/soc:qcom,cam-req-mgr/video4linux/video[0-33]/name(/.*)? u:object_r:vendor_sysfs_jpeg:s0 -/sys/devices/virtual/input/input[0-9]+/calibration_data u:object_r:vendor_sysfs_laser:s0 -/sys/devices/virtual/input/input[0-9]+/do_flush u:object_r:vendor_sysfs_laser:s0 -/sys/devices/virtual/input/input[0-9]+/enable_ps_sensor u:object_r:vendor_sysfs_laser:s0 -/sys/devices/virtual/input/input[0-9]+/offset u:object_r:vendor_sysfs_laser:s0 -/sys/devices/virtual/input/input[0-9]+/xtalk u:object_r:vendor_sysfs_laser:s0 - -# Capsense -/(vendor|system/vendor)/bin/capsense_reset u:object_r:capsense_reset_exec:s0 - # Fingerprint -/(mnt/vendor/persist|persist)/egis(/.*)? u:object_r:vendor_persist_egis_file:s0 -/(mnt/vendor/persist|persist)/fps(/.*)? u:object_r:vendor_persist_fps_file:s0 -/(vendor|system/vendor)/bin/hw/egis_ident u:object_r:hal_fingerprint_default_exec:s0 -/(vendor|system/vendor)/bin/hw/fpc_ident u:object_r:hal_fingerprint_default_exec:s0 -/(vendor|system/vendor)/bin/hw/goodix_ident u:object_r:hal_fingerprint_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.bangkk u:object_r:hal_fingerprint_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.miami u:object_r:hal_fingerprint_default_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-goodixservice u:object_r:hal_fingerprint_default_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service-ets u:object_r:hal_fingerprint_default_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service-fpc u:object_r:hal_fingerprint_default_exec:s0 -/data/vendor/.fps(/.*)? u:object_r:fingerprint_vendor_data_file:s0 -/data/vendor/egis(/.*)? u:object_r:fingerprint_vendor_data_file:s0 -/data/vendor/fpc(/.*)? u:object_r:fingerprint_vendor_data_file:s0 -/data/vendor/gf_data(/.*)? u:object_r:fingerprint_vendor_data_file:s0 -/dev/esfp0 u:object_r:egis_device:s0 -/dev/goodix_fp u:object_r:goodix_device:s0 -/sys/devices/soc/0.et320(/.*)? u:object_r:vendor_sysfs_fingerprint:s0 - -# Motobox -/(vendor|system/vendor)/bin/motobox u:object_r:vendor_motobox_exec:s0 - -# NFC -/dev/sec-nfc u:object_r:nfc_device:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.samsung u:object_r:hal_nfc_default_exec:s0 - -# Radio -/data/vendor/misc/cutback(/.*)? u:object_r:cutback_data_file:s0 -/dev/socket/cutback u:object_r:cutback_socket:s0 - -# Touch -/sys/devices/platform/soc/4a80000\.spi/spi_master/spi0/spi0\.[01]/touchscreen/primary(/.*)? u:object_r:vendor_sysfs_touchpanel:s0 - -# Thermal -/dev/mmi_sys_temp u:object_r:vendor_thermal_device:s0 - -# Vendor init scripts -/(vendor|system/vendor)/bin/load_touch\.sh u:object_r:vendor_qti_init_shell_exec:s0 -/(vendor|system/vendor)/bin/init\.mmi\.boot\.sh u:object_r:vendor_mmi_boot_exec:s0 -/(vendor|system/vendor)/bin/init\.mmi\.laser\.sh u:object_r:vendor_mmi_laser_exec:s0 -/(vendor|system/vendor)/bin/init\.mmi\.touch\.sh u:object_r:vendor_init_touch_exec:s0 -/(vendor|system/vendor)/bin/init\.oem\.(fingerprint2|fingerprint\.overlay)\.sh u:object_r:vendor_init_fingerprint_exec:s0 -/(vendor|system/vendor)/bin/init\.oem\.hw\.sh u:object_r:vendor_init_hw_exec:s0 - -# V4L2 Name -/sys/devices/platform/soc/soc:qcom,cam-sync/video4linux/video([0-9])+/name u:object_r:vendor_sysfs_v4l2_name:s0 -/sys/devices/platform/soc/soc:qcom,cam-req-mgr/video4linux/video([0-9])+/name u:object_r:vendor_sysfs_v4l2_name:s0 - -# Wakeups -/sys/devices/virtual/input/input[0-9]+/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/platform/soc/[^*]+/wakeup/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 -/sys/devices/virtual/misc/[^*]+/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0 diff --git a/sepolicy/vendor/fsck.te b/sepolicy/vendor/fsck.te deleted file mode 100644 index 195b164..0000000 --- a/sepolicy/vendor/fsck.te +++ /dev/null @@ -1 +0,0 @@ -allow fsck self:capability kill; diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts deleted file mode 100644 index 6d0eb3c..0000000 --- a/sepolicy/vendor/genfs_contexts +++ /dev/null @@ -1,96 +0,0 @@ -# Capsense -genfscon sysfs /class/capsense u:object_r:vendor_sysfs_sensors:s0 - -# Extcon -genfscon sysfs /devices/platform/soc/soc:mmi,discrete-charging/extcon u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/soc/soc:rt-pd-manager/extcon