gs-common: sepolicy: Add some rules to be ignored
This will be used by the sepolicy dump scripts to exclude them from the final output. Change-Id: Ia6628a7a0fede6205586eaacf4b980a9f78ff27b
This commit is contained in:
Michael Bestas
25
sepolicy/ignored/product/better_bug_app.te
Normal file
25
sepolicy/ignored/product/better_bug_app.te
Normal file
@@ -0,0 +1,25 @@
|
||||
type better_bug_app, coredomain, domain;
|
||||
|
||||
app_domain(better_bug_app)
|
||||
|
||||
get_prop(better_bug_app, system_boot_reason_prop)
|
||||
|
||||
net_domain(better_bug_app)
|
||||
|
||||
set_prop(better_bug_app, ctl_start_prop)
|
||||
|
||||
allow better_bug_app app_api_service:service_manager find;
|
||||
allow better_bug_app mediaserver_service:service_manager find;
|
||||
allow better_bug_app perfetto:fd use;
|
||||
allow better_bug_app perfetto_traces_bugreport_data_file:dir r_dir_perms;
|
||||
allow better_bug_app perfetto_traces_bugreport_data_file:file getattr;
|
||||
allow better_bug_app perfetto_traces_data_file:file { getattr read };
|
||||
allow better_bug_app privapp_data_file:file execute;
|
||||
allow better_bug_app privapp_data_file:lnk_file r_file_perms;
|
||||
allow better_bug_app radio_service:service_manager find;
|
||||
allow better_bug_app shell_data_file:dir r_dir_perms;
|
||||
allow better_bug_app shell_data_file:file r_file_perms;
|
||||
allow better_bug_app system_api_service:service_manager find;
|
||||
allow better_bug_app trace_data_file:file { getattr read };
|
||||
allow better_bug_app wm_trace_data_file:dir r_dir_perms;
|
||||
allow better_bug_app wm_trace_data_file:file getattr;
|
||||
1
sepolicy/ignored/product/debug_camera_app.te
Normal file
1
sepolicy/ignored/product/debug_camera_app.te
Normal file
@@ -0,0 +1 @@
|
||||
type debug_camera_app, coredomain, domain;
|
||||
2
sepolicy/ignored/product/gmscore_app.te
Normal file
2
sepolicy/ignored/product/gmscore_app.te
Normal file
@@ -0,0 +1,2 @@
|
||||
dontaudit gmscore_app adbd_prop:file *;
|
||||
dontaudit gmscore_app proc_vendor_sched:file write;
|
||||
17
sepolicy/ignored/product/google_camera_app.te
Normal file
17
sepolicy/ignored/product/google_camera_app.te
Normal file
@@ -0,0 +1,17 @@
|
||||
type google_camera_app, coredomain, domain;
|
||||
|
||||
app_domain(google_camera_app)
|
||||
|
||||
hal_client_domain(google_camera_app, hal_power)
|
||||
|
||||
net_domain(google_camera_app)
|
||||
|
||||
allow google_camera_app app_api_service:service_manager find;
|
||||
allow google_camera_app audioserver_service:service_manager find;
|
||||
allow google_camera_app cameraserver_service:service_manager find;
|
||||
allow google_camera_app mediaextractor_service:service_manager find;
|
||||
allow google_camera_app mediametrics_service:service_manager find;
|
||||
allow google_camera_app mediaserver_service:service_manager find;
|
||||
allow google_camera_app privapp_data_file:lnk_file r_file_perms;
|
||||
|
||||
dontaudit google_camera_app vendor_default_prop:file { getattr map open };
|
||||
17
sepolicy/ignored/product/google_recorder_app.te
Normal file
17
sepolicy/ignored/product/google_recorder_app.te
Normal file
@@ -0,0 +1,17 @@
|
||||
type google_recorder_app, domain;
|
||||
|
||||
app_domain(google_recorder_app)
|
||||
|
||||
