Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge changes I183c75b5,I938fe187,Ic3e07e73

Browse source 
* changes:
  review rfsd
  review bootdevice_sysdev
  review mount and block devices
This commit is contained in:
Adam Shih 2021-09-03 02:03:02 +00:00 committed by Android (Google) Code Review
commit 7a20b1d9c0
15 changed files with 51 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

1
legacy/device.te
View file

@ -10,7 +10,6 @@ type vendor_m2m1shot_device, dev_type;
type vendor_nanohub_device, dev_type;
type vendor_secmem_device, dev_type;
type vendor_toe_device, dev_type;
type custom_ab_block_device, dev_type;
# usbpd
type logbuffer_device, dev_type;

6
legacy/file.te
View file

@ -3,10 +3,6 @@
type vendor_cbd_boot_file, file_type, data_file_type;
type vendor_media_data_file, file_type, data_file_type;
# Exynos Log Files
type vendor_log_file, file_type, data_file_type;
type vendor_rfsd_log_file, file_type, data_file_type;
# app data files
type vendor_test_data_file, file_type, data_file_type;
type vendor_telephony_data_file, file_type, data_file_type;
@ -70,8 +66,6 @@ type sysfs_scsi_devices_0000, sysfs_type, fs_type;
type debugfs_f2fs, debugfs_type, fs_type;
type proc_f2fs, proc_type, fs_type;
type bootdevice_sysdev, dev_type;
# ZRam
type per_boot_file, file_type, data_file_type, core_data_file_type;

45
legacy/file_contexts
View file

@ -28,45 +28,6 @@
# Wireless charger HAL
/(vendor|system/vendor)/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0
#
# Exynos Block Devices
#
/dev/block/platform/14700000\.ufs/by-name/cache u:object_r:cache_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/fat u:object_r:fat_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/persist u:object_r:persist_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/system u:object_r:system_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/vendor u:object_r:vendor_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/frp u:object_r:frp_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/misc u:object_r:misc_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/acpm_test_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/dtb_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/ect_test_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/hypervisor_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/keystorage_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/reclaim_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/super u:object_r:super_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0
/dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0
#
# Exynos Devices
#
@ -107,12 +68,6 @@
/(vendor|system/vendor)/bin/rfsd u:object_r:rfsd_exec:s0
/(vendor|system/vendor)/bin/bipchmgr u:object_r:bipchmgr_exec:s0
#
# Exynos Log Files
#
/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0
/persist/sensorcal\.json u:object_r:sensors_cal_file:s0
# data files

12
legacy/init.te
View file

@ -1,15 +1,3 @@
allow init custom_ab_block_device:lnk_file relabelto;
# This is needed for chaining a boot partition vbmeta
# descriptor, where init will probe the boot partition
# to read the chained vbmeta in the first-stage, then
# relabel /dev/block/by-name/boot_[a|b] to block_device
# after loading sepolicy in the second stage.
allow init boot_block_device:lnk_file relabelto;
allow init persist_file:dir mounton;
allow init modem_efs_file:dir mounton;
allow init modem_userdata_file:dir mounton;
allow init ram_device:blk_file w_file_perms;
allow init per_boot_file:file ioctl;
allowxperm init per_boot_file:file ioctl { F2FS_IOC_SET_PIN_FILE };

1
legacy/vendor_init.te
View file

@ -12,7 +12,6 @@ set_prop(vendor_init, vendor_thermal_prop)
allow vendor_init proc_dirty:file w_file_perms;
allow vendor_init proc_sched:file write;
allow vendor_init bootdevice_sysdev:file create_file_perms;
userdebug_or_eng(`
set_prop(vendor_init, logpersistd_logging_prop)

2
legacy/vold.te
View file

@ -1,6 +1,4 @@
allow vold sysfs_scsi_devices_0000:file rw_file_perms;
allow vold modem_efs_file:dir rw_dir_perms;
allow vold modem_userdata_file:dir rw_dir_perms;
dontaudit vold dumpstate:fifo_file rw_file_perms;
dontaudit vold dumpstate:fd { use };

0
legacy/bootdevice_sysdev.te → whitechapel_pro/bootdevice_sysdev.te
View file

1
whitechapel_pro/device.te
View file

@ -1,3 +1,4 @@
type sda_block_device, dev_type, bdev_type;
type devinfo_block_device, dev_type, bdev_type;
type modem_block_device, dev_type, bdev_type;
type custom_ab_block_device, dev_type, bdev_type;

3
whitechapel_pro/file.te
View file

@ -1,4 +1,6 @@
# Data
type vendor_log_file, file_type, data_file_type;
type vendor_rfsd_log_file, file_type, data_file_type;
type modem_stat_data_file, file_type, data_file_type;
type vendor_slog_file, file_type, data_file_type;
type radio_vendor_data_file, file_type, data_file_type;
@ -13,6 +15,7 @@ type vendor_fw_file, vendor_file_type, file_type;
# sysfs
type sysfs_chosen, sysfs_type, fs_type;
type sysfs_ota, sysfs_type, fs_type;
type bootdevice_sysdev, dev_type;
# vendor extra images
type modem_img_file, contextmount_type, file_type, vendor_file_type;

29
whitechapel_pro/file_contexts
View file

@ -19,15 +19,44 @@
/dev/umts_rfs0 u:object_r:radio_device:s0
/dev/umts_dm0 u:object_r:radio_device:s0
/dev/umts_router u:object_r:radio_device:s0
/dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0
/dev/socket/chre u:object_r:chre_socket:s0
/dev/block/sda u:object_r:sda_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/frp u:object_r:frp_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/misc u:object_r:misc_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/persist u:object_r:persist_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/super u:object_r:super_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0
# Data
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
/data/vendor/modem_stat/debug\.txt u:object_r:modem_stat_data_file:s0
/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0
# Persist
/mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0

13
whitechapel_pro/init.te
View file

@ -1,3 +1,16 @@
allow init modem_img_file:dir mounton;
allow init mnt_vendor_file:dir mounton;
allow init modem_img_file:filesystem { getattr mount relabelfrom };
allow init custom_ab_block_device:lnk_file relabelto;
# This is needed for chaining a boot partition vbmeta
# descriptor, where init will probe the boot partition
# to read the chained vbmeta in the first-stage, then
# relabel /dev/block/by-name/boot_[a|b] to block_device
# after loading sepolicy in the second stage.
allow init boot_block_device:lnk_file relabelto;
allow init persist_file:dir mounton;
allow init modem_efs_file:dir mounton;
allow init modem_userdata_file:dir mounton;

3
legacy/rfsd.te → whitechapel_pro/rfsd.te
View file

@ -2,9 +2,6 @@ type rfsd, domain;
type rfsd_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(rfsd)
# Allow to setuid from root to radio
allow rfsd self:capability { chown setuid };
# Allow to search block device and mnt dir for modem EFS partitions
allow rfsd mnt_vendor_file:dir search;
allow rfsd block_device:dir search;

0
legacy/update_engine.te → whitechapel_pro/update_engine.te
View file

2
whitechapel_pro/vendor_init.te
View file

@ -1 +1,3 @@
allow vendor_init bootdevice_sysdev:file create_file_perms;
set_prop(vendor_init, vendor_cbd_prop)

3
whitechapel_pro/vold.te Normal file
View file

@ -0,0 +1,3 @@
allow vold modem_efs_file:dir rw_dir_perms;
allow vold modem_userdata_file:dir rw_dir_perms;