u:object_r:sysfs_extcon:s0 - -# Fingerprint -genfscon sysfs /devices/platform/egis_input u:object_r:vendor_sysfs_fingerprint:s0 -genfscon sysfs /devices/platform/egis_input/navigation_enable u:object_r:vendor_sysfs_fingerprint:s0 -genfscon sysfs /devices/platform/egis_input/navigation_event u:object_r:vendor_sysfs_fingerprint:s0 -genfscon sysfs /devices/virtual/fingerprint/fpc1020 u:object_r:vendor_sysfs_fingerprint:s0 - -# Health -genfscon sysfs /devices/platform/soc/soc:mmi,charger/power_supply/mmi_battery u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/soc:mmi,discrete-charging/iio:device u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/soc:mmi,discrete-charging/power_supply/battery u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/soc:mmi,discrete-charging/power_supply/dc u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/soc:mmi,discrete-charging/power_supply/pc_port u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/soc:mmi,discrete-charging/power_supply/usb u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/soc:mmi_chrg_manager/iio:device u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/soc:mmi_chrg_manager/power_supply/mmi_chrg_manager u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5-mmi/iio:device u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5-mmi/power_supply/battery u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5-mmi/power_supply/mmi_battery u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/qcom_battery u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-04/1c40000.qcom,spmi:qcom,pmr735a@4:vadc@3600/iio:device u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/4a88000.i2c/i2c-0/0-0030/power_supply/wireless u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/4a88000.i2c/i2c-0/0-0066/iio:device u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/4a88000.i2c/i2c-0/0-0066/power_supply/bq25960-master u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/4c88000.i2c/i2c-2/2-003b/power_supply/charger u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/4c88000.i2c/i2c-2/2-0055/power_supply/bms u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/4c88000.i2c/i2c-2/2-0067/iio:device u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/4c88000.i2c/i2c-2/2-0067/power_supply/bq25960-slave u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/4c90000.i2c/i2c-2/2-006a/iio:device u:object_r:vendor_sysfs_battery_supply:s0 -genfscon sysfs /devices/platform/soc/4c90000.i2c/i2c-2/2-006a/power_supply/bq25960-standalone u:object_r:vendor_sysfs_battery_supply:s0 - -# Input Devices -genfscon sysfs /devices/virtual/input u:object_r:vendor_sysfs_input:s0 - -# Lights -genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,leds@ef00/leds/charging u:object_r:sysfs_leds:s0 -genfscon sysfs /devices/platform/soc/soc:indicator_led/leds/charging u:object_r:sysfs_leds:s0 - -# Motorola -genfscon proc /bootinfo u:object_r:proc_moto_boot:s0 -genfscon proc /config u:object_r:vendor_proc_hw:s0 -genfscon proc /hw u:object_r:vendor_proc_hw:s0 - -# PowerHal -genfscon proc /sys/kernel/sched_lib_name u:object_r:proc_sched_lib_mask_cpuinfo:s0 -genfscon proc /sys/kernel/sched_lib_mask_force u:object_r:proc_sched_lib_mask_cpuinfo:s0 -genfscon sysfs /devices/platform/soc/a94000.i2c/i2c-2/2-0049/double_click u:object_r:vendor_sysfs_dt2w:s0 - -# RTC -genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pmk8350@0:rtc/rtc/rtc0 u:object_r:sysfs_rtc:s0 - -# Sensors -genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/panelName u:object_r:vendor_sysfs_data:s0 -genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/panelRegDA u:object_r:vendor_sysfs_data:s0 - -# SKU version -genfscon sysfs /devices/platform/soc/aa00000.qcom,vidc/sku_version u:object_r:vendor_sysfs_sku_version:s0 - -# Touchscreen -genfscon sysfs /class/touchscreen u:object_r:vendor_sysfs_touchpanel:s0 -genfscon sysfs /devices/virtual/touchscreen u:object_r:vendor_sysfs_touchpanel:s0 -genfscon sysfs /devices/platform/soc/a94000.i2c/i2c-2/2-0049/touchscreen u:object_r:vendor_sysfs_touchpanel:s0 - -# Vibrator -genfscon sysfs /devices/platform/soc/4c90000.i2c/i2c-3/3-005a/leds/vibrator