Add 'sepolicy/' from tag 'android-15.0.0_r1'
git-subtree-dir: sepolicy git-subtree-mainline:b3dccf3ec2git-subtree-split:7676b88662Change-Id: I99f0011125540835b36fc3bf83ccd80f0284658b
This commit is contained in:
Michael Bestas
commit
aa13f499c7
22 changed files with 137 additions and 0 deletions
4
sepolicy/OWNERS
Normal file
4
sepolicy/OWNERS
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
include device/google/gs-common:/sepolicy/OWNERS
|
||||
|
||||
adamshih@google.com
|
||||
|
||||
6
sepolicy/felix-sepolicy.mk
Normal file
6
sepolicy/felix-sepolicy.mk
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
# sepolicy that are shared among devices using whitechapel
|
||||
BOARD_SEPOLICY_DIRS += device/google/felix-sepolicy/vendor
|
||||
BOARD_SEPOLICY_DIRS += device/google/felix-sepolicy/tracking_denials
|
||||
|
||||
# Fingerprint
|
||||
BOARD_SEPOLICY_DIRS += device/google/felix-sepolicy/fingerprint_capacitance
|
||||
1
sepolicy/fingerprint_capacitance/file.te
Normal file
1
sepolicy/fingerprint_capacitance/file.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
type sysfs_fingerprint, sysfs_type, fs_type;
|
||||
1
sepolicy/fingerprint_capacitance/file_contexts
Normal file
1
sepolicy/fingerprint_capacitance/file_contexts
Normal file
|
|
@ -0,0 +1 @@
|
|||
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.fpc42 u:object_r:hal_fingerprint_capacitance_exec:s0
|
||||
1
sepolicy/fingerprint_capacitance/genfs_contexts
Normal file
1
sepolicy/fingerprint_capacitance/genfs_contexts
Normal file
|
|
@ -0,0 +1 @@
|
|||
genfscon sysfs /devices/platform/odm/odm:fp_fpc1020 u:object_r:sysfs_fingerprint:s0
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
# hal_fingerprint_capacitance definition
|
||||
type hal_fingerprint_capacitance, domain;
|
||||
hal_server_domain(hal_fingerprint_capacitance, hal_fingerprint)
|
||||
|
||||
type hal_fingerprint_capacitance_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_fingerprint_capacitance)
|
||||
|
||||
set_prop(hal_fingerprint_capacitance, vendor_fingerprint_prop)
|
||||
|
||||
# allow fingerprint to access file
|
||||
allow hal_fingerprint_capacitance fingerprint_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_capacitance tee_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_capacitance sysfs_fingerprint:dir r_dir_perms;
|
||||
allow hal_fingerprint_capacitance sysfs_fingerprint:file rw_file_perms;
|
||||
|
||||
# allow fingerprint to access power hal
|
||||
hal_client_domain(hal_fingerprint_capacitance, hal_power);
|
||||
|
||||
# allow fingerprint to find fwk service
|
||||
allow hal_fingerprint_capacitance fwk_stats_service:service_manager find;
|
||||
|
||||
# allow fingerprint to access sysfs_leds
|
||||
allow hal_fingerprint_capacitance sysfs_leds:dir search;
|
||||
allow hal_fingerprint_capacitance sysfs_leds:file rw_file_perms;
|
||||
|
||||
# allow fingerprint to access input_device
|
||||
allow hal_fingerprint_capacitance input_device:dir r_dir_perms;
|
||||
allow hal_fingerprint_capacitance input_device:chr_file rw_file_perms;
|
||||
|
||||
# allow fingerprint to access hwservice
|
||||
hwbinder_use(hal_fingerprint_capacitance)
|
||||
add_hwservice(hal_fingerprint_capacitance, hal_fingerprint_capacitance_ext_hwservice)
|
||||
|
||||
# allow fingerprint to access fwk sensor hwservice
|
||||
allow hal_fingerprint_capacitance fwk_sensor_service:service_manager find;
|
||||
1
sepolicy/fingerprint_capacitance/hwservice.te
Normal file
1
sepolicy/fingerprint_capacitance/hwservice.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
type hal_fingerprint_capacitance_ext_hwservice, hwservice_manager_type;
|
||||
2
sepolicy/fingerprint_capacitance/hwservice_contexts
Normal file
2
sepolicy/fingerprint_capacitance/hwservice_contexts
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
com.fingerprints42.extension::IFingerprintEngineering u:object_r:hal_fingerprint_capacitance_ext_hwservice:s0
|
||||
com.fingerprints42.extension::IFingerprintSensorTest u:object_r:hal_fingerprint_capacitance_ext_hwservice:s0
|
||||
1
sepolicy/fingerprint_capacitance/servicemanager.te
Normal file
1
sepolicy/fingerprint_capacitance/servicemanager.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
binder_call(servicemanager, hal_fingerprint_capacitance)
|
||||
3
sepolicy/fingerprint_capacitance/system_app.te
Normal file
3
sepolicy/fingerprint_capacitance/system_app.te
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
# TODO (b/264266705) Remove this and make it specific to the app
|
||||
# allow SystemUIGoogle to access fingerprint hal
|
||||
hal_client_domain(system_app, hal_fingerprint)
|
||||
2
sepolicy/tracking_denials/README.txt
Normal file
2
sepolicy/tracking_denials/README.txt
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
This folder stores known errors detected by PTS. Be sure to remove relevant
|
||||
files to reproduce error log on latest ROMs.
