Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge Android U (ab/10368041)

Browse source 
Bug: 291102124
Merged-In: I899bc4150d6d32b0ede035c96487da50849b6256
Change-Id: I2d7cb958d68b1b20b31921f04c77a5ff91aca8eb
This commit is contained in:
Xin Li 2023-08-15 00:04:03 -07:00
commit 70d0cf7ca5
102 changed files with 275 additions and 896 deletions
Download patch file Download diff file Expand all files Collapse all files

21
aoc/aocd.te
View file

@ -1,21 +0,0 @@
type aocd, domain;
type aocd_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(aocd)
# access persist files
allow aocd mnt_vendor_file:dir search;
allow aocd persist_file:dir search;
r_dir_file(aocd, persist_aoc_file);
# sysfs operations
allow aocd sysfs_aoc:dir search;
allow aocd sysfs_aoc_firmware:file w_file_perms;
# dev operations
allow aocd aoc_device:chr_file rw_file_perms;
# allow inotify to watch for additions/removals from /dev
allow aocd device:dir r_dir_perms;
# set properties
set_prop(aocd, vendor_aoc_prop)

18
aoc/aocdump.te
View file

@ -1,18 +0,0 @@
type aocdump, domain;
type aocdump_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(aocdump)
userdebug_or_eng(`
# Permit communication with AoC
allow aocdump aoc_device:chr_file rw_file_perms;
allow aocdump radio_vendor_data_file:dir rw_dir_perms;
allow aocdump radio_vendor_data_file:file create_file_perms;
allow aocdump wifi_logging_data_file:dir create_dir_perms;
allow aocdump wifi_logging_data_file:file create_file_perms;
set_prop(aocdump, vendor_audio_prop);
r_dir_file(aocdump, proc_asound)
allow aocdump self:unix_stream_socket create_stream_socket_perms;
allow aocdump audio_vendor_data_file:sock_file { create unlink };
')

5
aoc/device.te
View file

@ -1,5 +0,0 @@
# AOC device
type aoc_device, dev_type;
# AMCS device
type amcs_device, dev_type;

17
aoc/file.te
View file

@ -1,17 +0,0 @@
# sysfs
type sysfs_aoc_dumpstate, sysfs_type, fs_type;
type sysfs_aoc_boottime, sysfs_type, fs_type;
type sysfs_aoc_firmware, sysfs_type, fs_type;
type sysfs_aoc, sysfs_type, fs_type;
type sysfs_aoc_reset, sysfs_type, fs_type;
type sysfs_pixelstats, fs_type, sysfs_type;
# persist
type persist_aoc_file, file_type, vendor_persist_type;
type persist_audio_file, file_type, vendor_persist_type;
# vendor
type aoc_audio_file, file_type, vendor_file_type;
# data
type audio_vendor_data_file, file_type, data_file_type;

37
aoc/file_contexts
View file

@ -1,37 +0,0 @@
# AoC devices
/dev/acd-audio_output_tuning u:object_r:aoc_device:s0
/dev/acd-audio_bulk_tx u:object_r:aoc_device:s0
/dev/acd-audio_bulk_rx u:object_r:aoc_device:s0
/dev/acd-audio_input_tuning u:object_r:aoc_device:s0
/dev/acd-audio_input_bulk_tx u:object_r:aoc_device:s0
/dev/acd-audio_input_bulk_rx u:object_r:aoc_device:s0
/dev/acd-sound_trigger u:object_r:aoc_device:s0
/dev/acd-hotword_notification u:object_r:aoc_device:s0
/dev/acd-hotword_pcm u:object_r:aoc_device:s0
/dev/acd-ambient_pcm u:object_r:aoc_device:s0
/dev/acd-model_data u:object_r:aoc_device:s0
/dev/acd-debug u:object_r:aoc_device:s0
/dev/acd-audio_tap[0-9]* u:object_r:aoc_device:s0
/dev/acd-audio_dcdoff_ref u:object_r:aoc_device:s0
/dev/acd-com.google.usf u:object_r:aoc_device:s0
/dev/acd-com.google.usf.non_wake_up u:object_r:aoc_device:s0
/dev/acd-logging u:object_r:aoc_device:s0
/dev/aoc u:object_r:aoc_device:s0
/dev/acd-audio_ap_offload_rx u:object_r:aoc_device:s0
/dev/acd-audio_ap_offload_tx u:object_r:aoc_device:s0
/dev/amcs u:object_r:amcs_device:s0
# AoC vendor binaries
/vendor/bin/aocd u:object_r:aocd_exec:s0
/vendor/bin/aocdump u:object_r:aocdump_exec:s0
/vendor/bin/hw/vendor\.google\.audiometricext@1\.0-service-vendor u:object_r:hal_audiometricext_default_exec:s0
# AoC audio files
/vendor/etc/aoc(/.*)? u:object_r:aoc_audio_file:s0
# Aoc persist files
/mnt/vendor/persist/aoc(/.*)? u:object_r:persist_aoc_file:s0
/mnt/vendor/persist/audio(/.*)? u:object_r:persist_audio_file:s0
# Audio data files
/data/vendor/audio(/.*)? u:object_r:audio_vendor_data_file:s0

31
aoc/genfs_contexts
View file

@ -1,31 +0,0 @@
# AOC
genfscon sysfs /devices/platform/19000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0
genfscon sysfs /devices/platform/19000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0
genfscon sysfs /devices/platform/19000000.aoc u:object_r:sysfs_aoc:s0
genfscon sysfs /devices/platform/19000000.aoc/reset u:object_r:sysfs_aoc_reset:s0
genfscon sysfs /devices/platform/19000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0
# pixelstat_vendor
genfscon sysfs /devices/platform/audiometrics/codec_state u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/hs_codec_state u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/speaker_impedance u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/speaker_excursion u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/speaker_heartbeat u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/speaker_temp u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/mic_broken_degrade u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/codec_crashed_counter u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/hwinfo_part_number u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/ams_rate_read_once u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/cca_rate_read_once u:object_r:sysfs_pixelstats:s0

35
aoc/hal_audio_default.te
View file

@ -1,35 +0,0 @@
vndbinder_use(hal_audio_default)
hwbinder_use(hal_audio_default)
allow hal_audio_default audio_vendor_data_file:dir rw_dir_perms;
allow hal_audio_default audio_vendor_data_file:file create_file_perms;
r_dir_file(hal_audio_default, aoc_audio_file);
r_dir_file(hal_audio_default, mnt_vendor_file);
r_dir_file(hal_audio_default, persist_audio_file);
allow hal_audio_default persist_file:dir search;
allow hal_audio_default aoc_device:file rw_file_perms;
allow hal_audio_default aoc_device:chr_file rw_file_perms;
allow hal_audio_default hal_audio_ext_hwservice:hwservice_manager { find add };
allow hal_audio_default amcs_device:file rw_file_perms;
allow hal_audio_default amcs_device:chr_file rw_file_perms;
allow hal_audio_default sysfs_pixelstats:file rw_file_perms;
#allow access to DMABUF Heaps for AAudio API
allow hal_audio_default dmabuf_heap_device:chr_file r_file_perms;
set_prop(hal_audio_default, vendor_audio_prop);
hal_client_domain(hal_audio_default, hal_health);
hal_client_domain(hal_audio_default, hal_thermal);
allow hal_audio_default fwk_sensor_hwservice:hwservice_manager find;
userdebug_or_eng(`
allow hal_audio_default self:unix_stream_socket create_stream_socket_perms;
allow hal_audio_default audio_vendor_data_file:sock_file { create unlink };
')
wakelock_use(hal_audio_default);

12
aoc/hal_audiometricext_default.te
View file

@ -1,12 +0,0 @@
type hal_audiometricext_default, domain;
type hal_audiometricext_default_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(hal_audiometricext_default)
allow hal_audiometricext_default amcs_device:chr_file rw_file_perms;
allow hal_audiometricext_default sysfs_pixelstats:file rw_file_perms;
get_prop(hal_audiometricext_default, vendor_audio_prop);
get_prop(hal_audiometricext_default, hwservicemanager_prop);
hwbinder_use(hal_audiometricext_default);
add_hwservice(hal_audiometricext_default, hal_audiometricext_hwservice);

6
aoc/hwservice.te
View file

@ -1,6 +0,0 @@
# Audio
type hal_audio_ext_hwservice, hwservice_manager_type;
# AudioMetric
type hal_audiometricext_hwservice, hwservice_manager_type;

4
aoc/hwservice_contexts
View file

@ -1,4 +0,0 @@
# Audio
vendor.google.whitechapel.audio.audioext::IAudioExt u:object_r:hal_audio_ext_hwservice:s0
vendor.google.audiometricext::IAudioMetricExt u:object_r:hal_audiometricext_hwservice:s0

4
aoc/property.te
View file

@ -1,4 +0,0 @@
# AoC
vendor_internal_prop(vendor_aoc_prop)
# Audio
vendor_internal_prop(vendor_audio_prop)

13
aoc/property_contexts
View file

@ -1,13 +0,0 @@
# AoC
vendor.aoc.firmware.version u:object_r:vendor_aoc_prop:s0
# for audio
vendor.audio_hal.period_multiplier u:object_r:vendor_audio_prop:s0
vendor.audiodump.enable u:object_r:vendor_audio_prop:s0
persist.vendor.audio. u:object_r:vendor_audio_prop:s0
vendor.audiodump.log.ondemand u:object_r:vendor_audio_prop:s0
vendor.audiodump.log.config u:object_r:vendor_audio_prop:s0
vendor.audiodump.output.dir u:object_r:vendor_audio_prop:s0
vendor.audiodump.encode.disable u:object_r:vendor_audio_prop:s0
vendor.audiodump.log.cca.updated u:object_r:vendor_audio_prop:s0
vendor.audiodump.cca.config u:object_r:vendor_audio_prop:s0

6
dauntless/citadel_provision.te
View file

@ -1,6 +0,0 @@
type citadel_provision, domain;
type citadel_provision_exec, exec_type, vendor_file_type, file_type;
userdebug_or_eng(`
init_daemon_domain(citadel_provision)
')

13
dauntless/citadeld.te
View file

@ -1,13 +0,0 @@
type citadeld, domain;
type citadeld_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(citadeld)
add_service(citadeld, citadeld_service)
binder_use(citadeld)
vndbinder_use(citadeld)
binder_call(citadeld, system_server)
allow citadeld citadel_device:chr_file rw_file_perms;
allow citadeld fwk_stats_service:service_manager find;
allow citadeld hal_power_stats_vendor_service:service_manager find;

