From 9c9b4f80f45dde90932314b5ddcbf9cd10bc4d80 Mon Sep 17 00:00:00 2001 From: Michael Bestas Date: Fri, 5 Dec 2025 06:33:58 +0200 Subject: [PATCH] gs101: Manual fixes to make sepolicy build Change-Id: I9f9057fd572388a0dfb00554e9b6a3bb63795461 --- sepolicy/vendor/mediacodec_samsung.te | 3 ++- sepolicy/vendor/uwb_vendor_app.te | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/sepolicy/vendor/mediacodec_samsung.te b/sepolicy/vendor/mediacodec_samsung.te index 82de3950..93929a80 100644 --- a/sepolicy/vendor/mediacodec_samsung.te +++ b/sepolicy/vendor/mediacodec_samsung.te @@ -25,6 +25,7 @@ allow mediacodec_samsung sysfs_mfc:dir r_dir_perms; allow mediacodec_samsung sysfs_mfc:file r_file_perms; allow mediacodec_samsung video_device:chr_file rw_file_perms; -neverallow mediacodec_samsung domain:{ rawip_socket tcp_socket udp_socket } *; +neverallow mediacodec_samsung { domain userdebug_or_eng(`-su') }:tcp_socket *; +neverallow mediacodec_samsung domain:{ rawip_socket udp_socket } *; neverallow mediacodec_samsung file_type:file execute_no_trans; neverallow mediacodec_samsung fs_type:file execute_no_trans; diff --git a/sepolicy/vendor/uwb_vendor_app.te b/sepolicy/vendor/uwb_vendor_app.te index 1e9e3544..2e618a13 100644 --- a/sepolicy/vendor/uwb_vendor_app.te +++ b/sepolicy/vendor/uwb_vendor_app.te @@ -2,17 +2,23 @@ type uwb_vendor_app, domain; app_domain(uwb_vendor_app) +not_recovery(` binder_call(uwb_vendor_app, hal_uwb_vendor_default) +') get_prop(uwb_vendor_app, vendor_secure_element_prop) +not_recovery(` hal_client_domain(uwb_vendor_app, hal_uwb_vendor) +') set_prop(uwb_vendor_app, vendor_uwb_calibration_country_code) +not_recovery(` allow uwb_vendor_app app_api_service:service_manager find; allow uwb_vendor_app hal_uwb_vendor_service:service_manager find; allow uwb_vendor_app nfc_service:service_manager find; allow uwb_vendor_app radio_service:service_manager find; allow uwb_vendor_app uwb_vendor_data_file:dir create_dir_perms; allow uwb_vendor_app uwb_vendor_data_file:file create_file_perms; +')