get_prop(google_recorder_app, graphics_config_writable_prop)
|
||||
|
||||
net_domain(google_recorder_app)
|
||||
|
||||
allow google_recorder_app app_api_service:service_manager find;
|
||||
allow google_recorder_app audioserver_service:service_manager find;
|
||||
allow google_recorder_app mediaextractor_service:service_manager find;
|
||||
allow google_recorder_app mediametrics_service:service_manager find;
|
||||
allow google_recorder_app mediaserver_service:service_manager find;
|
||||
allow google_recorder_app privapp_data_file:file execute;
|
||||
allow google_recorder_app privapp_data_file:lnk_file r_file_perms;
|
||||
|
||||
dontaudit google_recorder_app default_prop:file read;
|
||||
1
sepolicy/ignored/product/hal_dumpstate.te
Normal file
1
sepolicy/ignored/product/hal_dumpstate.te
Normal file
@@ -0,0 +1 @@
|
||||
dontaudit hal_dumpstate adbd_prop:file *;
|
||||
7
sepolicy/ignored/product/incidentd.te
Normal file
7
sepolicy/ignored/product/incidentd.te
Normal file
@@ -0,0 +1,7 @@
|
||||
dontaudit incidentd adbd_config_prop:file getattr;
|
||||
dontaudit incidentd adbd_config_prop:file map;
|
||||
dontaudit incidentd adbd_config_prop:file open;
|
||||
dontaudit incidentd adbd_prop:file getattr;
|
||||
dontaudit incidentd adbd_prop:file map;
|
||||
dontaudit incidentd adbd_prop:file open;
|
||||
dontaudit incidentd apexd_prop:file open;
|
||||
2
sepolicy/ignored/product/lpdumpd.te
Normal file
2
sepolicy/ignored/product/lpdumpd.te
Normal file
@@ -0,0 +1,2 @@
|
||||
dontaudit lpdumpd block_device:blk_file getattr;
|
||||
dontaudit lpdumpd block_device:blk_file read;
|
||||
29
sepolicy/ignored/product/mediashell_app.te
Normal file
29
sepolicy/ignored/product/mediashell_app.te
Normal file
@@ -0,0 +1,29 @@
|
||||
type mediashell_app, coredomain, domain;
|
||||
|
||||
app_domain(mediashell_app)
|
||||
|
||||
bluetooth_domain(mediashell_app)
|
||||
|
||||
get_prop(mediashell_app, odm_cast_prop)
|
||||
|
||||
net_domain(mediashell_app)
|
||||
|
||||
allow mediashell_app app_api_service:service_manager find;
|
||||
allow mediashell_app audioserver:fifo_file write;
|
||||
allow mediashell_app audioserver_service:service_manager find;
|
||||
allow mediashell_app cameraserver_service:service_manager find;
|
||||
allow mediashell_app drmserver_service:service_manager find;
|
||||
allow mediashell_app mediadrmserver_service:service_manager find;
|
||||
allow mediashell_app mediaextractor_service:service_manager find;
|
||||
allow mediashell_app mediametrics_service:service_manager find;
|
||||
allow mediashell_app mediaserver_service:service_manager find;
|
||||
allow mediashell_app network_watchlist_service:service_manager find;
|
||||
allow mediashell_app nfc_service:service_manager find;
|
||||
allow mediashell_app proc_vendor_sched:dir search;
|
||||
allow mediashell_app radio_service:service_manager find;
|
||||
allow mediashell_app self:process ptrace;
|
||||
allow mediashell_app system_api_service:service_manager find;
|
||||
allow mediashell_app system_linker_exec:file execute_no_trans;
|
||||
|
||||
dontaudit mediashell_app proc:file read;
|
||||
dontaudit mediashell_app wifi_config_prop:file r_file_perms;
|
||||
10
sepolicy/ignored/product/pixelsupport_app.te
Normal file
10
