diff --git a/sepolicy/tracking_denials/bug_map b/sepolicy/tracking_denials/bug_map index 9246974a..f843bb8b 100644 --- a/sepolicy/tracking_denials/bug_map +++ b/sepolicy/tracking_denials/bug_map @@ -4,7 +4,10 @@ dump_display sysfs file b/350831939 dump_modem sscoredump_vendor_data_coredump_file dir b/361726277 dump_modem sscoredump_vendor_data_logcat_file dir b/361726277 dumpstate unlabeled file b/350832009 +hal_bluetooth_synabtlinux device chr_file b/386303831 hal_camera_default aconfig_storage_metadata_file dir b/383013727 +hal_drm_widevine system_userdir_file dir b/393956479 +hal_drm_widevine widevine_sys_vendor_prop file b/393956479 hal_face_default traced_producer_socket sock_file b/305600808 hal_power_default hal_power_default capability b/237492146 hal_sensors_default property_socket sock_file b/373755350 @@ -12,7 +15,10 @@ hal_sensors_default sysfs file b/336451433 incidentd debugfs_wakeup_sources file b/282626428 incidentd incidentd anon_inode b/282626428 init init capability b/379206608 +init-display-sh kmsg_device chr_file b/388949662 insmod-sh insmod-sh key b/336451874 +insmod-sh kmsg_device chr_file b/388949536 +insmod-sh vendor_edgetpu_debugfs dir b/385858933 kernel dm_device blk_file b/319403445 kernel kernel capability b/336451113 kernel tmpfs chr_file b/321731318 @@ -20,7 +26,9 @@ pixelstats_vendor block_device dir b/369540701 platform_app vendor_fw_file dir b/377811773 platform_app vendor_rild_prop file b/377811773 priv_app audio_config_prop file b/379246129 +priv_app metadata_file dir b/383438008 ramdump ramdump capability b/369475655 +ramdump_app default_prop file b/386148928 rfsd vendor_cbd_prop file b/317734397 shell sysfs_net file b/329380891 ssr_detector_app default_prop file b/359428005 @@ -37,4 +45,5 @@ vendor_init default_prop file b/329381126 vendor_init default_prop property_service b/315104803 vendor_init default_prop property_service b/359427666 vendor_init default_prop property_service b/359428317 +zygote aconfig_storage_metadata_file dir b/383949172 zygote zygote capability b/379206941 diff --git a/sepolicy/whitechapel_pro/file_contexts b/sepolicy/whitechapel_pro/file_contexts index 23ae061a..44b8bf9b 100644 --- a/sepolicy/whitechapel_pro/file_contexts +++ b/sepolicy/whitechapel_pro/file_contexts @@ -1,7 +1,6 @@ # Binaries /vendor/bin/dmd u:object_r:dmd_exec:s0 /vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0 -/vendor/bin/sced u:object_r:sced_exec:s0 /vendor/bin/vcd u:object_r:vcd_exec:s0 /vendor/bin/chre u:object_r:chre_exec:s0 /vendor/bin/cbd u:object_r:cbd_exec:s0 @@ -82,6 +81,7 @@ /dev/janeiro u:object_r:edgetpu_device:s0 /dev/bigocean u:object_r:video_device:s0 /dev/goodix_fp u:object_r:fingerprint_device:s0 +/dev/fth_fd u:object_r:fingerprint_device:s0 /dev/ispolin_ranging u:object_r:rls_device:s0 /dev/watchdog0 u:object_r:watchdog_device:s0 /dev/mali0 u:object_r:gpu_device:s0 diff --git a/sepolicy/whitechapel_pro/genfs_contexts b/sepolicy/whitechapel_pro/genfs_contexts index ee65fab8..a6872ed1 100644 --- a/sepolicy/whitechapel_pro/genfs_contexts +++ b/sepolicy/whitechapel_pro/genfs_contexts @@ -212,6 +212,10 @@ genfscon sysfs /devices/platform/google,battery/power_supply/battery genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10d60000.hsi2c u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/version u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/status u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/fw_rev u:object_r:sysfs_batteryinfo:s0 + genfscon sysfs /devices/pseudo_0/adapter0/host1/target1:0:0/1:0:0:0/block/sde u:object_r:sysfs_devices_block:s0 # P22 battery @@ -275,6 +279,9 @@ genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup genfscon sysfs /devices/platform/sound-aoc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:fps_touch_handler/wakeup u:object_r:sysfs_wakeup:s0 + #SecureElement genfscon sysfs /devices/platform/181c0000.spi/spi_master/spi17/spi17.0/st33spi u:object_r:sysfs_st33spi:s0 @@ -353,3 +360,6 @@ genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby # WLC genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-15/15-003c u:object_r:sysfs_wlc:s0 + +# USB +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/udc/11210000.dwc3/state u:object_r:sysfs_udc:s0 diff --git a/sepolicy/whitechapel_pro/hal_usb_impl.te b/sepolicy/whitechapel_pro/hal_usb_impl.te index 4c997733..afc193db 100644 --- a/sepolicy/whitechapel_pro/hal_usb_impl.te +++ b/sepolicy/whitechapel_pro/hal_usb_impl.te @@ -33,3 +33,4 @@ allow hal_usb_impl usb_device:dir r_dir_perms; # For monitoring usb sysfs attributes allow hal_usb_impl sysfs_wakeup:dir search; allow hal_usb_impl sysfs_wakeup:file r_file_perms; +allow hal_usb_impl sysfs_udc:file r_file_perms; diff --git a/sepolicy/whitechapel_pro/init-display-sh.te b/sepolicy/whitechapel_pro/init-display-sh.te index 54ff7d6e..7f64b782 100644 --- a/sepolicy/whitechapel_pro/init-display-sh.te +++ b/sepolicy/whitechapel_pro/init-display-sh.te @@ -8,3 +8,5 @@ allow init-display-sh vendor_toolbox_exec:file execute_no_trans; dontaudit init-display-sh proc_cmdline:file r_file_perms; +# Allow modprobe to log to kmsg. +allow init-display-sh kmsg_device:chr_file w_file_perms; diff --git a/sepolicy/whitechapel_pro/modem_svc_sit.te b/sepolicy/whitechapel_pro/modem_svc_sit.te index 0097a46a..373fdf63 100644 --- a/sepolicy/whitechapel_pro/modem_svc_sit.te +++ b/sepolicy/whitechapel_pro/modem_svc_sit.te @@ -52,6 +52,4 @@ allow modem_svc_sit modem_img_file:file r_file_perms; allow modem_svc_sit modem_img_file:lnk_file r_file_perms; # Allow modem_svc_sit to access socket for UMI -userdebug_or_eng(` - allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink }; -') +allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink write }; diff --git a/sepolicy/whitechapel_pro/sced.te b/sepolicy/whitechapel_pro/sced.te deleted file mode 100644 index 2b08973a..00000000 --- a/sepolicy/whitechapel_pro/sced.te +++ /dev/null @@ -1,23 +0,0 @@ -type sced, domain; -type sced_exec, vendor_file_type, exec_type, file_type; - -userdebug_or_eng(` - init_daemon_domain(sced) - typeattribute sced vendor_executes_system_violators; - - hwbinder_use(sced) - binder_call(sced, dmd) - binder_call(sced, vendor_telephony_silentlogging_app) - - get_prop(sced, hwservicemanager_prop) - allow sced self:packet_socket create_socket_perms_no_ioctl; - - allow sced self:capability net_raw; - allow sced shell_exec:file rx_file_perms; - allow sced tcpdump_exec:file rx_file_perms; - allow sced vendor_shell_exec:file x_file_perms; - allow sced vendor_slog_file:dir create_dir_perms; - allow sced vendor_slog_file:file create_file_perms; - allow sced hidl_base_hwservice:hwservice_manager add; - allow sced hal_vendor_oem_hwservice:hwservice_manager { add find }; -') diff --git a/sepolicy/whitechapel_pro/vendor_telephony_silentlogging_app.te b/sepolicy/whitechapel_pro/vendor_telephony_silentlogging_app.te index 583f408f..a9497f5d 100644 --- a/sepolicy/whitechapel_pro/vendor_telephony_silentlogging_app.te +++ b/sepolicy/whitechapel_pro/vendor_telephony_silentlogging_app.te @@ -10,7 +10,6 @@ allow vendor_telephony_silentlogging_app vendor_slog_file:file create_file_perms allow vendor_telephony_silentlogging_app app_api_service:service_manager find; allow vendor_telephony_silentlogging_app hal_vendor_oem_hwservice:hwservice_manager find; binder_call(vendor_telephony_silentlogging_app, dmd) -binder_call(vendor_telephony_silentlogging_app, sced) userdebug_or_eng(` # Silent Logging