u:object_r:sysfs_leds:s0 - -# Wakeup -genfscon sysfs /devices/platform/soc/984000.i2c/i2c-0/0-005a/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink/soc:qcom,pmic_glink:qcom,battery_charger/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink/soc:qcom,pmic_glink:qcom,battery_charger/power_supply/battery/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink/soc:qcom,pmic_glink:qcom,battery_charger/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink/soc:qcom,pmic_glink:qcom,battery_charger/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:mmi,charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:mmi,charger/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:mmi,charger/power_supply/mmi_battery/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:mmi,charger/power_supply/mmi_battery/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:mmi_chrg_manager/power_supply/mmi_chrg_manager/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:mmi,discrete-charging/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:mmi,discrete-charging/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:mmi,discrete-charging/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/soc:mmi,discrete-charging/power_supply/pc_port/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5-mmi/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5-mmi/power_supply/mmi_battery/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/qcom_battery/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/4a88000.i2c/i2c-0/0-0030/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/4a88000.i2c/i2c-0/0-0066/power_supply/bq25960-master/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/4c88000.i2c/i2c-2/2-003b/power_supply/charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/4c88000.i2c/i2c-2/2-0055/power_supply/bms/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/4c88000.i2c/i2c-2/2-0067/power_supply/bq25960-slave/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/soc/4c90000.i2c/i2c-2/2-006a/power_supply/bq25960-standalone/wakeup u:object_r:sysfs_wakeup:s0 diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te deleted file mode 100644 index 1f3705d..0000000 --- a/sepolicy/vendor/hal_audio_default.te +++ /dev/null @@ -1,2 +0,0 @@ -hal_client_domain(hal_audio_default, hal_health); -allow hal_audio_default fwk_sensor_hwservice:hwservice_manager find; diff --git a/sepolicy/vendor/hal_bootctl_default.te b/sepolicy/vendor/hal_bootctl_default.te deleted file mode 100644 index 6333ffd..0000000 --- a/sepolicy/vendor/hal_bootctl_default.te +++ /dev/null @@ -1,8 +0,0 @@ -allow hal_bootctl_default vendor_uefi_block_device:blk_file getattr; -allow hal_bootctl_default { - vendor_efs_boot_dev - vendor_modem_efs_partition_device -}:blk_file rw_file_perms; - -# We never apply OTAs when GSI is running -dontaudit hal_bootctl_default gsi_metadata_file:dir search; diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te deleted file mode 100644 index 9de9621..0000000 --- a/sepolicy/vendor/hal_camera_default.te +++ /dev/null @@ -1,28 +0,0 @@ -# Allow hal_camera_default to read to mnt/vendor/persist -allow hal_camera_default mnt_vendor_file:dir search; - -# Allow hal_camera_default to call system_server -binder_call(hal_camera_default, system_server) - -# STM Prox Sensor -allow hal_camera_default vendor_sysfs_laser:file rw_file_perms; -allow hal_camera_default input_device:chr_file r_file_perms; -allow hal_camera_default input_device:dir r_dir_perms; - -r_dir_file(hal_camera_default, vendor_sysfs_input) -r_dir_file(hal_camera_default, vendor_persist_camera_file) -r_dir_file(hal_camera_default, vendor_sysfs_battery_supply) - -# (X)DSP -allow hal_camera_default vendor_xdsp_device:chr_file r_file_perms; - -# QSPM hal service for accessing camera info -hal_client_domain(hal_camera_default, vendor_hal_qspmhal) - -hal_client_domain(hal_camera_default, hal_cameradesktop) - -# Camera props -get_prop(hal_camera_default, moto_camera_config_prop) - -allow hal_camera_default vendor_imager_metadata_file:dir rw_dir_perms; -allow hal_camera_default vendor_imager_metadata_file:file create_file_perms; diff --git a/sepolicy/vendor/hal_cameradesktop.te