1
dauntless/device.te
View file

@ -1 +0,0 @@
type citadel_device, dev_type;

1
dauntless/file.te
View file

@ -1 +0,0 @@
type citadel_updater, vendor_file_type, file_type;

9
dauntless/file_contexts
View file

@ -1,9 +0,0 @@
/vendor/bin/CitadelProvision u:object_r:citadel_provision_exec:s0
/vendor/bin/hw/init_citadel u:object_r:init_citadel_exec:s0
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.citadel u:object_r:hal_keymint_citadel_exec:s0
/vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel u:object_r:hal_weaver_citadel_exec:s0
/vendor/bin/hw/android\.hardware\.identity@1\.0-service\.citadel u:object_r:hal_identity_citadel_exec:s0
/vendor/bin/hw/citadel_updater u:object_r:citadel_updater:s0
/vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0
/dev/gsc0 u:object_r:citadel_device:s0

11
dauntless/hal_identity_citadel.te
View file

@ -1,11 +0,0 @@
type hal_identity_citadel, domain;
type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
vndbinder_use(hal_identity_citadel)
binder_call(hal_identity_citadel, citadeld)
allow hal_identity_citadel citadeld_service:service_manager find;
allow hal_identity_citadel hal_keymint_citadel:binder call;
hal_server_domain(hal_identity_citadel, hal_identity)
hal_server_domain(hal_identity_citadel, hal_keymint)
init_daemon_domain(hal_identity_citadel)

9
dauntless/hal_keymint_citadel.te
View file

@ -1,9 +0,0 @@
type hal_keymint_citadel, domain;
type hal_keymint_citadel_exec, exec_type, vendor_file_type, file_type;
hal_server_domain(hal_keymint_citadel, hal_keymint)
init_daemon_domain(hal_keymint_citadel)
vndbinder_use(hal_keymint_citadel)
get_prop(hal_keymint_citadel, vendor_security_patch_level_prop)
allow hal_keymint_citadel citadeld_service:service_manager find;
binder_call(hal_keymint_citadel, citadeld)

11
dauntless/hal_weaver_citadel.te
View file

@ -1,11 +0,0 @@
type hal_weaver_citadel, domain;
type hal_weaver_citadel_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_weaver_citadel)
hal_server_domain(hal_weaver_citadel, hal_weaver)
hal_server_domain(hal_weaver_citadel, hal_oemlock)
hal_server_domain(hal_weaver_citadel, hal_authsecret)
vndbinder_use(hal_weaver_citadel)
binder_call(hal_weaver_citadel, citadeld)
allow hal_weaver_citadel citadeld_service:service_manager find;

15
dauntless/init_citadel.te
View file

@ -1,15 +0,0 @@
type init_citadel, domain;
type init_citadel_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(init_citadel)
# Citadel communication must be via citadeld
vndbinder_use(init_citadel)
binder_call(init_citadel, citadeld)
allow init_citadel citadeld_service:service_manager find;
# Many standard utils are actually vendor_toolbox (like xxd)
allow init_citadel vendor_toolbox_exec:file rx_file_perms;
# init_citadel needs to invoke citadel_updater
allow init_citadel citadel_updater:file rx_file_perms;

3
dauntless/service_contexts
View file

@ -1,3 +0,0 @@
android.hardware.security.keymint.IKeyMintDevice/strongbox u:object_r:hal_keymint_service:s0
android.hardware.security.sharedsecret.ISharedSecret/strongbox u:object_r:hal_sharedsecret_service:s0
android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox u:object_r:hal_remotelyprovisionedcomponent_service:s0

1
dauntless/vndservice.te
View file

@ -1 +0,0 @@
type citadeld_service, vndservice_manager_type;

1
dauntless/vndservice_contexts
View file

@ -1 +0,0 @@
android.hardware.citadel.ICitadeld u:object_r:citadeld_service:s0

5
edgetpu/debug_camera_app.te
View file

@ -1,5 +0,0 @@
userdebug_or_eng(`
# Allows GCA-Eng to find and access the EdgeTPU.
allow debug_camera_app edgetpu_app_service:service_manager find;
allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
')

2
edgetpu/file_contexts
View file

@ -1,2 +0,0 @@
# EdgeTPU device (DarwiNN)
/dev/janeiro u:object_r:edgetpu_device:s0

2
edgetpu/genfs_contexts
View file

@ -1,2 +0,0 @@
# EdgeTPU
genfscon sysfs /devices/platform/1ce00000.janeiro u:object_r:sysfs_edgetpu:s0

3
edgetpu/google_camera_app.te
View file

@ -1,3 +0,0 @@
# Allows GCA to find and access the EdgeTPU.
allow google_camera_app edgetpu_app_service:service_manager find;
allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };

1
gps/device.te
View file

@ -1 +0,0 @@
type vendor_gnss_device, dev_type;

7
gps/file.te
View file

@ -1,7 +0,0 @@
type vendor_gps_file, file_type, data_file_type;
userdebug_or_eng(`
typeattribute vendor_gps_file mlstrustedobject;
')
type sysfs_gps, sysfs_type, fs_type;
type sysfs_gps_assert, sysfs_type, fs_type;

12
gps/file_contexts
View file

@ -1,12 +0,0 @@
# gnss/gps data/log files
/data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0
# devices
/dev/bbd_control u:object_r:vendor_gnss_device:s0
/dev/ttyBCM u:object_r:vendor_gnss_device:s0
# vendor binaries
/vendor/bin/hw/scd u:object_r:scd_exec:s0
/vendor/bin/hw/lhd u:object_r:lhd_exec:s0
/vendor/bin/hw/gpsd u:object_r:gpsd_exec:s0
/vendor/bin/hw/android\.hardware\.gnss@[0-9]\.[0-9]-service-brcm u:object_r:hal_gnss_default_exec:s0

4
gps/genfs_contexts
View file

@ -1,4 +0,0 @@
# GPS
genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby u:object_r:sysfs_gps:s0
genfscon sysfs /devices/virtual/pps/pps0/assert_elapsed u:object_r:sysfs_gps_assert:s0

28
gps/gpsd.te
View file

@ -1,28 +0,0 @@
type gpsd, domain;
type gpsd_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(gpsd)
# Allow gpsd access PixelLogger unix socket in debug build only
userdebug_or_eng(`
typeattribute gpsd mlstrustedsubject;
allow gpsd logger_app:unix_stream_socket connectto;
')
# Allow gpsd to obtain wakelock
wakelock_use(gpsd)
# Allow gpsd access data vendor gps files
allow gpsd vendor_gps_file:dir create_dir_perms;
allow gpsd vendor_gps_file:file create_file_perms;
allow gpsd vendor_gps_file:fifo_file create_file_perms;
# Allow gpsd to access rild
binder_call(gpsd, rild);
allow gpsd hal_exynos_rild_hwservice:hwservice_manager find;
# Allow gpsd to access sensor service
binder_call(gpsd, system_server);
allow gpsd fwk_sensor_hwservice:hwservice_manager find;
# Allow gpsd to access pps gpio
allow gpsd sysfs_gps_assert:file r_file_perms;

4
gps/hal_gnss_default.te
View file

@ -1,4 +0,0 @@
# Allow hal_gnss_default access data vendor gps files
allow hal_gnss_default vendor_gps_file:dir create_dir_perms;
allow hal_gnss_default vendor_gps_file:file create_file_perms;
allow hal_gnss_default vendor_gps_file:fifo_file create_file_perms;

23
gps/lhd.te
View file

@ -1,23 +0,0 @@
type lhd, domain;
type lhd_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(lhd)
# Allow lhd access PixelLogger unix socket in debug build only
userdebug_or_eng(`
typeattribute lhd mlstrustedsubject;
allow lhd logger_app:unix_stream_socket connectto;
')
# Allow lhd access data vendor gps files
allow lhd vendor_gps_file:dir create_dir_perms;
allow lhd vendor_gps_file:file create_file_perms;
allow lhd vendor_gps_file:fifo_file create_file_perms;
# Allow lhd to obtain wakelock
wakelock_use(lhd)
# Allow lhd access /dev/bbd_control file
allow lhd vendor_gnss_device:chr_file rw_file_perms;
# Allow lhd access nstandby gpio
allow lhd sysfs_gps:file rw_file_perms;

17
gps/scd.te
View file

@ -1,17 +0,0 @@
type scd, domain;
type scd_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(scd)
# Allow scd access PixelLogger unix socket in debug build only
userdebug_or_eng(`
typeattribute scd mlstrustedsubject;
allow scd logger_app:unix_stream_socket connectto;
')
# Allow a base set of permissions required for network access.
net_domain(scd);
# Allow scd access data vendor gps files
allow scd vendor_gps_file:dir create_dir_perms;
allow scd vendor_gps_file:file create_file_perms;
allow scd vendor_gps_file:fifo_file create_file_perms;

12
tracking_denials/bug_map
View file

@ -1,13 +1,16 @@
cat_engine_service_app system_app_data_file dir b/238705599
dex2oat privapp_data_file dir b/276386138
dump_pixel_metrics sysfs file b/268147113
dumpstate app_zygote process b/237491813
dumpstate hal_input_processor_default process b/238260726
dumpstate incident process b/239632439
dumpstate system_data_file dir b/239484651
hal_camera_default boot_status_prop file b/275001783
hal_camera_default edgetpu_app_service service_manager b/275001783
hal_contexthub_default fwk_stats_service service_manager b/241714943
hal_drm_widevine default_prop file b/237492145
hal_dumpstate_default dump_thermal process b/268566483
hal_power_default hal_power_default capability b/237492146
hal_radioext_default radio_vendor_data_file file b/237093466
incidentd debugfs_wakeup_sources file b/237492091
incidentd incidentd anon_inode b/268147092
init-insmod-sh vendor_ready_prop property_service b/239364360
kernel vendor_charger_debugfs dir b/238571150
kernel vendor_usb_debugfs dir b/227121550
@ -22,3 +25,6 @@ shell rootfs file b/239484612
shell sscoredump_vendor_data_crashinfo_file dir b/241714944
shell system_dlkm_file dir b/239484612
su modem_img_file filesystem b/240653918
system_app proc_pagetypeinfo file b/275645892
system_server privapp_data_file lnk_file b/276385494
system_server system_userdir_file dir b/282096141

