diff --git a/gs101-sepolicy.mk b/gs101-sepolicy.mk index 3e8c9022..c13b325e 100644 --- a/gs101-sepolicy.mk +++ b/gs101-sepolicy.mk @@ -1,5 +1,5 @@ # sepolicy that are shared among devices using whitechapel -BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/whitechapel/vendor/google +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs101-sepolicy/whitechapel/vendor/google # unresolved SELinux error log with bug tracking BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/tracking_denials diff --git a/tracking_denials/bluetooth.te b/tracking_denials/bluetooth.te new file mode 100644 index 00000000..fa48fcb3 --- /dev/null +++ b/tracking_denials/bluetooth.te @@ -0,0 +1,2 @@ +# b/382362462 +dontaudit bluetooth default_android_service:service_manager { find }; diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index e01f4cfa..cd2c30da 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,14 +1,17 @@ battery_mitigation sysfs file b/364446534 +bluetooth audio_config_prop file b/379226761 +bluetooth audio_config_prop file b/379245675 chre vendor_data_file dir b/301948771 dump_display sysfs file b/340722772 dump_modem sscoredump_vendor_data_coredump_file dir b/366115873 dump_modem sscoredump_vendor_data_logcat_file dir b/366115873 +hal_camera_default aconfig_storage_metadata_file dir b/383013727 hal_power_default hal_power_default capability b/240632824 hal_sensors_default sysfs file b/340723303 -hal_vibrator_default default_android_service service_manager b/317316478 incidentd debugfs_wakeup_sources file b/282626428 incidentd incidentd anon_inode b/282626428 +init init capability b/379591559 kernel dm_device blk_file b/315907959 kernel kernel capability b/340722537 kernel kernel capability b/340723030 @@ -18,7 +21,12 @@ pixelstats_vendor block_device dir b/369537606 pixelstats_vendor block_device dir b/369735407 platform_app vendor_fw_file dir b/372122654 platform_app vendor_rild_prop file b/372122654 +priv_app audio_config_prop file b/379226710 +priv_app audio_config_prop file b/379246066 +radio audio_config_prop file b/379227275 ramdump ramdump capability b/369538457 +ramdump_app default_prop file b/386149238 +ramdump_app privapp_data_file lnk_file b/385977809 rfsd vendor_cbd_prop file b/317734418 shell sysfs_net file b/329380904 ssr_detector_app default_prop file b/350831964 @@ -26,10 +34,13 @@ surfaceflinger selinuxfs file b/313804340 system_server vendor_default_prop file b/366115457 system_server vendor_default_prop file b/366116435 system_server vendor_default_prop file b/366116587 +untrusted_app audio_config_prop file b/379226644 +untrusted_app audio_config_prop file b/379246340 untrusted_app nativetest_data_file dir b/305600845 untrusted_app shell_test_data_file dir b/305600845 untrusted_app system_data_root_file dir b/305600845 untrusted_app userdebug_or_eng_prop file b/305600845 +untrusted_app_29 audio_config_prop file b/379246143 vendor_init debugfs_trace_marker file b/340723222 vendor_init default_prop file b/315104713 vendor_init default_prop file b/316817111 @@ -38,3 +49,5 @@ vendor_init default_prop property_service b/366115458 vendor_init default_prop property_service b/366116214 vendor_init default_prop property_service b/369735133 vendor_init default_prop property_service b/369735170 +zygote aconfig_storage_metadata_file dir b/383949055 +zygote zygote capability b/379591519 diff --git a/whitechapel/vendor/google/dump_power.te b/whitechapel/vendor/google/dump_power.te index d745b20d..cf7c14ed 100644 --- a/whitechapel/vendor/google/dump_power.te +++ b/whitechapel/vendor/google/dump_power.te @@ -13,3 +13,12 @@ allow dump_power mitigation_vendor_data_file:dir r_dir_perms; allow dump_power mitigation_vendor_data_file:file r_file_perms; allow dump_power sysfs_bcl:dir r_dir_perms; allow dump_power sysfs_bcl:file r_file_perms; + +userdebug_or_eng(` + r_dir_file(dump_power, vendor_battery_debugfs) + r_dir_file(dump_power, vendor_maxfg_debugfs) + r_dir_file(dump_power, vendor_charger_debugfs) + r_dir_file(dump_power, vendor_votable_debugfs) + allow dump_power debugfs:dir r_dir_perms; + allow dump_power vendor_usb_debugfs:dir { search }; +') diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index fc845ff6..196d0dd7 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -167,7 +167,7 @@ /vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0 -/dev/stmvl53l1_ranging u:object_r:rls_device:s0 +/dev/ispolin_ranging u:object_r:rls_device:s0 /dev/lwis-act0 u:object_r:lwis_device:s0 /dev/lwis-act1 u:object_r:lwis_device:s0 @@ -245,7 +245,6 @@ /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 # shared_modem_platform files -/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 /data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0 # modem mnt files @@ -360,6 +359,7 @@ /dev/bigocean u:object_r:video_device:s0 # Fingerprint +/dev/fth_fd u:object_r:fingerprint_device:s0 /dev/goodix_fp u:object_r:fingerprint_device:s0 /data/vendor/fingerprint(/.*)? u:object_r:fingerprint_vendor_data_file:s0 diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 2a0642d1..ec02ff21 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -33,6 +33,10 @@ genfscon sysfs /devices/platform/google,dock/power_supply/dock genfscon sysfs /devices/platform/10d50000.hsi2c u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/version u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/status u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/fw_rev u:object_r:sysfs_batteryinfo:s0 + # Slider genfscon sysfs /devices/platform/10d10000.hsi2c/i2c-0/0-003c u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10d10000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 @@ -128,6 +132,9 @@ genfscon sysfs /devices/platform/sound-aoc/wakeup genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/wakeup u:object_r:sysfs_wakeup:s0 + # Input genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.4.auto/usb2/2-1 u:object_r:sysfs_uhid:s0 genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/xhci-hcd-exynos.5.auto/usb2/2-1 u:object_r:sysfs_uhid:s0 diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te index e0379a8a..467e8799 100644 --- a/whitechapel/vendor/google/modem_svc_sit.te +++ b/whitechapel/vendor/google/modem_svc_sit.te @@ -32,9 +32,6 @@ get_prop(modem_svc_sit, hwservicemanager_prop) # logging property get_prop(modem_svc_sit, vendor_logger_prop) -# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal. -hal_server_domain(modem_svc_sit, hal_shared_modem_platform) - # Modem property set_prop(modem_svc_sit, vendor_modem_prop)