b/sepolicy/vendor/hal_cameradesktop.te deleted file mode 100644 index c397158..0000000 --- a/sepolicy/vendor/hal_cameradesktop.te +++ /dev/null @@ -1,17 +0,0 @@ -type hal_cameradesktop_default, domain; -hal_server_domain(hal_cameradesktop_default, hal_cameradesktop) - -type hal_cameradesktop_default_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_cameradesktop_default) - -# Allow hwbinder call from hal client to server -binder_call(hal_cameradesktop_client, hal_cameradesktop_server) - -# Add hwservice related rules -add_hwservice(hal_cameradesktop_server, hal_cameradesktop_hwservice) -allow hal_cameradesktop_client hal_cameradesktop_hwservice:hwservice_manager find; - -allow hal_cameradesktop_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; -allow hal_cameradesktop_server vendor_sysfs_graphics:file r_file_perms; -allow hal_cameradesktop_server vendor_sysfs_jpeg:file r_file_perms; -allow hal_cameradesktop_server video_device:chr_file rw_file_perms; diff --git a/sepolicy/vendor/hal_cameradesktop_default.te b/sepolicy/vendor/hal_cameradesktop_default.te deleted file mode 100644 index 8f0a866..0000000 --- a/sepolicy/vendor/hal_cameradesktop_default.te +++ /dev/null @@ -1 +0,0 @@ -allow hal_cameradesktop_default vendor_sysfs_v4l2_name:file r_file_perms; diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te deleted file mode 100644 index 4eab2ab..0000000 --- a/sepolicy/vendor/hal_fingerprint_default.te +++ /dev/null @@ -1,35 +0,0 @@ -allow hal_fingerprint_default { - etsd_device - egis_device - goodix_device - graphics_device - tee_device -}: chr_file rw_file_perms; - -allow hal_fingerprint_default self:binder { call transfer }; -allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl; -r_dir_file(hal_fingerprint_default, firmware_file) -get_prop(hal_fingerprint_default, build_bootimage_prop) -set_prop(hal_fingerprint_default, vendor_mot_fingerprint_prop) -allow hal_fingerprint_default vendor_sysfs_battery_supply:dir r_dir_perms; -allow hal_fingerprint_default vendor_sysfs_battery_supply:file r_file_perms; -allow hal_fingerprint_default vendor_sysfs_fingerprint:dir r_dir_perms; -allow hal_fingerprint_default vendor_sysfs_fingerprint:file rw_file_perms; -allow hal_fingerprint_default uhid_device:chr_file rw_file_perms; -allow hal_fingerprint_default vendor_sysfs_fingerprint:{ file lnk_file } read; -allow hal_fingerprint_default vendor_data_tzstorage_file:dir rw_dir_perms; -allow hal_fingerprint_default vendor_data_tzstorage_file:file create_file_perms; - -binder_call(hal_fingerprint_default, hal_fingerprint_default) -binder_call(hal_fingerprint_default, hal_health_default) -binder_call(hal_fingerprint_default, vendor_hal_perf_default) - -allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find; - -# access to /data/system/users/[0-9]+/fpdata -typeattribute hal_fingerprint_default data_between_core_and_vendor_violators; -allow hal_fingerprint_default fingerprintd_data_file:dir { rw_dir_perms }; -allow hal_fingerprint_default fingerprintd_data_file:file { create_file_perms }; - -# Allow fingerprint HAL to get updates from health hal -hal_client_domain(hal_fingerprint_default, hal_health) diff --git a/sepolicy/vendor/hal_light_default.te b/sepolicy/vendor/hal_light_default.te deleted file mode 100644 index 50ede18..0000000 --- a/sepolicy/vendor/hal_light_default.te +++ /dev/null @@ -1,5 +0,0 @@ -allow hal_light_default { - sysfs_leds -}:file rw_file_perms; - -r_dir_file(hal_light_default, sysfs_leds) diff --git a/sepolicy/vendor/hal_lineage_touch_default.te b/sepolicy/vendor/hal_lineage_touch_default.te deleted file mode 100644 index 861500b..0000000 --- a/sepolicy/vendor/hal_lineage_touch_default.te +++ /dev/null @@ -1,2 +0,0 @@ -allow hal_lineage_touch_default vendor_sysfs_touchpanel:dir search; -allow hal_lineage_touch_default vendor_sysfs_touchpanel:file rw_file_perms; diff --git a/sepolicy/vendor/hal_nfc_default.te b/sepolicy/vendor/hal_nfc_default.te deleted file mode 100644 index 2b541b0..0000000 --- a/sepolicy/vendor/hal_nfc_default.te +++ /dev/null @@ -1,5 +0,0 @@ -add_hwservice(hal_nfc_default, nxpese_hwservice) -add_hwservice(hal_nfc_default, nxpnfc_hwservice) -allow hal_nfc_default