3
tracking_denials/clatd.te
View file

@ -1,3 +0,0 @@
# b/210363983
#dontaudit clatd netd:rawip_socket { read write };
#dontaudit clatd netd:rawip_socket { setopt };

10
tracking_denials/dumpstate.te
View file

@ -1,6 +1,6 @@
# b/221384768
dontaudit dumpstate app_zygote:process { signal };
# b/185723618
dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
dontaudit dumpstate sysfs:file { read };
# b/227694693
dontaudit dumpstate incident:process { signal };
# b/237491813
dontaudit dumpstate app_zygote:process { signal };
# b/277155245
dontaudit dumpstate default_android_service:service_manager { find };

8
tracking_denials/google_camera_app.te
View file

@ -1,8 +0,0 @@
# b/209889068
dontaudit google_camera_app edgetpu_app_service:service_manager { find };
dontaudit google_camera_app edgetpu_device:chr_file { ioctl };
dontaudit google_camera_app edgetpu_device:chr_file { map };
dontaudit google_camera_app edgetpu_device:chr_file { read write };
dontaudit google_camera_app vendor_default_prop:file { getattr };
dontaudit google_camera_app vendor_default_prop:file { map };
dontaudit google_camera_app vendor_default_prop:file { open };

8
tracking_denials/hal_neuralnetworks_armnn.te
View file

@ -1,8 +0,0 @@
# b/205073167
dontaudit hal_neuralnetworks_armnn default_prop:file { open };
dontaudit hal_neuralnetworks_armnn default_prop:file { read };
# b/205202540
dontaudit hal_neuralnetworks_armnn default_prop:file { getattr };
dontaudit hal_neuralnetworks_armnn default_prop:file { map };
# b/205779871
dontaudit hal_neuralnetworks_armnn system_data_file:dir { search };

5
tracking_denials/hal_power_default.te
View file

@ -1,4 +1,3 @@
# b/208909174
dontaudit hal_power_default hal_power_default:capability { dac_read_search };
# b/221384860
# b/237492146
dontaudit hal_power_default hal_power_default:capability { dac_override };
dontaudit hal_power_default hal_power_default:capability { dac_read_search };

2
tracking_denials/hal_vibrator_default.te Normal file
View file

@ -0,0 +1,2 @@
# b/274727778
dontaudit hal_vibrator_default default_android_service:service_manager { find };

2
tracking_denials/hardware_info_app.te
View file

@ -1,2 +0,0 @@
# b/208909060
dontaudit hardware_info_app vendor_maxfg_debugfs:dir search;

2
tracking_denials/incidentd.te
View file

@ -1,2 +1,2 @@
# b/226850644
# b/237492091
dontaudit incidentd debugfs_wakeup_sources:file { read };

9
tracking_denials/kernel.te
View file

@ -1,9 +1,2 @@
# b/213817227
dontaudit kernel vendor_battery_debugfs:dir { search };
# b/220801802
allow kernel same_process_hal_file:file r_file_perms;
# b/227121550
dontaudit kernel vendor_usb_debugfs:dir { search };
dontaudit kernel vendor_votable_debugfs:dir { search };
# b/228181404
dontaudit kernel vendor_maxfg_debugfs:dir { search };
dontaudit kernel vendor_votable_debugfs:dir search;

2
tracking_denials/servicemanager.te
View file

@ -1,4 +1,2 @@
# b/214122471
dontaudit servicemanager hal_fingerprint_default:binder { call };
# b/229677756
dontaudit servicemanager hal_dumpstate_default:binder { call };

5
tracking_denials/tee.te
View file

@ -1,5 +0,0 @@
# TODO(b/205904330): avoid using setuid, setgid permission
allow tee tee:capability { setuid setgid };
# b/215649571
dontaudit tee gsi_metadata_file:dir { search };
dontaudit tee metadata_file:dir { search };

3
tracking_denials/untrusted_app.te
View file

@ -1,3 +0,0 @@
# b/229354991
dontaudit untrusted_app isolated_app:process { getsched };
dontaudit untrusted_app shell_test_data_file:dir { search };

2
tracking_denials/vendor_init.te
View file

@ -1,4 +1,2 @@
# b/205656950
dontaudit vendor_init thermal_link_device:file { create };
# b/226271913
dontaudit vendor_init vendor_maxfg_debugfs:file setattr;

4
tracking_denials/vndservicemanager.te Normal file
View file

@ -0,0 +1,4 @@
# b/278639040
dontaudit vndservicemanager hal_keymint_citadel:binder { call };
# b/278639040
dontaudit vndservicemanager hal_keymint_citadel:binder { call };

22
whitechapel_pro/battery_mitigation.te
View file

@ -1,22 +0,0 @@
type battery_mitigation, domain;
type battery_mitigation_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(battery_mitigation)
get_prop(battery_mitigation, boot_status_prop)
set_prop(battery_mitigation, vendor_mitigation_ready_prop)
get_prop(battery_mitigation, vendor_brownout_reason_prop)
get_prop(battery_mitigation, system_boot_reason_prop)
hal_client_domain(battery_mitigation, hal_thermal);
hal_client_domain(battery_mitigation, hal_health);
r_dir_file(battery_mitigation, sysfs_batteryinfo)
r_dir_file(battery_mitigation, sysfs_iio_devices)
r_dir_file(battery_mitigation, sysfs_thermal)
r_dir_file(battery_mitigation, thermal_link_device)
r_dir_file(battery_mitigation, sysfs_odpm)
allow battery_mitigation sysfs_bcl:dir r_dir_perms;
allow battery_mitigation sysfs_bcl:file r_file_perms;
allow battery_mitigation sysfs_bcl:lnk_file r_file_perms;
allow battery_mitigation sysfs_thermal:lnk_file r_file_perms;
allow battery_mitigation mitigation_vendor_data_file:dir rw_dir_perms;
allow battery_mitigation mitigation_vendor_data_file:file create_file_perms;

9
whitechapel_pro/brownout_detection_app.te
View file

@ -1,9 +0,0 @@
type brownout_detection_app, domain, coredomain;
userdebug_or_eng(`
app_domain(brownout_detection_app)
net_domain(brownout_detection_app)
allow brownout_detection_app app_api_service:service_manager find;
allow brownout_detection_app system_api_service:service_manager find;
get_prop(brownout_detection_app, vendor_brownout_reason_prop)
')

4
whitechapel_pro/chre.te
View file

@ -18,10 +18,14 @@ usf_low_latency_transport(chre)
# Allow CHRE to talk to the WiFi HAL
allow chre hal_wifi_ext:binder { call transfer };
allow chre hal_wifi_ext_hwservice:hwservice_manager find;
allow chre hal_wifi_ext_service:service_manager find;
# Allow CHRE host to talk to stats service
allow chre fwk_stats_service:service_manager find;
binder_call(chre, stats_service_server)
# Allow CHRE to use WakeLock
wakelock_use(chre)
# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP.
allow chre self:global_capability2_class_set block_suspend;

5
whitechapel_pro/debug_camera_app.te
View file

@ -5,3 +5,8 @@ userdebug_or_eng(`
# Allows camera app to search for GXP firmware file.
allow debug_camera_app vendor_fw_file:dir search;
')
userdebug_or_eng(`
# Allows GCA-Eng to find and access the EdgeTPU.
allow debug_camera_app edgetpu_app_service:service_manager find;
allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
')

3
whitechapel_pro/device.te
View file

@ -17,8 +17,9 @@ type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
type vframe_heap_device, dmabuf_heap_device_type, dev_type;
type vscaler_heap_device, dmabuf_heap_device_type, dev_type;
type battery_history_device, dev_type;
type radio_test_device, dev_type;
type vendor_gnss_device, dev_type;
type fips_block_device, dev_type;
# SecureElement SPI device
type st54spi_device, dev_type;

4
whitechapel_pro/domain.te
View file

@ -1,2 +1,6 @@
allow {domain -appdomain -rs} proc_vendor_sched:dir r_dir_perms;
allow {domain -appdomain -rs} proc_vendor_sched:file w_file_perms;
# Mali
get_prop(domain, vendor_arm_runtime_option_prop)

30
whitechapel_pro/dump_power_gs201.te Normal file
View file

@ -0,0 +1,30 @@
pixel_bugreport(dump_power_gs201)
allow dump_power_gs201 sysfs_acpm_stats:dir r_dir_perms;
allow dump_power_gs201 sysfs_acpm_stats:file r_file_perms;
allow dump_power_gs201 sysfs_cpu:file r_file_perms;
allow dump_power_gs201 vendor_toolbox_exec:file execute_no_trans;
allow dump_power_gs201 logbuffer_device:chr_file r_file_perms;
allow dump_power_gs201 mitigation_vendor_data_file:dir r_dir_perms;
allow dump_power_gs201 sysfs:dir r_dir_perms;
allow dump_power_gs201 sysfs_batteryinfo:dir r_dir_perms;
allow dump_power_gs201 sysfs_batteryinfo:file r_file_perms;
allow dump_power_gs201 sysfs_bcl:dir r_dir_perms;
allow dump_power_gs201 sysfs_bcl:file r_file_perms;
allow dump_power_gs201 sysfs_wlc:dir r_dir_perms;
allow dump_power_gs201 sysfs_wlc:file r_file_perms;
allow dump_power_gs201 battery_history_device:chr_file r_file_perms;
allow dump_power_gs201 mitigation_vendor_data_file:file r_file_perms;
userdebug_or_eng(`
allow dump_power_gs201 debugfs:dir r_dir_perms;
allow dump_power_gs201 vendor_battery_debugfs:dir r_dir_perms;
allow dump_power_gs201 vendor_battery_debugfs:file r_file_perms;
allow dump_power_gs201 vendor_charger_debugfs:dir r_dir_perms;
allow dump_power_gs201 vendor_charger_debugfs:file r_file_perms;
allow dump_power_gs201 vendor_pm_genpd_debugfs:file r_file_perms;
allow dump_power_gs201 vendor_maxfg_debugfs:dir r_dir_perms;
allow dump_power_gs201 vendor_maxfg_debugfs:file r_file_perms;
allow dump_power_gs201 vendor_votable_debugfs:dir r_dir_perms;
allow dump_power_gs201 vendor_votable_debugfs:file r_file_perms;
')

