bluejay: Rework sepolicy
Change-Id: Idb0636bce2392beb720e420055a7bcb838725a18
This commit is contained in:
Michael Bestas
@@ -30,7 +30,10 @@ BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES_LOAD += $(BOARD_VENDOR_KERNEL_RAMDISK
|
||||
BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES += $(addprefix $(KERNEL_MODULE_DIR)/, $(notdir $(BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES_LOAD_RAW)))
|
||||
|
||||
# SEPolicy
|
||||
include device/google/bluejay/sepolicy/bluejay-sepolicy.mk
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += \
|
||||
$(DEVICE_PATH)/sepolicy/vendor \
|
||||
hardware/google/pixel-sepolicy/vibrator/common \
|
||||
hardware/google/pixel-sepolicy/vibrator/cs40l26
|
||||
|
||||
# WiFi
|
||||
include device/google/gs101/wifi/BoardConfig-wifi.mk
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
include device/google/gs-common:/sepolicy/OWNERS
|
||||
|
||||
adamshih@google.com
|
||||
|
||||
@@ -1,10 +0,0 @@
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay/sepolicy/bluejay
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay/sepolicy/tracking_denials
|
||||
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/bcmbt/sepolicy
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/modem_svc_sit/sepolicy
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/stm/sepolicy
|
||||
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/vibrator/common
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/vibrator/cs40l26
|
||||
@@ -1,3 +0,0 @@
|
||||
# Devices
|
||||
/dev/block/platform/14700000\.ufs/by-name/fips u:object_r:fips_block_device:s0
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
# Storage
|
||||
genfscon sysfs /devices/platform/14700000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0
|
||||
genfscon sysfs /devices/platform/14700000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0
|
||||
genfscon sysfs /devices/platform/14700000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0
|
||||
@@ -1 +0,0 @@
|
||||
allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;
|
||||
@@ -1,10 +0,0 @@
|
||||
# Storage firmware upgrade
|
||||
init_daemon_domain(ufs_firmware_update)
|
||||
|
||||
# ufs FFU
|
||||
allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans;
|
||||
allow ufs_firmware_update block_device:dir r_dir_perms;
|
||||
allow ufs_firmware_update fips_block_device:blk_file rw_file_perms;
|
||||
allow ufs_firmware_update sysfs:dir r_dir_perms;
|
||||
allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms;
|
||||
|
||||
@@ -1,2 +1 @@
|
||||
# Block Devices
|
||||
type fips_block_device, dev_type;
|
||||
8
sepolicy/vendor/dump_stm.te
vendored
Normal file
8
sepolicy/vendor/dump_stm.te
vendored
Normal file
@@ -0,0 +1,8 @@
|
||||
get_prop(dump_stm, vendor_touch_dump_path_prop)
|
||||
|
||||
pixel_bugreport(dump_stm)
|
||||
|
||||
allow dump_stm proc_touch:file rw_file_perms;
|
||||
allow dump_stm sysfs_touch:dir search;
|
||||
allow dump_stm sysfs_touch:file rw_file_perms;
|
||||
allow dump_stm vendor_toolbox_exec:file execute_no_trans;
|
||||
1
sepolicy/vendor/file.te
vendored
Normal file
1
sepolicy/vendor/file.te
vendored
Normal file
@@ -0,0 +1 @@
|
||||
type proc_touch, fs_type, proc_type;
|
||||
3
sepolicy/vendor/file_contexts
vendored
Normal file
3
sepolicy/vendor/file_contexts
vendored
Normal file
@@ -0,0 +1,3 @@
|
||||
/dev/block/platform/14700000\.ufs/by-name/fips u:object_r:fips_block_device:s0
|
||||
/vendor/bin/dump/dump_stm\.sh u:object_r:dump_stm_exec:s0
|
||||
/vendor/bin/resku_rescue_kicker u:object_r:tee_exec:s0
|
||||
8
sepolicy/vendor/genfs_contexts
vendored
Normal file
8
sepolicy/vendor/genfs_contexts
vendored
Normal file
@@ -0,0 +1,8 @@
|
||||
genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0
|
||||
genfscon proc /fts/driver_test u:object_r:proc_touch:s0
|
||||
genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0 u:object_r:sysfs_touch:s0
|
||||
genfscon sysfs /devices/platform/10d40000.spi/spi_master/spi11/spi11.0 u:object_r:sysfs_touch:s0
|
||||
genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0 u:object_r:sysfs_touch:s0
|
||||
genfscon sysfs /devices/platform/14700000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0
|
||||
genfscon sysfs /devices/platform/14700000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0
|
||||
genfscon sysfs /devices/platform/14700000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0
|
||||
1
sepolicy/vendor/init.te
vendored
Normal file
1
sepolicy/vendor/init.te
vendored
Normal file
@@ -0,0 +1 @@
|
||||
set_prop(vendor_init, vendor_touch_dump_path_prop)
|
||||
1
sepolicy/vendor/property.te
vendored
Normal file
1
sepolicy/vendor/property.te
vendored
Normal file
@@ -0,0 +1 @@
|
||||
vendor_internal_prop(vendor_touch_dump_path_prop)
|
||||
1
sepolicy/vendor/property_contexts
vendored
Normal file
1
sepolicy/vendor/property_contexts
vendored
Normal file
@@ -0,0 +1 @@
|
||||
ro.vendor.touch.dump. u:object_r:vendor_touch_dump_path_prop:s0
|
||||
3
sepolicy/vendor/ufs_firmware_update.te
vendored
Normal file
3
sepolicy/vendor/ufs_firmware_update.te
vendored
Normal file
@@ -0,0 +1,3 @@
|
||||
allow ufs_firmware_update block_device:dir r_dir_perms;
|
||||
allow ufs_firmware_update fips_block_device:blk_file rw_file_perms;
|
||||
allow ufs_firmware_update sysfs:dir r_dir_perms;
|
||||
Reference in New Issue
Block a user