diff --git a/display/gs101/hal_graphics_composer_default.te b/display/gs101/hal_graphics_composer_default.te index 0b4c26e8..1bea8b50 100644 --- a/display/gs101/hal_graphics_composer_default.te +++ b/display/gs101/hal_graphics_composer_default.te @@ -16,6 +16,7 @@ userdebug_or_eng(` allow hal_graphics_composer_default mnt_vendor_file:dir search; allow hal_graphics_composer_default persist_file:dir search; allow hal_graphics_composer_default persist_display_file:file r_file_perms; +allow hal_graphics_composer_default persist_display_file:dir search; # allow HWC to r/w backlight allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms; diff --git a/system_ext/private/platform_app.te b/system_ext/private/platform_app.te new file mode 100644 index 00000000..10d6bba9 --- /dev/null +++ b/system_ext/private/platform_app.te @@ -0,0 +1,2 @@ +# allow systemui to set boot animation colors +set_prop(platform_app, bootanim_system_prop); diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts index 9f462bda..9cf97280 100644 --- a/system_ext/private/property_contexts +++ b/system_ext/private/property_contexts @@ -1,2 +1,8 @@ # Fingerprint (UDFPS) GHBM/LHBM toggle persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool + +# Boot animation dynamic colors +persist.bootanim.color1 u:object_r:bootanim_system_prop:s0 exact int +persist.bootanim.color2 u:object_r:bootanim_system_prop:s0 exact int +persist.bootanim.color3 u:object_r:bootanim_system_prop:s0 exact int +persist.bootanim.color4 u:object_r:bootanim_system_prop:s0 exact int diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index b8c22e12..e2baeca6 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -139,6 +139,7 @@ userdebug_or_eng(` typeattribute vendor_gps_file mlstrustedobject; ') type sysfs_gps, sysfs_type, fs_type; +type sysfs_gps_assert, sysfs_type, fs_type; # Display type sysfs_display, sysfs_type, fs_type; @@ -185,6 +186,8 @@ type sysfs_video, sysfs_type, fs_type; # UWB vendor type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; +type persist_uwb_file, file_type, vendor_persist_type; +type uwb_data_vendor, file_type, data_file_type; # PixelStats_vendor type sysfs_pixelstats, fs_type, sysfs_type; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 85e6e649..241be432 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -111,6 +111,10 @@ /dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 /dev/logbuffer_cpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 + # DM tools device /dev/umts_dm0 u:object_r:radio_device:s0 /dev/umts_router u:object_r:radio_device:s0 @@ -349,6 +353,9 @@ # Uwb # R4 /vendor/bin/hw/hardware\.qorvo\.uwb-service u:object_r:hal_uwb_vendor_default_exec:s0 +/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 +/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 +/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 # RILD files /data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0 diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index b9a6a60f..6124bc5d 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -14,6 +14,7 @@ genfscon sysfs /devices/platform/19000000.aoc/control/audio_wakeup u:ob genfscon sysfs /devices/platform/19000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 genfscon sysfs /devices/platform/19000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes u:object_r:sysfs_aoc_dumpstate:s0 # WiFi genfscon sysfs /wifi u:object_r:sysfs_wifi:s0 @@ -108,6 +109,7 @@ genfscon sysfs /devices/virtual/sec/tsp # GPS genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby u:object_r:sysfs_gps:s0 +genfscon sysfs /devices/virtual/pps/pps0/assert_elapsed u:object_r:sysfs_gps_assert:s0 # Display genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/gamma u:object_r:sysfs_display:s0 @@ -149,7 +151,13 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mp genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 # bcl sysfs files -genfscon sysfs /devices/virtual/pmic/mitigation u:object_r:sysfs_bcl:s0 +genfscon sysfs /devices/virtual/pmic/mitigation u:object_r:sysfs_bcl:s0 +genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/tpu_heavy_clk_ratio u:object_r:sysfs_bcl:s0 +genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/gpu_heavy_clk_ratio u:object_r:sysfs_bcl:s0 +genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/cpu2_heavy_clk_ratio u:object_r:sysfs_bcl:s0 +genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/cpu2_light_clk_ratio u:object_r:sysfs_bcl:s0 +genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/tpu_light_clk_ratio u:object_r:sysfs_bcl:s0 +genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/gpu_light_clk_ratio u:object_r:sysfs_bcl:s0 # Chosen genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0 diff --git a/whitechapel/vendor/google/gpsd.te b/whitechapel/vendor/google/gpsd.te index 64591cba..791a02e4 100644 --- a/whitechapel/vendor/google/gpsd.te +++ b/whitechapel/vendor/google/gpsd.te @@ -23,3 +23,6 @@ allow gpsd hal_exynos_rild_hwservice:hwservice_manager find; # Allow gpsd to access sensor service binder_call(gpsd, system_server); allow gpsd fwk_sensor_hwservice:hwservice_manager find; + +# Allow gpsd to access pps gpio +allow gpsd sysfs_gps_assert:file r_file_perms; diff --git a/whitechapel/vendor/google/hal_nfc_default.te b/whitechapel/vendor/google/hal_nfc_default.te index f98e78c6..b6477925 100644 --- a/whitechapel/vendor/google/hal_nfc_default.te +++ b/whitechapel/vendor/google/hal_nfc_default.te @@ -7,3 +7,7 @@ set_prop(hal_nfc_default, vendor_secure_element_prop) # Modem property set_prop(hal_nfc_default, vendor_modem_prop) +# Access uwb cal for SecureRanging Applet +allow hal_nfc_default uwb_data_vendor:dir r_dir_perms; +allow hal_nfc_default uwb_data_vendor:file r_file_perms; + diff --git a/whitechapel/vendor/google/hal_power_default.te b/whitechapel/vendor/google/hal_power_default.te index cc5fe8ff..a04e40a1 100644 --- a/whitechapel/vendor/google/hal_power_default.te +++ b/whitechapel/vendor/google/hal_power_default.te @@ -12,6 +12,8 @@ allow hal_power_default thermal_link_device:dir r_dir_perms; allow hal_power_default sysfs_thermal:dir r_dir_perms; allow hal_power_default sysfs_thermal:file rw_file_perms; allow hal_power_default sysfs_thermal:lnk_file r_file_perms; +allow hal_power_default sysfs_bcl:dir r_dir_perms; +allow hal_power_default sysfs_bcl:file rw_file_perms; set_prop(hal_power_default, vendor_camera_prop) set_prop(hal_power_default, vendor_camera_debug_prop) set_prop(hal_power_default, vendor_camera_fatp_prop) diff --git a/whitechapel/vendor/google/hal_uwb_vendor_default.te b/whitechapel/vendor/google/hal_uwb_vendor_default.te index 31b392be..93616874 100644 --- a/whitechapel/vendor/google/hal_uwb_vendor_default.te +++ b/whitechapel/vendor/google/hal_uwb_vendor_default.te @@ -6,3 +6,6 @@ add_service(hal_uwb_vendor_default, hal_uwb_vendor_service) hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor) binder_call(hal_uwb_vendor_default, uwb_vendor_app) + +allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms; +allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms; \ No newline at end of file diff --git a/whitechapel/vendor/google/twoshay.te b/whitechapel/vendor/google/twoshay.te index 92b517a1..fafd0642 100644 --- a/whitechapel/vendor/google/twoshay.te +++ b/whitechapel/vendor/google/twoshay.te @@ -11,3 +11,6 @@ add_service(twoshay, touch_context_service) # b/193224954 dontaudit twoshay twoshay:capability dac_override; + +allow twoshay fwk_stats_service:service_manager find; +binder_call(twoshay, stats_service_server) diff --git a/whitechapel/vendor/google/uwb_vendor_app.te b/whitechapel/vendor/google/uwb_vendor_app.te index f1124b28..675ecdb6 100644 --- a/whitechapel/vendor/google/uwb_vendor_app.te +++ b/whitechapel/vendor/google/uwb_vendor_app.te @@ -10,9 +10,13 @@ hal_client_domain(uwb_vendor_app, hal_uwb_vendor) allow uwb_vendor_app app_api_service:service_manager find; allow uwb_vendor_app hal_uwb_vendor_service:service_manager find; allow uwb_vendor_app nfc_service:service_manager find; +allow uwb_vendor_app radio_service:service_manager find; allow uwb_vendor_app uwb_vendor_data_file:file create_file_perms; allow uwb_vendor_app uwb_vendor_data_file:dir create_dir_perms; +allow hal_uwb_vendor_default self:global_capability_class_set { sys_nice }; +allow hal_uwb_vendor_default kernel:process { setsched }; + binder_call(uwb_vendor_app, hal_uwb_vendor_default) ') diff --git a/whitechapel/vendor/google/vendor_uwb_init.te b/whitechapel/vendor/google/vendor_uwb_init.te new file mode 100644 index 00000000..716af19c --- /dev/null +++ b/whitechapel/vendor/google/vendor_uwb_init.te @@ -0,0 +1,10 @@ +type vendor_uwb_init, domain; +type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(vendor_uwb_init) + +allow vendor_uwb_init vendor_shell_exec:file rx_file_perms; +allow vendor_uwb_init vendor_toolbox_exec:file rx_file_perms; + +allow vendor_uwb_init uwb_data_vendor:file create_file_perms; +allow vendor_uwb_init uwb_data_vendor:dir w_dir_perms;