1
whitechapel_pro/dumpstate.te
View file

@ -14,4 +14,3 @@ allow dumpstate modem_userdata_file:dir r_dir_perms;
allow dumpstate modem_img_file:dir r_dir_perms;
allow dumpstate fuse:dir search;
dontaudit dumpstate vendor_dmabuf_debugfs:file r_file_perms;

1
whitechapel_pro/fastbootd.te
View file

@ -3,7 +3,6 @@ recovery_only(`
allow fastbootd devinfo_block_device:blk_file rw_file_perms;
allow fastbootd sda_block_device:blk_file rw_file_perms;
allow fastbootd sysfs_ota:file rw_file_perms;
allow fastbootd citadel_device:chr_file rw_file_perms;
allow fastbootd st54spi_device:chr_file rw_file_perms;
allow fastbootd custom_ab_block_device:blk_file rw_file_perms;
')

48
whitechapel_pro/file.te
View file

@ -4,10 +4,7 @@ type vendor_log_file, file_type, data_file_type;
type vendor_rfsd_log_file, file_type, data_file_type;
type modem_stat_data_file, file_type, data_file_type;
type vendor_slog_file, file_type, data_file_type;
type radio_vendor_data_file, file_type, data_file_type;
type updated_wifi_firmware_data_file, file_type, data_file_type;
type tcpdump_vendor_data_file, file_type, data_file_type;
type vendor_camera_data_file, file_type, data_file_type;
type vendor_media_data_file, file_type, data_file_type;
type vendor_misc_data_file, file_type, data_file_type;
type sensor_debug_data_file, file_type, data_file_type;
@ -16,11 +13,10 @@ type per_boot_file, file_type, data_file_type, core_data_file_type;
type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type;
type uwb_data_vendor, file_type, data_file_type;
type powerstats_vendor_data_file, file_type, data_file_type;
type mitigation_vendor_data_file, file_type, data_file_type;
type vendor_gps_file, file_type, data_file_type;
userdebug_or_eng(`
typeattribute tcpdump_vendor_data_file mlstrustedobject;
typeattribute vendor_gps_file mlstrustedobject;
typeattribute vendor_slog_file mlstrustedobject;
typeattribute radio_vendor_data_file mlstrustedobject;
')
# Exynos Firmware
@ -36,30 +32,18 @@ type sysfs_em_profile, sysfs_type, fs_type;
type sysfs_chosen, sysfs_type, fs_type;
type sysfs_ota, sysfs_type, fs_type;
type bootdevice_sysdev, dev_type;
type sysfs_display, sysfs_type, fs_type;
type sysfs_scsi_devices_0000, sysfs_type, fs_type;
type sysfs_fabric, sysfs_type, fs_type;
type sysfs_acpm_stats, sysfs_type, fs_type;
type sysfs_wifi, sysfs_type, fs_type;
type sysfs_exynos_bts, sysfs_type, fs_type;
type sysfs_exynos_bts_stats, sysfs_type, fs_type;
type sysfs_bcl, sysfs_type, fs_type;
type sysfs_chip_id, sysfs_type, fs_type;
type sysfs_touch, sysfs_type, fs_type;
type sysfs_exynos_pcie_stats, sysfs_type, fs_type;
type sysfs_bcmdhd, sysfs_type, fs_type;
type sysfs_wlc, sysfs_type, fs_type;
type sysfs_chargelevel, sysfs_type, fs_type;
type sysfs_mfc, sysfs_type, fs_type;
type sysfs_cpu, sysfs_type, fs_type;
type sysfs_odpm, sysfs_type, fs_type;
type sysfs_soc, sysfs_type, fs_type;
type sysfs_camera, sysfs_type, fs_type;
type sysfs_write_leds, sysfs_type, fs_type;
type sysfs_pca, sysfs_type, fs_type;
type sysfs_ptracker, sysfs_type, fs_type;
# debugfs
type debugfs_f2fs, debugfs_type, fs_type;
type vendor_maxfg_debugfs, fs_type, debugfs_type;
type vendor_pm_genpd_debugfs, fs_type, debugfs_type;
type vendor_regmap_debugfs, fs_type, debugfs_type;
@ -67,10 +51,6 @@ type vendor_usb_debugfs, fs_type, debugfs_type;
type vendor_charger_debugfs, fs_type, debugfs_type;
type vendor_votable_debugfs, fs_type, debugfs_type;
type vendor_battery_debugfs, fs_type, debugfs_type;
type vendor_dmabuf_debugfs, fs_type, debugfs_type;
type vendor_dri_debugfs, fs_type, debugfs_type;
type vendor_page_pinner_debugfs, fs_type, debugfs_type;
type vendor_cma_debugfs, fs_type, debugfs_type;
# vendor extra images
type modem_img_file, contextmount_type, file_type, vendor_file_type;
@ -84,7 +64,6 @@ type persist_sensor_reg_file, file_type, vendor_persist_type;
type persist_ss_file, file_type, vendor_persist_type;
type persist_uwb_file, file_type, vendor_persist_type;
type persist_display_file, file_type, vendor_persist_type;
type persist_leds_file, file_type, vendor_persist_type;
# CHRE
type chre_socket, file_type;
@ -93,32 +72,17 @@ type chre_socket, file_type;
type proc_f2fs, proc_type, fs_type;
# Vendor tools
type vendor_usf_stats, vendor_file_type, file_type;
type vendor_usf_reg_edit, vendor_file_type, file_type;
type vendor_dumpsys, vendor_file_type, file_type;
#vendor-metrics
type sysfs_vendor_metrics, fs_type, sysfs_type;
# Modem
type modem_efs_file, file_type;
type modem_userdata_file, file_type;
type sysfs_modem, sysfs_type, fs_type;
# SecureElement
type sysfs_st33spi, sysfs_type, fs_type;
typeattribute sysfs_st33spi mlstrustedobject;
# USB-C throttling stats
type sysfs_usbc_throttling_stats, sysfs_type, fs_type;
# Touch
type proc_touch, proc_type, fs_type;
type proc_touch_gti, proc_type, fs_type;
userdebug_or_eng(`
typeattribute proc_touch mlstrustedobject;
typeattribute proc_touch_gti mlstrustedobject;
')
# Vendor sched files
userdebug_or_eng(`
typeattribute proc_vendor_sched mlstrustedobject;
@ -129,3 +93,9 @@ type sysfs_sjtag, fs_type, sysfs_type;
userdebug_or_eng(`
typeattribute sysfs_sjtag mlstrustedobject;
')
# USB-C throttling stats
type sysfs_usbc_throttling_stats, sysfs_type, fs_type;
# WLC
type sysfs_wlc, sysfs_type, fs_type;

22
whitechapel_pro/file_contexts
View file

@ -11,21 +11,19 @@
/vendor/bin/storageproxyd u:object_r:tee_exec:s0
/vendor/bin/init\.radio\.sh u:object_r:init_radio_exec:s0
/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0
/vendor/bin/init\.insmod\.sh u:object_r:init-insmod-sh_exec:s0
/vendor/bin/init\.display\.sh u:object_r:init-display-sh_exec:s0
/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0
/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0
/vendor/bin/usf_stats u:object_r:vendor_usf_stats:s0
/vendor/bin/usf_reg_edit u:object_r:vendor_usf_reg_edit:s0
/vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0
/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0
/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0
/vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0
/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0
/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0
/vendor/bin/hw/android\.hardware\.boot@1\.2-service-gs201 u:object_r:hal_bootctl_default_exec:s0
/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0
/vendor/bin/hw/android\.hardware\.dumpstate-service\.gs201 u:object_r:hal_dumpstate_default_exec:s0
/vendor/bin/hw/samsung\.hardware\.media\.c2@1\.0-service u:object_r:mediacodec_samsung_exec:s0
/vendor/bin/hw/google\.hardware\.media\.c2@1\.0-service u:object_r:mediacodec_google_exec:s0
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_st54spi_exec:s0
@ -42,15 +40,14 @@
/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0
/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:fingerprint_factory_service_exec:s0
/vendor/bin/hw/battery_mitigation u:object_r:battery_mitigation_exec:s0
/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0
/system_ext/bin/convert_to_ext4\.sh u:object_r:convert-to-ext4-sh_exec:s0
/vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0
/vendor/bin/dump/dump_power_gs201\.sh u:object_r:dump_power_gs201_exec:s0
/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0
# Vendor Firmwares
/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
/vendor/firmware/mali_csffw\.bin u:object_r:same_process_hal_file:s0
/vendor/firmware/gxp_fw_core[0-3] u:object_r:same_process_hal_file:s0
# Vendor libraries
/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0
@ -72,11 +69,7 @@
/vendor/lib(64)?/hw/vulkan\.mali\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0
# Vendor kernel modules
/vendor_dlkm/lib/modules/.*\.ko u:object_r:vendor_kernel_modules:s0
# Devices
/dev/trusty-log0 u:object_r:logbuffer_device:s0
/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0
/dev/ttySAC0 u:object_r:tty_device:s0
/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0
@ -87,6 +80,7 @@
/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0
/dev/dma_heap/vscaler-secure u:object_r:vscaler_heap_device:s0
/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0
/dev/janeiro u:object_r:edgetpu_device:s0
/dev/bigocean u:object_r:video_device:s0
/dev/goodix_fp u:object_r:fingerprint_device:s0
/dev/stmvl53l1_ranging u:object_r:rls_device:s0
@ -197,10 +191,10 @@
/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/fips u:object_r:fips_block_device:s0
# Data
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
/data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0
/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0
@ -208,8 +202,6 @@
/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
/data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0
/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0
/data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0
/data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0
/data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0
/data/per_boot(/.*)? u:object_r:per_boot_file:s0
@ -219,7 +211,6 @@
/dev/maxfg_history u:object_r:battery_history_device:s0
/dev/battery_history u:object_r:battery_history_device:s0
/data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0
/data/vendor/mitigation(/.*)? u:object_r:mitigation_vendor_data_file:s0
# Persist
/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0
@ -229,7 +220,6 @@
/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0
/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0
/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0
/mnt/vendor/persist/led(/.*)? u:object_r:persist_leds_file:s0
# Extra mount images
/mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0