vendor_nfc_vendor_data_file:dir create_dir_perms; -allow hal_nfc_default vendor_nfc_vendor_data_file:file create_file_perms; -get_prop(hal_nfc_default, vendor_mot_nfc_prop) diff --git a/sepolicy/vendor/hal_power_default.te b/sepolicy/vendor/hal_power_default.te deleted file mode 100644 index ccda30f..0000000 --- a/sepolicy/vendor/hal_power_default.te +++ /dev/null @@ -1,6 +0,0 @@ -allow hal_power_default vendor_sysfs_touchpanel:dir search; -allow hal_power_default vendor_sysfs_touchpanel:file rw_file_perms; -allow hal_power_default vendor_sysfs_input:dir search; -allow hal_power_default vendor_sysfs_sensors:dir search; -allow hal_power_default vendor_sysfs_dt2w:dir search; -allow hal_power_default vendor_sysfs_dt2w:{ file lnk_file } rw_file_perms; \ No newline at end of file diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te deleted file mode 100644 index f5fbe5a..0000000 --- a/sepolicy/vendor/hal_sensors_default.te +++ /dev/null @@ -1,11 +0,0 @@ -allow hal_sensors_default vendor_sysfs_laser:dir r_dir_perms; -allow hal_sensors_default vendor_sysfs_laser:file { setattr rw_file_perms }; - -allow hal_sensors_default vendor_sysfs_input:dir r_dir_perms; -allow hal_sensors_default vendor_sysfs_input:file rw_file_perms; - -allow hal_sensors_default vendor_sysfs_dt2w:dir r_dir_perms; -allow hal_sensors_default vendor_sysfs_dt2w:file rw_file_perms; - -allow hal_sensors_default vendor_sysfs_touchpanel:dir r_dir_perms; -allow hal_sensors_default vendor_sysfs_touchpanel:file rw_file_perms; diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te deleted file mode 100644 index 3ad1a2c..0000000 --- a/sepolicy/vendor/hwservice.te +++ /dev/null @@ -1,3 +0,0 @@ -type hal_cameradesktop_hwservice, hwservice_manager_type; -type nxpese_hwservice, hwservice_manager_type; -type nxpnfc_hwservice, hwservice_manager_type; diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts deleted file mode 100644 index 3081bbe..0000000 --- a/sepolicy/vendor/hwservice_contexts +++ /dev/null @@ -1,13 +0,0 @@ -# Camera -motorola.hardware.camera.desktop::ICameraDesktop u:object_r:hal_cameradesktop_hwservice:s0 - -# Fingerprint -com.motorola.hardware.biometric.fingerprint::IMotoFingerPrint u:object_r:hal_fingerprint_hwservice:s0 -com.motorola.hardware.biometric.fingerprint::IMotoFingerPrintSensorTest u:object_r:hal_fingerprint_hwservice:s0 -vendor.egistec.hardware.fingerprint::IBiometricsFingerprintEts u:object_r:hal_fingerprint_hwservice:s0 -vendor.egistec.hardware.fingerprint::IBiometricsFingerprintRbs u:object_r:hal_fingerprint_hwservice:s0 -vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonExt u:object_r:hal_fingerprint_hwservice:s0 - -# NFC -vendor.nxp.nxpese::INxpEse u:object_r:nxpese_hwservice:s0 -vendor.nxp.nxpnfc::INxpNfc u:object_r:nxpnfc_hwservice:s0 diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te deleted file mode 100644 index 22990f8..0000000 --- a/sepolicy/vendor/init.te +++ /dev/null @@ -1,26 +0,0 @@ -# Super modem mounting -allow fsg_file self:filesystem associate; -allow init fsg_file:dir mounton; -allow init fsg_file:filesystem { getattr mount relabelfrom unmount }; -allow init firmware_file:filesystem unmount; - -# debugfs -allow init debugfs_tracing_debug:dir mounton; - -# Allow init to access loop devices -allow init loop_device:blk_file { create setattr unlink }; -allowxperm init loop_device:blk_file ioctl { - LOOP_GET_STATUS64 - LOOP_GET_STATUS - LOOP_SET_STATUS64 - LOOP_SET_STATUS - BLKFLSBUF -}; - -# Product persist -allow init mnt_product_file:dir mounton; - -recovery_only(` - allow init self:capability sys_module; - allow init rootfs:system module_load; -') diff --git a/sepolicy/vendor/installd.te b/sepolicy/vendor/installd.te deleted file mode 100644 index 452a06b..0000000 --- a/sepolicy/vendor/installd.te +++ /dev/null @@ -1,3 +0,0 @@ -allow installd bt_firmware_file:filesystem quotaget; -allow installd firmware_file:filesystem quotaget; -allow installd fsg_file:filesystem quotaget; diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te deleted file mode 100644 index 139166a..0000000 --- a/sepolicy/vendor/kernel.te +++ /dev/null @@ -1,7 +0,0 @@ -allow kernel block_device:dir search; - -allow kernel