sepolicy/ignored/product/pixelsupport_app.te
Normal file
@@ -0,0 +1,10 @@
|
||||
type pixelsupport_app, coredomain, domain;
|
||||
|
||||
app_domain(pixelsupport_app)
|
||||
|
||||
bluetooth_domain(pixelsupport_app)
|
||||
|
||||
net_domain(pixelsupport_app)
|
||||
|
||||
allow pixelsupport_app app_api_service:service_manager find;
|
||||
allow pixelsupport_app radio_service:service_manager find;
|
||||
10
sepolicy/ignored/product/priv_app.te
Normal file
10
sepolicy/ignored/product/priv_app.te
Normal file
@@ -0,0 +1,10 @@
|
||||
dontaudit priv_app aac_drc_prop:file getattr;
|
||||
dontaudit priv_app aac_drc_prop:file map;
|
||||
dontaudit priv_app aac_drc_prop:file open;
|
||||
dontaudit priv_app ab_update_gki_prop:file getattr;
|
||||
dontaudit priv_app ab_update_gki_prop:file map;
|
||||
dontaudit priv_app ab_update_gki_prop:file open;
|
||||
dontaudit priv_app adbd_prop:file getattr;
|
||||
dontaudit priv_app adbd_prop:file map;
|
||||
dontaudit priv_app adbd_prop:file open;
|
||||
dontaudit priv_app proc_vendor_sched:file write;
|
||||
1
sepolicy/ignored/product/property.te
Normal file
1
sepolicy/ignored/product/property.te
Normal file
@@ -0,0 +1 @@
|
||||
system_internal_prop(odm_cast_prop)
|
||||
1
sepolicy/ignored/product/property_contexts
Normal file
1
sepolicy/ignored/product/property_contexts
Normal file
@@ -0,0 +1 @@
|
||||
ro.odm.cast.ssid_suffix u:object_r:odm_cast_prop:s0
|
||||
10
sepolicy/ignored/product/seapp_contexts
Normal file
10
sepolicy/ignored/product/seapp_contexts
Normal file
@@ -0,0 +1,10 @@
|
||||
user=_app isPrivApp=true name=com.google.android.apps.internal.betterbug domain=better_bug_app type=privapp_data_file levelFrom=user
|
||||
user=_app isPrivApp=true seinfo=GoogleRecorder name=com.google.android.apps.recorder domain=google_recorder_app type=app_data_file levelFrom=all
|
||||
user=_app isPrivApp=true seinfo=GoogleRecorder name=com.google.android.apps.recorder:* domain=google_recorder_app type=app_data_file levelFrom=all
|
||||
user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
|
||||
user=_app isPrivApp=true seinfo=mediashell domain=mediashell_app name=com.google.android.apps.mediashell type=privapp_data_file levelFrom=all
|
||||
user=_app isPrivApp=true seinfo=mediashell domain=mediashell_app name=com.google.android.apps.mediashell:* type=privapp_data_file levelFrom=all
|
||||
user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all
|
||||
user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all
|
||||
user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all
|
||||
user=_app seinfo=PixelSupport name=com.google.android.apps.pixel.support domain=pixelsupport_app type=app_data_file isPrivApp=true levelFrom=user
|
||||
1
sepolicy/ignored/product/untrusted_app_25.te
Normal file
1
sepolicy/ignored/product/untrusted_app_25.te
Normal file
@@ -0,0 +1 @@
|
||||
dontaudit untrusted_app_25 adbd_prop:file *;
|
||||
1
sepolicy/ignored/product/wait_for_keymaster.te
Normal file
1
sepolicy/ignored/product/wait_for_keymaster.te
Normal file
@@ -0,0 +1 @@
|
||||
dontaudit wait_for_keymaster servicemanager:binder transfer;
|
||||
2
sepolicy/ignored/system_ext/brownout_detection_app.te
Normal file
2
sepolicy/ignored/system_ext/brownout_detection_app.te
Normal file
@@ -0,0 +1,2 @@
|