100
whitechapel_pro/genfs_contexts
View file

@ -1,38 +1,15 @@
# Exynos
genfscon sysfs /devices/platform/exynos-bts u:object_r:sysfs_exynos_bts:s0
genfscon sysfs /devices/platform/exynos-bts/bts_stats u:object_r:sysfs_exynos_bts_stats:s0
genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0
genfscon sysfs /devices/virtual/pmic/mitigation u:object_r:sysfs_bcl:s0
genfscon sysfs /devices/system/chip-id/ap_hw_tune_str u:object_r:sysfs_chip_id:s0
genfscon sysfs /devices/system/chip-id/evt_ver u:object_r:sysfs_chip_id:s0
genfscon sysfs /devices/system/chip-id/lot_id u:object_r:sysfs_chip_id:s0
genfscon sysfs /devices/system/chip-id/product_id u:object_r:sysfs_chip_id:s0
genfscon sysfs /devices/system/chip-id/revision u:object_r:sysfs_chip_id:s0
genfscon sysfs /devices/system/chip-id/raw_str u:object_r:sysfs_chip_id:s0
# EdgeTPU
genfscon sysfs /devices/platform/1ce00000.janeiro u:object_r:sysfs_edgetpu:s0
# CPU
genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/platform/cpupm/cpupm/time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/platform/28000000.mali/time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/platform/28000000.mali/uid_time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/soc0/machine u:object_r:sysfs_soc:s0
genfscon sysfs /devices/soc0/revision u:object_r:sysfs_soc:s0
# Touch
genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0/synaptics_tcm.0/sysfs u:object_r:sysfs_touch:s0
genfscon sysfs /devices/virtual/sec/tsp u:object_r:sysfs_touch:s0
genfscon proc /focaltech_touch u:object_r:proc_touch:s0
genfscon proc /goog_touch_interface u:object_r:proc_touch_gti:s0
# tracefs
genfscon tracefs /events/dmabuf_heap/dma_heap_stat u:object_r:debugfs_tracing:s0
@ -83,6 +60,9 @@ genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-st21nfc/power_stats
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-st21nfc/power_stats u:object_r:sysfs_power_stats:s0
genfscon sysfs /devices/platform/10db0000.spi/spi_master/spi16/spi16.0/uwb/power_stats u:object_r:sysfs_power_stats:s0
# Modem
genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0
# Power ODPM
genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0
genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-1/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0
@ -137,6 +117,10 @@ genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo
# OTA
genfscon sysfs /devices/platform/14700000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0
# Input
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2/2-1 u:object_r:sysfs_uhid:s0
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2/2-1 u:object_r:sysfs_uhid:s0
# Display
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/gamma u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0
@ -155,11 +139,13 @@ genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c240000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c241000.drmdecon/dqe1/atc u:object_r:sysfs_display:s0
@ -191,11 +177,14 @@ genfscon sysfs /devices/platform/14700000.ufs/health_descriptor u:object
genfscon sysfs /devices/platform/14700000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/14700000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/14700000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/14700000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/14700000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/14700000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0
# debugfs
genfscon debugfs /f2fs u:object_r:debugfs_f2fs:s0
genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0
genfscon debugfs /dma_buf/bufinfo u:object_r:vendor_dmabuf_debugfs:s0
genfscon debugfs /maxfg_base u:object_r:vendor_maxfg_debugfs:s0
genfscon debugfs /maxfg_secondary u:object_r:vendor_maxfg_debugfs:s0
genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0
genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0
genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0
@ -204,38 +193,30 @@ genfscon debugfs /max77759_chg u:object
genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0
genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0
genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0
genfscon debugfs /dri/0/crtc- u:object_r:vendor_dri_debugfs:s0
genfscon debugfs /page_pinner u:object_r:vendor_page_pinner_debugfs:s0
genfscon debugfs /cma u:object_r:vendor_cma_debugfs:s0
# Battery
genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10d60000.hsi2c u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/pseudo_0/adapter0/host1/target1:0:0/1:0:0:0/block/sde u:object_r:sysfs_devices_block:s0
# P22 battery
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0
@ -355,6 +336,8 @@ genfscon sysfs /devices/platform/14520000.pcie/pci0001:00/0001:00:00.0/0001:01:0
genfscon sysfs /devices/platform/14520000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/19000000.aoc/com.google.usf/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/19000000.aoc/com.google.usf.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/19000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/19000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/19000000.aoc/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/19000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup u:object_r:sysfs_wakeup:s0
@ -388,17 +371,7 @@ genfscon sysfs /devices/platform/100b0000.G3D u:obje
genfscon sysfs /devices/platform/100b0000.TPU u:object_r:sysfs_thermal:s0
genfscon sysfs /devices/platform/100b0000.AUR u:object_r:sysfs_thermal:s0
genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_state u:object_r:sysfs_thermal:s0
genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_current_temp u:object_r:sysfs_thermal:s0
genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_rise_thres u:object_r:sysfs_thermal:s0
genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_fall_thres u:object_r:sysfs_thermal:s0
genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_rise_thres u:object_r:sysfs_thermal:s0
genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_fall_thres u:object_r:sysfs_thermal:s0
#vendor-metrics
genfscon sysfs /kernel/metrics/temp_residency/temp_residency_all/stats u:object_r:sysfs_vendor_metrics:s0
genfscon sysfs /kernel/metrics/resume_latency/resume_latency_metrics u:object_r:sysfs_vendor_metrics:s0
genfscon sysfs /kernel/metrics/irq/long_irq_metrics u:object_r:sysfs_vendor_metrics:s0
genfscon sysfs /thermal_zone14/mode u:object_r:sysfs_thermal:s0
# PCIe link
genfscon sysfs /devices/platform/14520000.pcie/link_stats u:object_r:sysfs_exynos_pcie_stats:s0
@ -409,15 +382,15 @@ genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfre
genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/max_freq u:object_r:sysfs_camera:s0
genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0
# SJTAG
genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0
genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_r:sysfs_sjtag:s0
# USB-C throttling stats
genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/cleared_time u:object_r:sysfs_usbc_throttling_stats:s0
genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time u:object_r:sysfs_usbc_throttling_stats:s0
genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time u:object_r:sysfs_usbc_throttling_stats:s0
# SJTAG
genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0
genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_r:sysfs_sjtag:s0
# Coresight ETM
genfscon sysfs /devices/platform/2b840000.etm u:object_r:sysfs_devices_cs_etm:s0
genfscon sysfs /devices/platform/2b940000.etm u:object_r:sysfs_devices_cs_etm:s0
@ -438,3 +411,24 @@ genfscon sysfs /kernel/pixel_em/active_profile u:obje
# Privacy LED
genfscon sysfs /devices/platform/pwmleds/leds/green/brightness u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/pwmleds/leds/green/max_brightness u:object_r:sysfs_leds:s0
# AOC
genfscon sysfs /devices/platform/19000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0
genfscon sysfs /devices/platform/19000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0
genfscon sysfs /devices/platform/19000000.aoc u:object_r:sysfs_aoc:s0
genfscon sysfs /devices/platform/19000000.aoc/reset u:object_r:sysfs_aoc_reset:s0
genfscon sysfs /devices/platform/19000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0
# GPS
genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby u:object_r:sysfs_gps:s0

10
whitechapel_pro/google_camera_app.te
View file

@ -3,3 +3,13 @@ allow google_camera_app gxp_device:chr_file rw_file_perms;
# Allows camera app to search for GXP firmware file.
allow google_camera_app vendor_fw_file:dir search;
# Allows camera app to access the PowerHAL.
hal_client_domain(google_camera_app, hal_power)
# Allows GCA to find and access the EdgeTPU.
allow google_camera_app edgetpu_app_service:service_manager find;
allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
# Library code may try to access vendor properties, but should be denied
dontaudit google_camera_app vendor_default_prop:file { getattr map open };

12
whitechapel_pro/google_touch_app.te
View file

@ -1,12 +0,0 @@
type google_touch_app, domain;
userdebug_or_eng(`
app_domain(google_touch_app)
allow google_touch_app app_api_service:service_manager find;
allow google_touch_app sysfs_touch:dir r_dir_perms;
allow google_touch_app sysfs_touch:file rw_file_perms;
allow google_touch_app proc_touch:file rw_file_perms;
allow google_touch_app proc_touch_gti:file rw_file_perms;
')

9
whitechapel_pro/gpsd.te Normal file
View file

@ -0,0 +1,9 @@
type gpsd, domain;
type gpsd_exec, vendor_file_type, exec_type, file_type;
# Allow gpsd access PixelLogger unix socket in debug build only
userdebug_or_eng(`
typeattribute gpsd mlstrustedsubject;
allow gpsd logger_app:unix_stream_socket connectto;
')

3
whitechapel_pro/grilservice_app.te
View file

@ -5,8 +5,11 @@ allow grilservice_app app_api_service:service_manager find;
allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find;
allow grilservice_app hal_radioext_hwservice:hwservice_manager find;
allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find;
allow grilservice_app hal_wifi_ext_service:service_manager find;
allow grilservice_app hal_audiometricext_hwservice:hwservice_manager find;
allow grilservice_app hal_exynos_rild_hwservice:hwservice_manager find;
allow grilservice_app radio_vendor_data_file:dir create_dir_perms;
allow grilservice_app radio_vendor_data_file:file create_file_perms;
binder_call(grilservice_app, hal_bluetooth_btlinux)
binder_call(grilservice_app, hal_radioext_default)
binder_call(grilservice_app, hal_wifi_ext)

10
whitechapel_pro/hal_camera_default.te
View file

@ -23,6 +23,10 @@ allow hal_camera_default sysfs_edgetpu:dir r_dir_perms;
allow hal_camera_default sysfs_edgetpu:file r_file_perms;
allow hal_camera_default edgetpu_vendor_service:service_manager find;
binder_call(hal_camera_default, edgetpu_vendor_server)
# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging
# library has a dependency on edgetpu_app_service, see b/275016466.
allow hal_camera_default edgetpu_app_service:service_manager find;
binder_call(hal_camera_default, edgetpu_app_server)
# Allow the camera hal to access the GXP device.
allow hal_camera_default gxp_device:chr_file rw_file_perms;
@ -99,3 +103,9 @@ dontaudit hal_camera_default system_data_file:dir { search };
# google3 prebuilts attempt to connect to the wrong trace socket, ignore them.
dontaudit hal_camera_default traced:unix_stream_socket { connectto };
dontaudit hal_camera_default traced_producer_socket:sock_file { write };
# Allow access to always-on compute device node
allow hal_camera_default aoc_device:chr_file rw_file_perms;
# Allow the Camera HAL to acquire wakelocks
wakelock_use(hal_camera_default)