|
||||
2
sepolicy/tracking_denials/bug_map
Normal file
2
sepolicy/tracking_denials/bug_map
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
kernel vendor_votable_debugfs dir b/305600372
|
||||
system_server sysfs_batteryinfo file b/306344097
|
||||
2
sepolicy/vendor/README.txt
vendored
Normal file
2
sepolicy/vendor/README.txt
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
This folder holds sepolicy exclusively for one device. For example, genfs_contexts
|
||||
paths that are affected by device tree.
|
||||
1
sepolicy/vendor/cccdk_timesync_app.te
vendored
Normal file
1
sepolicy/vendor/cccdk_timesync_app.te
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find;
|
||||
1
sepolicy/vendor/device.te
vendored
Normal file
1
sepolicy/vendor/device.te
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
type vibrator_device, dev_type;
|
||||
3
sepolicy/vendor/file.te
vendored
Normal file
3
sepolicy/vendor/file.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
# BT
|
||||
type vendor_bt_data_file, file_type, data_file_type;
|
||||
|
||||
26
sepolicy/vendor/file_contexts
vendored
Normal file
26
sepolicy/vendor/file_contexts
vendored
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
# Devices
|
||||
/dev/lwis-act-nessie u:object_r:lwis_device:s0
|
||||
/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0
|
||||
/dev/lwis-eeprom-smaug-medusa u:object_r:lwis_device:s0
|
||||
/dev/lwis-ois-nessie u:object_r:lwis_device:s0
|
||||
/dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0
|
||||
/dev/lwis-sensor-medusa u:object_r:lwis_device:s0
|
||||
/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0
|
||||
|
||||
# Bluetooth
|
||||
/dev/ttySAC18 u:object_r:hci_attach_dev:s0
|
||||
/dev/logbuffer_btlpm u:object_r:logbuffer_device:s0
|
||||
/dev/logbuffer_tty18 u:object_r:logbuffer_device:s0
|
||||
/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0
|
||||
|
||||
# Haptics
|
||||
/vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-private u:object_r:hal_vibrator_default_exec:s0
|
||||
/dev/gpiochip44 u:object_r:vibrator_device:s0
|
||||
|
||||
# Logbuffer
|
||||
/dev/logbuffer_dual_batt u:object_r:logbuffer_device:s0
|
||||
/dev/logbuffer_maxfg_secondary u:object_r:logbuffer_device:s0
|
||||
/dev/logbuffer_maxfg_secondary_monitor u:object_r:logbuffer_device:s0
|
||||
|
||||
# Touch
|
||||
/dev/touch_offload_fts_ext u:object_r:touch_offload_device:s0
|
||||
37
sepolicy/vendor/genfs_contexts
vendored
Normal file
37
sepolicy/vendor/genfs_contexts
vendored
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
|
||||
# BMS
|
||||
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-0061 u:object_r:sysfs_wlc:s0
|
||||
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-0061/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
|
||||
genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
# maxfg_base
|
||||
genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0036/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
# maxfg_secondary
|
||||
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-0036/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
|
||||
# Display
|
||||
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/available_disp_stats u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/gamma u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/osc2_clk_khz u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/time_in_state u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/1c2d0000.drmdsim/hs_clock u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/1c241000.drmdecon/early_wakeup u:object_r:sysfs_display:s0
|
||||
|
||||
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight/panel1-backlight/als_table u:object_r:sysfs_write_leds:s0
|
||||
|
||||
# Haptics
|
||||
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-0043 u:object_r:sysfs_vibrator:s0
|
||||
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-0042 u:object_r:sysfs_vibrator:s0
|
||||
|
||||
# Power System Suspend
|
||||
genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-13/13-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
||||
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-0036/power_supply/maxfg_flip/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-0036/power_supply/maxfg_secondary/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-0061/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-0061/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply/dualbatt/wakeup u:object_r:sysfs_wakeup:s0
|
||||
1
sepolicy/vendor/grilservice_app.te
vendored
Normal file
1
sepolicy/vendor/grilservice_app.te
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;
|
||||
3
sepolicy/vendor/hal_bluetooth_btlinux.te
vendored
Normal file
3
sepolicy/vendor/hal_bluetooth_btlinux.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
allow hal_bluetooth_btlinux vendor_bt_data_file:dir rw_dir_perms;
|
||||
allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms;
|
||||
|
||||
3
sepolicy/vendor/hal_vibrator_default.te
vendored
Normal file
3
sepolicy/vendor/hal_vibrator_default.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
# For gpio dev node
|
||||
vndbinder_use(hal_vibrator_default);
|
||||
allow hal_vibrator_default vibrator_device:chr_file rw_file_perms;
|
||||
1
sepolicy/vendor/service_contexts
vendored
Normal file
1
sepolicy/vendor/service_contexts
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
com.google.hardware.pixel.display.IDisplay/secondary u:object_r:hal_pixel_display_service:s0
|
||||
Loading…
Add table
Add a link
Reference in a new issue