||||
type brownout_detection_app, coredomain, domain;
|
||||
|
||||
20
sepolicy/ignored/system_ext/factory_ota_app.te
Normal file
20
sepolicy/ignored/system_ext/factory_ota_app.te
Normal file
@@ -0,0 +1,20 @@
|
||||
type factory_ota_app, coredomain, domain;
|
||||
|
||||
app_domain(factory_ota_app)
|
||||
|
||||
binder_call(factory_ota_app, update_engine)
|
||||
|
||||
get_prop(factory_ota_app, system_boot_reason_prop)
|
||||
|
||||
net_domain(factory_ota_app)
|
||||
|
||||
set_prop(factory_ota_app, sota_prop)
|
||||
|
||||
allow factory_ota_app app_api_service:service_manager find;
|
||||
allow factory_ota_app nfc_service:service_manager find;
|
||||
allow factory_ota_app ota_package_file:dir rw_dir_perms;
|
||||
allow factory_ota_app ota_package_file:file create_file_perms;
|
||||
allow factory_ota_app radio_service:service_manager find;
|
||||
allow factory_ota_app update_engine_service:service_manager find;
|
||||
|
||||
dontaudit factory_ota_app gpuservice:binder call;
|
||||
1
sepolicy/ignored/system_ext/file.te
Normal file
1
sepolicy/ignored/system_ext/file.te
Normal file
@@ -0,0 +1 @@
|
||||
type convert-to-ext4-sh_exec, exec_type, file_type, system_file_type;
|
||||
1
sepolicy/ignored/system_ext/file_contexts
Normal file
1
sepolicy/ignored/system_ext/file_contexts
Normal file
@@ -0,0 +1 @@
|
||||
/system_ext/bin/convert_to_ext4\.sh u:object_r:convert-to-ext4-sh_exec:s0
|
||||
7
sepolicy/ignored/system_ext/flag_flipper_app.te
Normal file
7
sepolicy/ignored/system_ext/flag_flipper_app.te
Normal file
@@ -0,0 +1,7 @@
|
||||
type flag_flipper_app, coredomain, domain;
|
||||
|
||||
app_domain(flag_flipper_app)
|
||||
|
||||
unix_socket_connect(flag_flipper_app, aconfigd, aconfigd)
|
||||
|
||||
allow flag_flipper_app app_api_service:service_manager find;
|
||||
1
sepolicy/ignored/system_ext/gmscore_app.te
Normal file
1
sepolicy/ignored/system_ext/gmscore_app.te
Normal file
@@ -0,0 +1 @@
|
||||
get_prop(gmscore_app, setupwizard_feature_prop)
|
||||
1
sepolicy/ignored/system_ext/init.te
Normal file
1
sepolicy/ignored/system_ext/init.te
Normal file
@@ -0,0 +1 @@
|
||||
set_prop(vendor_init, sota_prop)
|
||||
9
sepolicy/ignored/system_ext/pixelsystemservice_app.te
Normal file
9
sepolicy/ignored/system_ext/pixelsystemservice_app.te
Normal file
@@ -0,0 +1,9 @@
|
||||
type pixelsystemservice_app, coredomain, domain;
|
||||
|
||||
app_domain(pixelsystemservice_app)
|
||||
|
||||
set_prop(pixelsystemservice_app, pixelsystemservice_contextualawareness_prop)
|
||||
|
||||
allow pixelsystemservice_app app_api_service:service_manager find;
|
||||
allow pixelsystemservice_app radio_service:service_manager find;
|
||||
allow pixelsystemservice_app statsmanager_service:service_manager find;
|
||||
1
sepolicy/ignored/system_ext/platform_app.te
Normal file
1
sepolicy/ignored/system_ext/platform_app.te
Normal file
@@ -0,0 +1 @@
|
||||
set_prop(platform_app, vendor_sysuig_prop)
|
||||
1
sepolicy/ignored/system_ext/priv_app.te
Normal file
1
sepolicy/ignored/system_ext/priv_app.te
Normal file
@@ -0,0 +1 @@
|
||||
get_prop(priv_app, setupwizard_feature_prop)
|
||||
4
sepolicy/ignored/system_ext/property.te
Normal file
4
sepolicy/ignored/system_ext/property.te
Normal file
@@ -0,0 +1,4 @@
|
||||