190
whitechapel_pro/hal_dumpstate_default.te
View file

@ -1,190 +0,0 @@
allow hal_dumpstate_default vendor_camera_data_file:dir r_dir_perms;
allow hal_dumpstate_default vendor_camera_data_file:file r_file_perms;
allow hal_dumpstate_default sysfs_cpu:file r_file_perms;
allow hal_dumpstate_default vendor_usf_reg_edit:file execute_no_trans;
allow hal_dumpstate_default vendor_usf_stats:file execute_no_trans;
userdebug_or_eng(`
allow hal_dumpstate_default sensor_debug_data_file:dir r_dir_perms;
allow hal_dumpstate_default sensor_debug_data_file:file r_file_perms;
')
allow hal_dumpstate_default vendor_rfsd_log_file:dir r_dir_perms;
allow hal_dumpstate_default vendor_rfsd_log_file:file r_file_perms;
allow hal_dumpstate_default vendor_gps_file:dir r_dir_perms;
allow hal_dumpstate_default vendor_gps_file:file r_file_perms;
allow hal_dumpstate_default sysfs_chip_id:file r_file_perms;
allow hal_dumpstate_default sysfs_wlc:dir r_dir_perms;
allow hal_dumpstate_default sysfs_wlc:file r_file_perms;
allow hal_dumpstate_default sysfs_exynos_bts:dir r_dir_perms;
allow hal_dumpstate_default sysfs_exynos_bts_stats:file r_file_perms;
allow hal_dumpstate_default sysfs_exynos_pcie_stats:dir r_dir_perms;
allow hal_dumpstate_default sysfs_exynos_pcie_stats:file r_file_perms;
allow hal_dumpstate_default sysfs_aoc:dir r_dir_perms;
allow hal_dumpstate_default sysfs_aoc_dumpstate:file r_file_perms;
allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:file r_file_perms;
allow hal_dumpstate_default sscoredump_vendor_data_coredump_file:dir r_dir_perms;
allow hal_dumpstate_default sscoredump_vendor_data_coredump_file:file r_file_perms;
allow hal_dumpstate_default sysfs_thermal:dir r_dir_perms;
allow hal_dumpstate_default sysfs_thermal:file r_file_perms;
allow hal_dumpstate_default sysfs_bcl:dir r_dir_perms;
allow hal_dumpstate_default sysfs_bcl:file r_file_perms;
allow hal_dumpstate_default mitigation_vendor_data_file:dir r_dir_perms;
allow hal_dumpstate_default mitigation_vendor_data_file:file r_file_perms;
allow hal_dumpstate_default sysfs_wifi:dir r_dir_perms;
allow hal_dumpstate_default sysfs_wifi:file r_file_perms;
allow hal_dumpstate_default sysfs_ptracker:dir r_dir_perms;
allow hal_dumpstate_default sysfs_ptracker:file r_file_perms;
allow hal_dumpstate_default sysfs_batteryinfo:dir r_dir_perms;
allow hal_dumpstate_default sysfs_batteryinfo:file r_file_perms;
allow hal_dumpstate_default sysfs_acpm_stats:dir r_dir_perms;
allow hal_dumpstate_default sysfs_acpm_stats:file r_file_perms;
allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms;
allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms;
allow hal_dumpstate_default modem_efs_file:dir search;
allow hal_dumpstate_default modem_efs_file:file r_file_perms;
allow hal_dumpstate_default modem_stat_data_file:dir r_dir_perms;
allow hal_dumpstate_default modem_stat_data_file:file r_file_perms;
allow hal_dumpstate_default vendor_slog_file:file r_file_perms;
allow hal_dumpstate_default logbuffer_device:chr_file r_file_perms;
allow hal_dumpstate_default citadeld_service:service_manager find;
allow hal_dumpstate_default citadel_updater:file execute_no_trans;
binder_call(hal_dumpstate_default, citadeld);
allow hal_dumpstate_default device:dir r_dir_perms;
allow hal_dumpstate_default aoc_device:chr_file rw_file_perms;
allow hal_dumpstate_default proc_f2fs:dir r_dir_perms;
allow hal_dumpstate_default proc_f2fs:file r_file_perms;
allow hal_dumpstate_default sysfs_scsi_devices_0000:dir r_dir_perms;
allow hal_dumpstate_default sysfs_scsi_devices_0000:file r_file_perms;
allow hal_dumpstate_default sysfs_touch:dir r_dir_perms;
allow hal_dumpstate_default sysfs_touch:file rw_file_perms;
allow hal_dumpstate_default proc_touch:dir r_dir_perms;
allow hal_dumpstate_default proc_touch:file rw_file_perms;
allow hal_dumpstate_default proc_touch_gti:dir r_dir_perms;
allow hal_dumpstate_default proc_touch_gti:file rw_file_perms;
allow hal_dumpstate_default vendor_displaycolor_service:service_manager find;
binder_call(hal_dumpstate_default, hal_graphics_composer_default);
allow hal_dumpstate_default sysfs_display:dir r_dir_perms;
allow hal_dumpstate_default sysfs_display:file r_file_perms;
vndbinder_use(hal_dumpstate_default)
allow hal_dumpstate_default shell_data_file:file getattr;
allow hal_dumpstate_default vendor_log_file:dir search;
allow hal_dumpstate_default vendor_dumpsys:file execute_no_trans;
allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans;
allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans;
allow hal_dumpstate_default proc_vendor_sched:dir r_dir_perms;
allow hal_dumpstate_default proc_vendor_sched:file r_file_perms;
allow hal_dumpstate_default battery_history_device:chr_file r_file_perms;
userdebug_or_eng(`
allow hal_dumpstate_default sysfs_leds:dir search;
allow hal_dumpstate_default sysfs_leds:file rw_file_perms;
allow hal_dumpstate_default persist_file:dir search;
r_dir_file(hal_dumpstate_default, persist_leds_file);
')
get_prop(hal_dumpstate_default, vendor_camera_debug_prop);
get_prop(hal_dumpstate_default, boottime_public_prop)
get_prop(hal_dumpstate_default, vendor_camera_prop)
get_prop(hal_dumpstate_default, vendor_gps_prop)
set_prop(hal_dumpstate_default, vendor_modem_prop)
get_prop(hal_dumpstate_default, vendor_rild_prop)
get_prop(hal_dumpstate_default, vendor_tcpdump_log_prop)
set_prop(hal_dumpstate_default, vendor_logger_prop)
userdebug_or_eng(`
allow hal_dumpstate_default mnt_vendor_file:dir search;
allow hal_dumpstate_default ramdump_vendor_mnt_file:dir search;
allow hal_dumpstate_default ramdump_vendor_mnt_file:file r_file_perms;
allow hal_dumpstate_default debugfs:dir r_dir_perms;
allow hal_dumpstate_default vendor_votable_debugfs:dir r_dir_perms;
allow hal_dumpstate_default vendor_votable_debugfs:file r_file_perms;
allow hal_dumpstate_default debugfs_f2fs:dir r_dir_perms;
allow hal_dumpstate_default debugfs_f2fs:file r_file_perms;
allow hal_dumpstate_default vendor_battery_debugfs:dir r_dir_perms;
allow hal_dumpstate_default vendor_battery_debugfs:file r_file_perms;
allow hal_dumpstate_default vendor_charger_debugfs:dir r_dir_perms;
allow hal_dumpstate_default vendor_charger_debugfs:file r_file_perms;
allow hal_dumpstate_default vendor_dmabuf_debugfs:file r_file_perms;
allow hal_dumpstate_default vendor_maxfg_debugfs:dir r_dir_perms;
allow hal_dumpstate_default vendor_maxfg_debugfs:file r_file_perms;
allow hal_dumpstate_default vendor_pm_genpd_debugfs:file r_file_perms;
allow hal_dumpstate_default vendor_dri_debugfs:dir r_dir_perms;
allow hal_dumpstate_default vendor_dri_debugfs:file r_file_perms;
allow hal_dumpstate_default vendor_page_pinner_debugfs:dir search;
allow hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms;
allow hal_dumpstate_default debugfs_tracing_instances:dir search;
allow hal_dumpstate_default debugfs_tracing_instances:file r_file_perms;
allow hal_dumpstate_default sysfs_vendor_metrics:dir search;
allow hal_dumpstate_default sysfs_vendor_metrics:file r_file_perms;
allow hal_dumpstate_default vendor_cma_debugfs:dir r_dir_perms;
allow hal_dumpstate_default vendor_cma_debugfs:file r_file_perms;
allow hal_dumpstate_default tcpdump_vendor_data_file:dir create_dir_perms;
allow hal_dumpstate_default tcpdump_vendor_data_file:file create_file_perms;
set_prop(hal_dumpstate_default, vendor_tcpdump_log_prop)
')
dontaudit hal_dumpstate_default mnt_vendor_file:dir search;
dontaudit hal_dumpstate_default vendor_dri_debugfs:dir r_dir_perms;
dontaudit hal_dumpstate_default vendor_dri_debugfs:file r_file_perms;
dontaudit hal_dumpstate_default debugfs:dir r_dir_perms;
dontaudit hal_dumpstate_default vendor_votable_debugfs:dir r_dir_perms;
dontaudit hal_dumpstate_default vendor_votable_debugfs:file r_file_perms;
dontaudit hal_dumpstate_default debugfs_f2fs:dir r_dir_perms;
dontaudit hal_dumpstate_default debugfs_f2fs:file r_file_perms;
dontaudit hal_dumpstate_default vendor_battery_debugfs:dir r_dir_perms;
dontaudit hal_dumpstate_default vendor_battery_debugfs:file r_file_perms;
dontaudit hal_dumpstate_default vendor_charger_debugfs:dir r_dir_perms;
dontaudit hal_dumpstate_default vendor_charger_debugfs:file r_file_perms;
dontaudit hal_dumpstate_default vendor_dmabuf_debugfs:file r_file_perms;
dontaudit hal_dumpstate_default vendor_maxfg_debugfs:dir r_dir_perms;
dontaudit hal_dumpstate_default vendor_maxfg_debugfs:file r_file_perms;
dontaudit hal_dumpstate_default vendor_pm_genpd_debugfs:file r_file_perms;
dontaudit hal_dumpstate_default sysfs_bcl:dir r_dir_perms;
dontaudit hal_dumpstate_default sysfs_bcl:file r_file_perms;
dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:dir search;
dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms;
dontaudit hal_dumpstate_default debugfs_tracing_instances:dir search;
dontaudit hal_dumpstate_default debugfs_tracing_instances:file r_file_perms;
dontaudit hal_dumpstate_default sysfs_vendor_metrics:dir search;
dontaudit hal_dumpstate_default sysfs_vendor_metrics:file r_file_perms;
dontaudit hal_dumpstate_default vendor_cma_debugfs:dir r_dir_perms;
dontaudit hal_dumpstate_default vendor_cma_debugfs:file r_file_perms;
dontaudit hal_dumpstate_default tcpdump_vendor_data_file:dir create_dir_perms;
dontaudit hal_dumpstate_default tcpdump_vendor_data_file:file create_file_perms;
dontaudit hal_dumpstate_default vendor_tcpdump_log_prop:file r_file_perms;