kernel:capability kill; -allow kernel { - vendor_hw_block_device - vendor_utags_block_device -}:blk_file rw_file_perms; diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te deleted file mode 100644 index 167417c..0000000 --- a/sepolicy/vendor/property.te +++ /dev/null @@ -1,7 +0,0 @@ -# Motorola -vendor_public_prop(moto_camera_config_prop) - -vendor_internal_prop(vendor_mot_fingerprint_prop); -vendor_internal_prop(vendor_mot_hw_prop); -vendor_internal_prop(vendor_mot_touch_prop); -vendor_internal_prop(vendor_mot_nfc_prop); diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts deleted file mode 100644 index c049381..0000000 --- a/sepolicy/vendor/property_contexts +++ /dev/null @@ -1,27 +0,0 @@ -# Radio -vendor.ril. u:object_r:vendor_radio_prop:s0 -vendor.net.qmi.rev_ip_info u:object_r:vendor_radio_prop:s0 -ro.vendor.ril.svlte1x u:object_r:vendor_radio_prop:s0 -ro.vendor.ril.svdo u:object_r:vendor_radio_prop:s0 - -# Motorola -persist.vendor.nfc. u:object_r:vendor_mot_nfc_prop:s0 -ro.vendor.hw. u:object_r:vendor_mot_hw_prop:s0 -ro.vendor.mot.cust_md5 u:object_r:vendor_mot_hw_prop:s0 -ro.vendor.mot.gki. u:object_r:vendor_mot_hw_prop:s0 -ro.vendor.mot.iccid u:object_r:vendor_mot_hw_prop:s0 -ro.vendor.bootreason u:object_r:vendor_mot_hw_prop:s0 -ro.vendor.manufacturedate u:object_r:vendor_mot_hw_prop:s0 -ro.vendor.product.device u:object_r:vendor_mot_hw_prop:s0 -ro.vendor.product.display u:object_r:vendor_mot_hw_prop:s0 -ro.vendor.product.hardware.sku.variant u:object_r:vendor_mot_hw_prop:s0 -ro.vendor.product.model u:object_r:vendor_mot_hw_prop:s0 -ro.vendor.product.name u:object_r:vendor_mot_hw_prop:s0 -ro.vendor.touch. u:object_r:vendor_mot_touch_prop:s0 -vendor.hw.touch. u:object_r:vendor_mot_touch_prop:s0 -vendor.nfc.fw_status u:object_r:vendor_mot_nfc_prop:s0 - -# Motorola fingerprint -persist.vendor.hardware.fingerprint u:object_r:vendor_mot_fingerprint_prop:s0 -vendor.hw.fps.ident u:object_r:vendor_mot_fingerprint_prop:s0 -vendor.hw.fingerprint.status u:object_r:vendor_mot_fingerprint_prop:s0 diff --git a/sepolicy/vendor/rild.te b/sepolicy/vendor/rild.te deleted file mode 100644 index 4736463..0000000 --- a/sepolicy/vendor/rild.te +++ /dev/null @@ -1,11 +0,0 @@ -get_prop(rild, vendor_radio_prop) -get_prop(rild, wifi_hal_prop) -allow rild fwk_sensor_hwservice:hwservice_manager find; -allow rild input_device:chr_file r_file_perms; -allow rild input_device:dir rw_dir_perms; -allow rild mnt_vendor_file:dir r_dir_perms; -allow rild proc_moto_boot:file r_file_perms; -allow rild cutback_data_file:dir rw_dir_perms; -allow rild cutback_data_file:sock_file create_file_perms; - -allow rild fwk_sensor_service:service_manager find; diff --git a/sepolicy/vendor/tee.te b/sepolicy/vendor/tee.te deleted file mode 100644 index 82b18f8..0000000 --- a/sepolicy/vendor/tee.te +++ /dev/null @@ -1,2 +0,0 @@ -allow tee vendor_persist_egis_file:dir rw_dir_perms; -allow tee vendor_persist_egis_file:file create_file_perms; diff --git a/sepolicy/vendor/ueventd.te b/sepolicy/vendor/ueventd.te deleted file mode 100644 index f0c4e75..0000000 --- a/sepolicy/vendor/ueventd.te +++ /dev/null @@ -1 +0,0 @@ -allow ueventd vendor_persist_audio_file:file r_file_perms; diff --git a/sepolicy/vendor/update_engine_common.te b/sepolicy/vendor/update_engine_common.te deleted file mode 100644 index a05ccaa..0000000 --- a/sepolicy/vendor/update_engine_common.te +++ /dev/null @@ -1,5 +0,0 @@ -allow update_engine_common fsg_file:filesystem getattr; -allow update_engine_common { - vendor_efs_boot_dev - vendor_modem_efs_partition_device -}:blk_file rw_file_perms; diff --git a/sepolicy/vendor/vdc.te b/sepolicy/vendor/vdc.te deleted file mode 100644 index ec5fb3d..0000000 --- a/sepolicy/vendor/vdc.te +++ /dev/null @@ -1 +0,0 @@ -allow vdc self:capability kill; diff --git a/sepolicy/vendor/vendor_hal_gnss_qti.te b/sepolicy/vendor/vendor_hal_gnss_qti.te deleted file mode 100644 index 7adc4b1..0000000 --- a/sepolicy/vendor/vendor_hal_gnss_qti.te +++ /dev/null @@ -1 +0,0 @@ -allow vendor_hal_gnss_qti fwk_sensor_hwservice:hwservice_manager find; diff --git a/sepolicy/vendor/vendor_hal_perf_default.te b/sepolicy/vendor/vendor_hal_perf_default.te deleted file mode 