system_internal_prop(pixelsystemservice_contextualawareness_prop)
|
||||
system_internal_prop(vendor_sysuig_prop)
|
||||
|
||||
system_public_prop(setupwizard_feature_prop)
|
||||
9
sepolicy/ignored/system_ext/property_contexts
Normal file
9
sepolicy/ignored/system_ext/property_contexts
Normal file
@@ -0,0 +1,9 @@
|
||||
persist.vendor.factoryota. u:object_r:sota_prop:s0
|
||||
persist.vendor.nfc.factoryota. u:object_r:sota_prop:s0
|
||||
persist.vendor.pulsar u:object_r:vendor_sysuig_prop:s0
|
||||
persist.vendor.radio.bootwithlpm u:object_r:sota_prop:s0
|
||||
pixelsystemservice.device.contextualawarenessbool u:object_r:pixelsystemservice_contextualawareness_prop:s0 exact bool
|
||||
ro.boot.sota u:object_r:sota_prop:s0
|
||||
ro.boot.sota. u:object_r:sota_prop:s0
|
||||
setupwizard.feature.provisioning_profile_mode u:object_r:setupwizard_feature_prop:s0
|
||||
sota.charge.stop.level u:object_r:sota_prop:s0
|
||||
8
sepolicy/ignored/system_ext/seapp_contexts
Normal file
8
sepolicy/ignored/system_ext/seapp_contexts
Normal file
@@ -0,0 +1,8 @@
|
||||
user=_app isPrivApp=true name=com.android.theflippinapp domain=flag_flipper_app type=app_data_file levelFrom=all seinfo=platform
|
||||
user=_app isPrivApp=true name=com.google.android.brownoutdetection domain=brownout_detection_app type=app_data_file levelFrom=all
|
||||
user=_app seinfo=platform name=com.android.systemui domain=systemui_app type=app_data_file levelFrom=all
|
||||
user=_app seinfo=platform name=com.android.systemui:* domain=systemui_app type=app_data_file levelFrom=all
|
||||
user=_app seinfo=platform name=com.google.android.factoryota domain=factory_ota_app levelFrom=all
|
||||
user=_app seinfo=platform name=com.google.android.pixelsystemservice domain=pixelsystemservice_app type=app_data_file levelFrom=all
|
||||
user=_app seinfo=platform name=com.google.android.pixelsystemservice:ephemeral domain=pixelsystemservice_app type=app_data_file levelFrom=all
|
||||
user=_app seinfo=platform name=com.google.android.turboadapter domain=turbo_adapter type=app_data_file levelFrom=all
|
||||
28
sepolicy/ignored/system_ext/systemui_app.te
Normal file
28
sepolicy/ignored/system_ext/systemui_app.te
Normal file
@@ -0,0 +1,28 @@
|
||||
type systemui_app, coredomain, domain;
|
||||
|
||||
app_domain(systemui_app)
|
||||
|
||||
get_prop(systemui_app, bluetooth_lea_prop)
|
||||
get_prop(systemui_app, keyguard_config_prop)
|
||||
get_prop(systemui_app, qemu_hw_prop)
|
||||
get_prop(systemui_app, radio_cdma_ecm_prop)
|
||||
|
||||
set_prop(systemui_app, bootanim_system_prop)
|
||||
set_prop(systemui_app, debug_prop)
|
||||
set_prop(systemui_app, debug_tracing_desktop_mode_visible_tasks_prop)
|
||||
set_prop(systemui_app, vendor_sysuig_prop)
|
||||
|
||||
allow systemui_app adb_service:service_manager find;
|
||||
allow systemui_app app_api_service:service_manager find;
|
||||
allow systemui_app audioserver_service:service_manager find;
|
||||
allow systemui_app cameraserver_service:service_manager find;
|
||||
allow systemui_app color_display_service:service_manager find;
|
||||
allow systemui_app mediaextractor_service:service_manager find;
|
||||
allow systemui_app mediametrics_service:service_manager find;
|
||||
allow systemui_app mediaserver_service:service_manager find;