4
whitechapel_pro/hal_fingerprint_default.te
View file

@ -33,3 +33,7 @@ binder_call(hal_fingerprint_default, hal_graphics_composer_default)
# allow fingerprint to access thermal hal
hal_client_domain(hal_fingerprint_default, hal_thermal);
# allow fingerprint to read sysfs_leds
allow hal_fingerprint_default sysfs_leds:file r_file_perms;
allow hal_fingerprint_default sysfs_leds:dir r_dir_perms;

4
whitechapel_pro/hal_graphics_composer_default.te
View file

@ -52,3 +52,7 @@ vndbinder_use(hal_graphics_composer_default)
# allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags
get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop)
# allow HWC to write log file
allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms;
allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms;

1
whitechapel_pro/hal_health_default.te
View file

@ -17,5 +17,4 @@ allow hal_health_default sysfs_wlc:dir search;
allow hal_health_default sysfs_batteryinfo:file w_file_perms;
allow hal_health_default sysfs_thermal:dir search;
allow hal_health_default sysfs_thermal:file w_file_perms;
allow hal_health_default sysfs_thermal:lnk_file read;
allow hal_health_default thermal_link_device:dir search;

2
whitechapel_pro/hal_nfc_default.te
View file

@ -13,3 +13,5 @@ allow hal_nfc_default uwb_data_vendor:file r_file_perms;
# allow nfc to read uwb calibration file
get_prop(hal_nfc_default, vendor_uwb_calibration_prop)
get_prop(hal_nfc_default, vendor_uwb_calibration_country_code)

1
whitechapel_pro/hal_sensors_default.te
View file

@ -85,4 +85,3 @@ allow hal_sensors_default sysfs_write_leds:file rw_file_perms;
# Allow access to the power supply files for MagCC.
r_dir_file(hal_sensors_default, sysfs_batteryinfo)
allow hal_sensors_default sysfs_wlc:dir r_dir_perms;

4
whitechapel_pro/hal_usb_gadget_impl.te
View file

@ -19,7 +19,3 @@ allow hal_usb_gadget_impl proc_irq:file w_file_perms;
# allow gadget hal to search hsi2c dir and write to usb_limit_accessory_enable/current
allow hal_usb_gadget_impl sysfs_batteryinfo:dir r_dir_perms;
allow hal_usb_gadget_impl sysfs_batteryinfo:file rw_file_perms;
# allow gadget hal to access extcon node
allow hal_usb_gadget_impl sysfs_extcon:dir search;
allow hal_usb_gadget_impl sysfs_extcon:file r_file_perms;

5
whitechapel_pro/hal_usb_impl.te
View file

@ -24,3 +24,8 @@ hal_client_domain(hal_usb_impl, hal_thermal);
# For reading the usb-c throttling stats
allow hal_usb_impl sysfs_usbc_throttling_stats:file r_file_perms;
# For issuing vendor commands to USB hub via libusbhost
allow hal_usb_impl device:dir r_dir_perms;
allow hal_usb_impl usb_device:chr_file rw_file_perms;
allow hal_usb_impl usb_device:dir r_dir_perms;

2
whitechapel_pro/hal_wireless_charger.te Normal file
View file

@ -0,0 +1,2 @@
type hal_wireless_charger, domain;
type hal_wireless_charger_exec, exec_type, vendor_file_type, file_type;

2
whitechapel_pro/hal_wlc.te
View file

@ -7,8 +7,6 @@ add_hwservice(hal_wlc, hal_wlc_hwservice)
get_prop(hal_wlc, hwservicemanager_prop)
r_dir_file(hal_wlc, sysfs_batteryinfo)
allow hal_wlc sysfs_wlc:dir r_dir_perms;
allow hal_wlc sysfs_wlc:file rw_file_perms;
allow hal_wlc self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;

26
whitechapel_pro/hardware_info_app.te
View file

@ -1,26 +0,0 @@
type hardware_info_app, domain;
app_domain(hardware_info_app)
allow hardware_info_app app_api_service:service_manager find;
# Storage
allow hardware_info_app sysfs_scsi_devices_0000:dir search;
allow hardware_info_app sysfs_scsi_devices_0000:file r_file_perms;
# Audio
allow hardware_info_app sysfs_pixelstats:file r_file_perms;
# Batteryinfo
allow hardware_info_app sysfs_batteryinfo:dir search;
allow hardware_info_app sysfs_batteryinfo:file r_file_perms;
# Display
allow hardware_info_app sysfs_display:dir search;
allow hardware_info_app sysfs_display:file r_file_perms;
# SoC
allow hardware_info_app sysfs_soc:file r_file_perms;
allow hardware_info_app sysfs_chip_id:file r_file_perms;
# Batery history
allow hardware_info_app battery_history_device:chr_file r_file_perms;

10
whitechapel_pro/init-display-sh.te Normal file
View file

@ -0,0 +1,10 @@
type init-display-sh, domain;
type init-display-sh_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(init-display-sh)
allow init-display-sh self:capability sys_module;
allow init-display-sh vendor_kernel_modules:system module_load;
allow init-display-sh vendor_toolbox_exec:file execute_no_trans;
dontaudit init-display-sh proc_cmdline:file r_file_perms;

18
whitechapel_pro/init-insmod-sh.te
View file

@ -1,18 +0,0 @@
type init-insmod-sh, domain;
type init-insmod-sh_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(init-insmod-sh)
allow init-insmod-sh self:capability sys_module;
allow init-insmod-sh vendor_kernel_modules:system module_load;
allow init-insmod-sh vendor_toolbox_exec:file execute_no_trans;
allow init-insmod-sh self:capability sys_nice;
allow init-insmod-sh kernel:process setsched;
set_prop(init-insmod-sh, vendor_device_prop)
set_prop(init-insmod-sh, vendor_ready_prop)
dontaudit init-insmod-sh proc_cmdline:file r_file_perms;
allow init-insmod-sh debugfs_mgm:dir search;
allow init-insmod-sh vendor_regmap_debugfs:dir search;

7
whitechapel_pro/insmod-sh.te Normal file
View file

@ -0,0 +1,7 @@
allow insmod-sh self:capability sys_nice;
allow insmod-sh kernel:process setsched;
dontaudit insmod-sh proc_cmdline:file r_file_perms;
allow insmod-sh debugfs_mgm:dir search;
allow insmod-sh vendor_regmap_debugfs:dir search;

1
whitechapel_pro/kernel.te
View file

@ -9,4 +9,5 @@ allow kernel self:capability2 perfmon;
allow kernel self:perf_event cpu;
dontaudit kernel vendor_battery_debugfs:dir search;
dontaudit kernel vendor_maxfg_debugfs:dir { search };
dontaudit kernel vendor_regmap_debugfs:dir search;

2
whitechapel_pro/logd.te
View file

@ -1,2 +1,4 @@
r_dir_file(logd, logbuffer_device)
allow logd logbuffer_device:chr_file r_file_perms;
allow logd trusty_log_device:chr_file r_file_perms;

3
whitechapel_pro/modem_svc_sit.te
View file

@ -5,6 +5,9 @@ init_daemon_domain(modem_svc_sit)
hwbinder_use(modem_svc_sit)
binder_call(modem_svc_sit, rild)
# Grant sysfs modem access
allow modem_svc_sit sysfs_modem:file rw_file_perms;
# Grant radio device access
allow modem_svc_sit radio_device:chr_file rw_file_perms;

15
whitechapel_pro/pixelstats_vendor.te
View file

@ -30,9 +30,6 @@ allow pixelstats_vendor sysfs_pca:file rw_file_perms;
r_dir_file(pixelstats_vendor, sysfs_thermal)
allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms;
#vendor-metrics
r_dir_file(pixelstats_vendor, sysfs_vendor_metrics)
# BCL
allow pixelstats_vendor sysfs_bcl:dir search;
allow pixelstats_vendor sysfs_bcl:file r_file_perms;
@ -40,3 +37,15 @@ allow pixelstats_vendor sysfs_bcl:file r_file_perms;
# PCIe statistics
allow pixelstats_vendor sysfs_exynos_pcie_stats:dir search;
allow pixelstats_vendor sysfs_exynos_pcie_stats:file rw_file_perms;
#perf-metrics
r_dir_file(pixelstats_vendor, sysfs_vendor_metrics)
allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms;
allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms;
# BCL
allow pixelstats_vendor sysfs_bcl:dir search;
allow pixelstats_vendor sysfs_bcl:file r_file_perms;
allow pixelstats_vendor mitigation_vendor_data_file:dir search;
allow pixelstats_vendor mitigation_vendor_data_file:file { read write };
get_prop(pixelstats_vendor, vendor_brownout_reason_prop);

4
whitechapel_pro/platform_app.te
View file

@ -17,3 +17,7 @@ binder_call(platform_app, hal_wlc)
# allow udfps of systemui access lhbm
binder_call(platform_app, hal_graphics_composer_default)
# WLC
allow platform_app hal_wireless_charger_service:service_manager find;
binder_call(platform_app, hal_wireless_charger)