100644 index 6f9a8fb..0000000 --- a/sepolicy/vendor/vendor_hal_perf_default.te +++ /dev/null @@ -1,2 +0,0 @@ -allow vendor_hal_perf_default proc_sched_lib_mask_cpuinfo:file rw_file_perms; -binder_call(vendor_hal_perf_default, vendor_poweroptservice) diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te deleted file mode 100644 index 3b39de3..0000000 --- a/sepolicy/vendor/vendor_init.te +++ /dev/null @@ -1,6 +0,0 @@ -set_prop(vendor_init, vendor_camera_prop) -set_prop(vendor_init, vendor_ims_prop) -set_prop(vendor_init, vendor_mot_hw_prop) -set_prop(vendor_init, vendor_mot_nfc_prop) - -allow vendor_init proc_sched_lib_mask_cpuinfo:file w_file_perms; diff --git a/sepolicy/vendor/vendor_init_fingerprint.te b/sepolicy/vendor/vendor_init_fingerprint.te deleted file mode 100644 index 5c99dcb..0000000 --- a/sepolicy/vendor/vendor_init_fingerprint.te +++ /dev/null @@ -1,28 +0,0 @@ -type vendor_init_fingerprint, domain; -type vendor_init_fingerprint_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(vendor_init_fingerprint) - -allow vendor_init_fingerprint kernel:key search; -allow vendor_init_fingerprint self:capability { kill sys_module }; -allow vendor_init_fingerprint vendor_file:system module_load; -allow vendor_init_fingerprint vendor_toolbox_exec:file rx_file_perms; -allow vendor_init_fingerprint vendor_persist_egis_file:file create_file_perms; -allow vendor_init_fingerprint vendor_persist_egis_file:dir rw_dir_perms; -allow vendor_init_fingerprint vendor_persist_fps_file:file create_file_perms; -allow vendor_init_fingerprint vendor_persist_fps_file:dir rw_dir_perms; -allow vendor_init_fingerprint mnt_vendor_file:dir r_dir_perms; -allow vendor_init_fingerprint mnt_vendor_file:file r_file_perms; -allow vendor_init_fingerprint vendor_sysfs_fingerprint:dir search; -allow vendor_init_fingerprint vendor_sysfs_fingerprint:file getattr; - -# Write to /dev/kmsg -allow vendor_init_fingerprint kmsg_device:chr_file rw_file_perms; - -set_prop(vendor_init_fingerprint, ctl_start_prop) -set_prop(vendor_init_fingerprint, vendor_mot_fingerprint_prop) - -allow vendor_init_fingerprint vendor_file:file execute_no_trans; -allow vendor_init_fingerprint goodix_device:chr_file { getattr ioctl open read write }; -allow vendor_init_fingerprint hal_fingerprint_default_exec:file execute_no_trans; -allow vendor_init_fingerprint ctl_stop_prop:property_service set; -allow vendor_init_fingerprint ctl_start_prop:property_service set; diff --git a/sepolicy/vendor/vendor_init_hw.te b/sepolicy/vendor/vendor_init_hw.te deleted file mode 100644 index 4c9fafd..0000000 --- a/sepolicy/vendor/vendor_init_hw.te +++ /dev/null @@ -1,20 +0,0 @@ -type vendor_init_hw, domain; -type vendor_init_hw_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(vendor_init_hw) - -allow vendor_init_hw self:capability sys_module; -allow vendor_init_hw vendor_file:system module_load; - -allow vendor_init_hw vendor_proc_hw:dir r_dir_perms; -allow vendor_init_hw vendor_proc_hw:file rw_file_perms; - -allow vendor_init_hw vendor_motobox_exec:file rx_file_perms; -allow vendor_init_hw vendor_toolbox_exec:file rx_file_perms; - -set_prop(vendor_init_hw, vendor_mot_hw_prop) -set_prop(vendor_init_hw, vendor_mot_touch_prop) -set_prop(vendor_init_hw, vendor_radio_prop) - -allow vendor_init_hw vendor_file:file execute_no_trans; - -allow vendor_init_hw kmsg_device:chr_file rw_file_perms; diff --git a/sepolicy/vendor/vendor_init_touch.te b/sepolicy/vendor/vendor_init_touch.te deleted file mode 100644 index 7dfd4ce..0000000 --- a/sepolicy/vendor/vendor_init_touch.te +++ /dev/null @@ -1,16 +0,0 @@ -type vendor_init_touch, domain; -type vendor_init_touch_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(vendor_init_touch) - -allow vendor_init_touch self:capability chown; -allow vendor_init_touch kmsg_device:chr_file rw_file_perms; -allow vendor_init_touch vendor_sysfs_touchpanel:file { setattr write }; - -allow vendor_init_touch vendor_toolbox_exec:file rx_file_perms; - -allow vendor_init_touch self:capability chown; - -r_dir_file(vendor_init_touch , vendor_sysfs_touchpanel) -allow vendor_init_touch vendor_sysfs_touchpanel:file { setattr rw_file_perms }; - -set_prop(vendor_init_touch, vendor_mot_touch_prop) diff --git a/sepolicy/vendor/vendor_mdm_helper.te b/sepolicy/vendor/vendor_mdm_helper.te deleted file mode 100644 index 81d74f1..0000000 --- a/sepolicy/vendor/vendor_mdm_helper.te +++ /dev/null @@ -1,4 +0,0 @@ -get_prop(vendor_mdm_helper, vendor_radio_prop) - -allow vendor_mdm_helper { mnt_vendor_file vendor_persist_rfs_file }:dir search; -allow vendor_mdm_helper vendor_persist_rfs_file:file rw_file_perms; diff --git a/sepolicy/vendor/vendor_mmi_boot.te b/sepolicy/vendor/vendor_mmi_boot.te deleted file mode 100644 index 56d922b..0000000 --- a/sepolicy/vendor/vendor_mmi_boot.te +++ /dev/null @@ -1,15 +0,0 @@ -type vendor_mmi_boot, domain; -type vendor_mmi_boot_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(vendor_mmi_boot) - -allow vendor_mmi_boot mnt_vendor_file:dir search; -allow vendor_mmi_boot mnt_vendor_file:file r_file_perms; - -allow vendor_mmi_boot proc_moto_boot:file r_file_perms; - -allow vendor_mmi_boot vendor_proc_hw:dir r_dir_perms; -allow vendor_mmi_boot vendor_proc_hw:file r_file_perms; - -allow vendor_mmi_boot vendor_toolbox_exec:file rx_file_perms; - -set_prop(vendor_mmi_boot, vendor_mot_hw_prop) diff --git a/sepolicy/vendor/vendor_mmi_laser.te b/sepolicy/vendor/vendor_mmi_laser.te deleted file mode 100644 index 5263baf..0000000 --- a/sepolicy/vendor/vendor_mmi_laser.te +++ /dev/null @@ -1,16 +0,0 @@ -type vendor_mmi_laser, domain; -type vendor_mmi_laser_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(vendor_mmi_laser) - -allow vendor_mmi_laser vendor_sysfs_laser:dir r_dir_perms; -allow vendor_mmi_laser vendor_sysfs_laser:file { setattr rw_file_perms }; - -allow vendor_mmi_laser self:capability { chown fsetid }; - -allow vendor_mmi_laser vendor_sysfs_input:dir r_dir_perms; - -allow vendor_mmi_laser mnt_vendor_file:dir search; -allow vendor_mmi_laser vendor_persist_camera_file:dir search; -allow vendor_mmi_laser vendor_persist_camera_file:file { setattr r_file_perms }; - -allow vendor_mmi_laser vendor_toolbox_exec:file rx_file_perms; diff --git a/sepolicy/vendor/vendor_netmgrd.te b/sepolicy/vendor/vendor_netmgrd.te deleted file mode 100644 index fd6c684..0000000 --- a/sepolicy/vendor/vendor_netmgrd.te +++ /dev/null @@ -1 +0,0 @@ -set_prop(vendor_netmgrd, vendor_radio_prop) diff --git a/sepolicy/vendor/vendor_qti_init_shell.te b/sepolicy/vendor/vendor_qti_init_shell.te deleted file mode 100644 index 75e8cea..0000000 --- a/sepolicy/vendor/vendor_qti_init_shell.te +++ /dev/null @@ -1,7 +0,0 @@ -allow vendor_qti_init_shell configfs:dir create_dir_perms; -allow vendor_qti_init_shell configfs:file create_file_perms; -allow vendor_qti_init_shell configfs:lnk_file create_file_perms; -allow vendor_qti_init_shell kmsg_device:chr_file w_file_perms; -allow vendor_qti_init_shell proc_page_cluster:file w_file_perms; - -allow vendor_qti_init_shell vendor_file:file execute_no_trans; \ No newline at end of file diff --git a/sepolicy/vendor/vendor_qti_media.te b/sepolicy/vendor/vendor_qti_media.te deleted file mode 100644 index e49d540..0000000 --- a/sepolicy/vendor/vendor_qti_media.te +++ /dev/null @@ -1 +0,0 @@ -allow vendor_qti_media vendor_sysfs_sku_version:file r_file_perms; diff --git a/sepolicy/vendor/vendor_rmt_storage.te b/sepolicy/vendor/vendor_rmt_storage.te deleted file mode 100644 index 5d70a65..0000000 --- a/sepolicy/vendor/vendor_rmt_storage.te +++ /dev/null @@ -1 +0,0 @@ -get_prop(vendor_rmt_storage, vendor_radio_prop) diff --git a/sepolicy/vendor/vendor_thermal-engine.te b/sepolicy/vendor/vendor_thermal-engine.te deleted file mode 100644 index b76e121..0000000 --- a/sepolicy/vendor/vendor_thermal-engine.te +++ /dev/null @@ -1,4 +0,0 @@ -allow vendor_thermal-engine { proc_stat proc_loadavg }:file r_file_perms; -allow vendor_thermal-engine vendor_thermal_device:chr_file rw_file_perms; -r_dir_file(vendor_thermal-engine, vendor_sysfs_battery_supply) -r_dir_file(vendor_thermal-engine, vendor_sysfs_usb_supply) diff --git a/sepolicy/vendor/vendor_wcnss_service.te b/sepolicy/vendor/vendor_wcnss_service.te deleted file mode 100644 index 6540511..0000000 --- a/sepolicy/vendor/vendor_wcnss_service.te +++ /dev/null @@ -1 +0,0 @@ -allow vendor_wcnss_service rootfs:dir r_dir_perms;