|
||||
allow systemui_app network_score_service:service_manager find;
|
||||
allow systemui_app nfc_service:service_manager find;
|
||||
allow systemui_app overlay_service:service_manager find;
|
||||
allow systemui_app radio_service:service_manager find;
|
||||
allow systemui_app statsmanager_service:service_manager find;
|
||||
allow systemui_app vr_manager_service:service_manager find;
|
||||
16
sepolicy/ignored/system_ext/turbo_adapter.te
Normal file
16
sepolicy/ignored/system_ext/turbo_adapter.te
Normal file
@@ -0,0 +1,16 @@
|
||||
type turbo_adapter, coredomain, domain, system_suspend_internal_server;
|
||||
|
||||
app_domain(turbo_adapter)
|
||||
|
||||
binder_call(turbo_adapter, system_suspend_internal_server)
|
||||
|
||||
get_prop(turbo_adapter, suspend_prop)
|
||||
|
||||
hal_client_domain(turbo_adapter, hal_power)
|
||||
hal_client_domain(turbo_adapter, hal_power_stats)
|
||||
|
||||
r_dir_file(turbo_adapter, proc_uid_cputime_showstat)
|
||||
|
||||
set_prop(turbo_adapter, debug_prop)
|
||||
|
||||
allow turbo_adapter app_api_service:service_manager find;
|
||||
1
sepolicy/ignored/system_ext/update_engine.te
Normal file
1
sepolicy/ignored/system_ext/update_engine.te
Normal file
@@ -0,0 +1 @@
|
||||
binder_call(update_engine, factory_ota_app)
|
||||
1
sepolicy/ignored/vendor/edgetpu_tachyon.te
vendored
Normal file
1
sepolicy/ignored/vendor/edgetpu_tachyon.te
vendored
Normal file
@@ -0,0 +1 @@
|
||||
binder_call(edgetpu_tachyon_server, google_camera_app)
|
||||
2
sepolicy/ignored/vendor/file_contexts
vendored
Normal file
2
sepolicy/ignored/vendor/file_contexts
vendored
Normal file
@@ -0,0 +1,2 @@
|
||||
/data/vendor/wifi/wlan_logs(/.*)? u:object_r:wifi_logging_data_file:s0
|
||||
/vendor/bin/init\.qfp\.sh u:object_r:init_qfp_exec:s0
|
||||
1
sepolicy/ignored/vendor/gia.te
vendored
Normal file
1
sepolicy/ignored/vendor/gia.te
vendored
Normal file
@@ -0,0 +1 @@
|
||||
binder_call(gia, pixelsystemservice_app)
|
||||
7
sepolicy/ignored/vendor/google_camera_app.te
vendored
Normal file
7
sepolicy/ignored/vendor/google_camera_app.te
vendored
Normal file
@@ -0,0 +1,7 @@
|
||||
get_prop(google_camera_app, vendor_gxp_prop)
|
||||
|
||||
allow google_camera_app edgetpu_app_service:service_manager find;
|
||||
allow google_camera_app edgetpu_device:chr_file { getattr ioctl map read write };
|
||||
allow google_camera_app gxp_device:chr_file rw_file_perms;
|
||||
allow google_camera_app hw_jpg_device:chr_file rw_file_perms;
|
||||
allow google_camera_app vendor_fw_file:dir search;
|
||||
1
sepolicy/ignored/vendor/google_recorder_app.te
vendored
Normal file
1
sepolicy/ignored/vendor/google_recorder_app.te
vendored
Normal file
@@ -0,0 +1 @@
|
||||
get_prop(google_recorder_app, vendor_audio_prop_restricted)
|
||||
2
sepolicy/ignored/vendor/hal_wireless_charger.te
vendored
Normal file
2
sepolicy/ignored/vendor/hal_wireless_charger.te
vendored
Normal file
@@ -0,0 +1,2 @@
|
||||
binder_call(hal_wireless_charger, pixelsystemservice_app)
|
||||
binder_call(hal_wireless_charger, systemui_app)
|
||||
1
sepolicy/ignored/vendor/hal_wlcservice.te
vendored
Normal file
1
sepolicy/ignored/vendor/hal_wlcservice.te
vendored
Normal file
@@ -0,0 +1 @@
|
||||
binder_call(hal_wlcservice, pixelsystemservice_app)
|