16
whitechapel_pro/property.te
View file

@ -14,16 +14,12 @@ vendor_internal_prop(vendor_battery_defender_prop)
vendor_internal_prop(vendor_shutdown_prop)
vendor_internal_prop(vendor_imssvc_prop)
vendor_internal_prop(vendor_camera_prop)
vendor_internal_prop(vendor_camera_debug_prop)
vendor_internal_prop(vendor_camera_fatp_prop)
vendor_internal_prop(vendor_usb_config_prop)
vendor_internal_prop(vendor_tcpdump_log_prop)
vendor_internal_prop(vendor_device_prop)
vendor_internal_prop(vendor_ready_prop)
vendor_internal_prop(vendor_gps_prop)
vendor_internal_prop(vendor_ro_sys_default_prop)
vendor_internal_prop(vendor_persist_sys_default_prop)
vendor_internal_prop(vendor_logger_prop)
vendor_internal_prop(vendor_display_prop)
# Fingerprint
@ -31,6 +27,8 @@ vendor_internal_prop(vendor_fingerprint_prop)
# UWB calibration
system_vendor_config_prop(vendor_uwb_calibration_prop)
# Country code must be vendor_public to be written by UwbVendorService and read by NFC HAL
vendor_internal_prop(vendor_uwb_calibration_country_code)
# Dynamic sensor
vendor_internal_prop(vendor_dynamic_sensor_prop)
@ -38,9 +36,11 @@ vendor_internal_prop(vendor_dynamic_sensor_prop)
# Telephony debug app
vendor_internal_prop(vendor_telephony_app_prop)
# Battery Mitigation
vendor_internal_prop(vendor_mitigation_ready_prop)
vendor_public_prop(vendor_brownout_reason_prop)
# Trusty storage FS ready
vendor_internal_prop(vendor_trusty_storage_prop)
# Mali Integration
vendor_restricted_prop(vendor_arm_runtime_option_prop)
# ArmNN
vendor_internal_prop(vendor_armnn_config_prop)

23
whitechapel_pro/property_contexts
View file

@ -4,14 +4,6 @@ persist.vendor.sys.diag. u:object_r:vendor_diag_prop:s0
vendor.sys.dmd. u:object_r:vendor_diag_prop:s0
vendor.sys.diag. u:object_r:vendor_diag_prop:s0
# Kernel modules related
vendor.common.modules.ready u:object_r:vendor_device_prop:s0
vendor.device.modules.ready u:object_r:vendor_device_prop:s0
# Indicating signal that all modules and devices are ready
vendor.all.modules.ready u:object_r:vendor_ready_prop:s0
vendor.all.devices.ready u:object_r:vendor_ready_prop:s0
# Tcpdump_logger
persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0
vendor.tcpdump. u:object_r:vendor_tcpdump_log_prop:s0
@ -76,13 +68,11 @@ persist.vendor.display. u:object_r:vendor_display_prop:s0
# Camera
persist.vendor.camera. u:object_r:vendor_camera_prop:s0
vendor.camera. u:object_r:vendor_camera_prop:s0
vendor.camera.debug. u:object_r:vendor_camera_debug_prop:s0
vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0
# for logger app
vendor.pixellogger. u:object_r:vendor_logger_prop:s0
persist.vendor.pixellogger. u:object_r:vendor_logger_prop:s0
persist.vendor.verbose_logging_enabled u:object_r:vendor_logger_prop:s0
# vendor default
ro.vendor.sys. u:object_r:vendor_ro_sys_default_prop:s0
@ -93,11 +83,14 @@ vendor.gps. u:object_r:vendor_gps_prop:s0
persist.vendor.gps. u:object_r:vendor_gps_prop:s0
# Fingerprint
persist.vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0
vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0
vendor.gf. u:object_r:vendor_fingerprint_prop:s0
#uwb
ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string
vendor.uwb.calibration.country_code u:object_r:vendor_uwb_calibration_country_code:s0 exact string
# Dynamic sensor
vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0
@ -108,9 +101,11 @@ persist.vendor.ims. u:object_r:vendor_imssvc_prop:s0
# for vendor telephony debug app
vendor.config.debug. u:object_r:vendor_telephony_app_prop:s0
# Battery Mitigation
vendor.brownout.mitigation.ready u:object_r:vendor_mitigation_ready_prop:s0
vendor.brownout_reason u:object_r:vendor_brownout_reason_prop:s0
# Trusty
ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0
# Mali GPU driver configuration and debug options
vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix
# ArmNN configuration
ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix

3
whitechapel_pro/radio.te
View file

@ -1,2 +1,5 @@
allow radio proc_vendor_sched:dir r_dir_perms;
allow radio proc_vendor_sched:file w_file_perms;
allow radio radio_vendor_data_file:dir rw_dir_perms;
allow radio radio_vendor_data_file:file create_file_perms;

1
whitechapel_pro/recovery.te
View file

@ -1,5 +1,4 @@
recovery_only(`
allow recovery sysfs_ota:file rw_file_perms;
allow recovery citadel_device:chr_file rw_file_perms;
allow recovery st54spi_device:chr_file rw_file_perms;
')

6
whitechapel_pro/rild.te
View file

@ -32,9 +32,13 @@ binder_call(rild, logger_app)
# for hal service
add_hwservice(rild, hal_exynos_rild_hwservice)
allow rild hal_audio_ext_hwservice:hwservice_manager find;
# Allow rild to access files on modem img.
allow rild modem_img_file:dir r_dir_perms;
allow rild modem_img_file:file r_file_perms;
allow rild modem_img_file:lnk_file r_file_perms;
# Allow rild to ptrace for memory leak detection
userdebug_or_eng(`
allow rild self:process ptrace;
')

9
whitechapel_pro/seapp_contexts
View file

@ -18,9 +18,6 @@ user=system seinfo=platform name=com.samsung.slsi.telephony.networktestmode doma
# Samsung S.LSI engineer mode
user=_app seinfo=platform name=com.samsung.slsi.engineermode domain=vendor_engineermode_app levelFrom=all
# Hardware Info Collection
user=_app isPrivApp=true name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
# coredump/ramdump
user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
@ -39,9 +36,6 @@ user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_
# CBRS setup app
user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user
# Touch app
user=_app seinfo=platform name=com.google.touch.touchinspector domain=google_touch_app type=app_data_file levelFrom=user
# Qorvo UWB system app
# TODO(b/222204912): Should this run under uwb user?
user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
@ -57,6 +51,3 @@ user=system seinfo=platform name=com.google.android.CatEngine domain=cat_engine_
# CccDkTimeSyncService
user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all
# BrownoutDetection
user=_app isPrivApp=true name=com.google.android.brownoutdetection domain=brownout_detection_app type=app_data_file levelFrom=all

3
whitechapel_pro/service.te
View file

@ -1,2 +1,5 @@
type hal_pixel_display_service, service_manager_type, hal_service_type;
type hal_uwb_vendor_service, service_manager_type, hal_service_type;
# WLC
type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type;

2
whitechapel_pro/service_contexts
View file

@ -1,2 +1,4 @@
com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0
hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0
vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0

5
whitechapel_pro/system_app.te
View file

@ -1,2 +1,3 @@
allow system_app hal_wlc_hwservice:hwservice_manager find;
binder_call(system_app, hal_wlc)
# WLC
allow system_app hal_wireless_charger_service:service_manager find;
binder_call(system_app, hal_wireless_charger)

4
whitechapel_pro/tee.te
View file

@ -12,8 +12,4 @@ allow tee sg_device:chr_file rw_file_perms;
# Allow storageproxyd access to gsi_public_metadata_file
read_fstab(tee)
# storageproxyd starts before /data is mounted. It handles /data not being there
# gracefully. However, attempts to access /data trigger a denial.
dontaudit tee unlabeled:dir { search };
set_prop(tee, vendor_trusty_storage_prop)

10
whitechapel_pro/ufs_firmware_update.te Normal file
View file

@ -0,0 +1,10 @@
type ufs_firmware_update, domain;
type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(ufs_firmware_update)
allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans;
allow ufs_firmware_update block_device:dir r_dir_perms;
allow ufs_firmware_update fips_block_device:blk_file rw_file_perms;
allow ufs_firmware_update sysfs:dir r_dir_perms;
allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms;

4
whitechapel_pro/uwb_vendor_app.te
View file

@ -16,6 +16,10 @@ allow uwb_vendor_app uwb_vendor_data_file:dir create_dir_perms;
allow hal_uwb_vendor_default self:global_capability_class_set sys_nice;
allow hal_uwb_vendor_default kernel:process setsched;
# UwbVendorService must be able to read USRA version from vendor_secure_element_prop
get_prop(uwb_vendor_app, vendor_secure_element_prop)
# UwbVendorService must be able to write country code prop
set_prop(uwb_vendor_app, vendor_uwb_calibration_country_code)
binder_call(uwb_vendor_app, hal_uwb_vendor_default)
')

15
whitechapel_pro/vendor_init.te
View file

@ -11,7 +11,6 @@ set_prop(vendor_init, vendor_usb_config_prop)
set_prop(vendor_init, vendor_rild_prop)
set_prop(vendor_init, logpersistd_logging_prop)
set_prop(vendor_init, vendor_logger_prop)
set_prop(vendor_init, vendor_audio_prop)
allow vendor_init proc_dirty:file w_file_perms;
allow vendor_init proc_sched:file w_file_perms;
@ -25,9 +24,6 @@ allow vendor_init sysfs_st33spi:file w_file_perms;
# Fingerprint property
set_prop(vendor_init, vendor_fingerprint_prop)
# Touch
allow vendor_init proc_touch:file w_file_perms;
allow vendor_init modem_img_file:filesystem { getattr };
# Battery
@ -36,12 +32,15 @@ set_prop(vendor_init, vendor_battery_defender_prop)
# Display
set_prop(vendor_init, vendor_display_prop)
# Battery Mitigation
set_prop(vendor_init, vendor_brownout_reason_prop)
get_prop(vendor_init, system_boot_reason_prop)
# MM
allow vendor_init proc_watermark_scale_factor:file w_file_perms;
# Trusty storage FS ready
get_prop(vendor_init, vendor_trusty_storage_prop)
allow vendor_init tee_data_file:lnk_file read;
# Mali
set_prop(vendor_init, vendor_arm_runtime_option_prop)
# ArmNN
set_prop(vendor_init, vendor_armnn_config_prop)

Some files were not shown because too many files have changed in this diff Show more