||||
1
sepolicy/ignored/vendor/init.te
vendored
Normal file
1
sepolicy/ignored/vendor/init.te
vendored
Normal file
@@ -0,0 +1 @@
|
||||
set_prop(vendor_init, setupwizard_feature_prop)
|
||||
1
sepolicy/ignored/vendor/pixelsupport_app.te
vendored
Normal file
1
sepolicy/ignored/vendor/pixelsupport_app.te
vendored
Normal file
@@ -0,0 +1 @@
|
||||
set_prop(pixelsupport_app, vendor_gti_prop)
|
||||
26
sepolicy/ignored/vendor/pixelsystemservice_app.te
vendored
Normal file
26
sepolicy/ignored/vendor/pixelsystemservice_app.te
vendored
Normal file
@@ -0,0 +1,26 @@
|
||||
binder_call(pixelsystemservice_app, hal_audio_default)
|
||||
binder_call(pixelsystemservice_app, hal_bluetooth_btlinux)
|
||||
binder_call(pixelsystemservice_app, hal_wireless_charger)
|
||||
binder_call(pixelsystemservice_app, hal_wlcservice)
|
||||
binder_call(pixelsystemservice_app, statsd)
|
||||
|
||||
binder_use(pixelsystemservice_app)
|
||||
|
||||
get_prop(pixelsystemservice_app, vendor_audio_prop_restricted)
|
||||
get_prop(pixelsystemservice_app, vendor_fingerprint_prop)
|
||||
|
||||
hal_client_domain(pixelsystemservice_app, hal_fingerprint)
|
||||
hal_client_domain(pixelsystemservice_app, hal_gia)
|
||||
hal_client_domain(pixelsystemservice_app, hal_power_stats)
|
||||
|
||||
set_prop(pixelsystemservice_app, touch_property_type)
|
||||
set_prop(pixelsystemservice_app, vendor_intelligence_prop)
|
||||
set_prop(pixelsystemservice_app, vendor_pss_systemphenotype_prop)
|
||||
|
||||
allow pixelsystemservice_app cameraserver_service:service_manager find;
|
||||
allow pixelsystemservice_app fwk_vibrator_control_service:service_manager find;
|
||||
allow pixelsystemservice_app hal_audio_ext_service:service_manager find;
|
||||
allow pixelsystemservice_app hal_wireless_charger_service:service_manager find;
|
||||
allow pixelsystemservice_app hal_wlcservice_service:service_manager find;
|
||||
allow pixelsystemservice_app pixel_bluetooth_service_type:service_manager find;
|
||||
allow pixelsystemservice_app touch_context_service:service_manager find;
|
||||
1
sepolicy/ignored/vendor/rild.te
vendored
Normal file
1
sepolicy/ignored/vendor/rild.te
vendored
Normal file
@@ -0,0 +1 @@
|
||||
binder_call(rild, logger_app)
|
||||
12
sepolicy/ignored/vendor/systemui_app.te
vendored
Normal file
12
sepolicy/ignored/vendor/systemui_app.te
vendored
Normal file
@@ -0,0 +1,12 @@
|
||||
binder_call(systemui_app, hal_graphics_composer_default)
|
||||
binder_call(systemui_app, hal_wireless_charger)
|
||||
binder_call(systemui_app, pixel_battery_domain)
|
||||
binder_call(systemui_app, twoshay)
|
||||
|
||||
hal_client_domain(systemui_app, hal_fingerprint)
|
||||
|
||||
allow systemui_app hal_pixel_display_service:service_manager find;
|
||||
allow systemui_app hal_wireless_charger_service:service_manager find;
|
||||
allow systemui_app pixel_battery_service_type:service_manager find;
|
||||
allow systemui_app screen_protector_detector_service:service_manager find;
|
||||
allow systemui_app touch_context_service:service_manager find;
|
||||
1
sepolicy/ignored/vendor/twoshay.te
vendored
Normal file
1
sepolicy/ignored/vendor/twoshay.te
vendored
Normal file
@@ -0,0 +1 @@
|
||||
binder_call(twoshay, systemui_app)
|
||||
Reference in New Issue
Block a user