diff --git a/legacy/device.te b/legacy/device.te index 669892d6..16c05a07 100644 --- a/legacy/device.te +++ b/legacy/device.te @@ -10,7 +10,6 @@ type vendor_m2m1shot_device, dev_type; type vendor_nanohub_device, dev_type; type vendor_secmem_device, dev_type; type vendor_toe_device, dev_type; -type custom_ab_block_device, dev_type; # usbpd type logbuffer_device, dev_type; diff --git a/legacy/file.te b/legacy/file.te index f0920be4..e55ad46a 100644 --- a/legacy/file.te +++ b/legacy/file.te @@ -3,10 +3,6 @@ type vendor_cbd_boot_file, file_type, data_file_type; type vendor_media_data_file, file_type, data_file_type; -# Exynos Log Files -type vendor_log_file, file_type, data_file_type; -type vendor_rfsd_log_file, file_type, data_file_type; - # app data files type vendor_test_data_file, file_type, data_file_type; type vendor_telephony_data_file, file_type, data_file_type; @@ -70,8 +66,6 @@ type sysfs_scsi_devices_0000, sysfs_type, fs_type; type debugfs_f2fs, debugfs_type, fs_type; type proc_f2fs, proc_type, fs_type; -type bootdevice_sysdev, dev_type; - # ZRam type per_boot_file, file_type, data_file_type, core_data_file_type; diff --git a/legacy/file_contexts b/legacy/file_contexts index 1a683e76..cc277636 100644 --- a/legacy/file_contexts +++ b/legacy/file_contexts @@ -28,45 +28,6 @@ # Wireless charger HAL /(vendor|system/vendor)/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0 -# -# Exynos Block Devices -# -/dev/block/platform/14700000\.ufs/by-name/cache u:object_r:cache_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/fat u:object_r:fat_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/persist u:object_r:persist_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/system u:object_r:system_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/vendor u:object_r:vendor_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/frp u:object_r:frp_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/misc u:object_r:misc_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/acpm_test_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/dtb_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/ect_test_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/hypervisor_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/keystorage_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/reclaim_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/super u:object_r:super_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0 - # # Exynos Devices # @@ -107,12 +68,6 @@ /(vendor|system/vendor)/bin/rfsd u:object_r:rfsd_exec:s0 /(vendor|system/vendor)/bin/bipchmgr u:object_r:bipchmgr_exec:s0 -# -# Exynos Log Files -# -/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0 -/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0 - /persist/sensorcal\.json u:object_r:sensors_cal_file:s0 # data files diff --git a/legacy/init.te b/legacy/init.te index d61ea4bb..5b0f7a7b 100644 --- a/legacy/init.te +++ b/legacy/init.te @@ -1,15 +1,3 @@ -allow init custom_ab_block_device:lnk_file relabelto; - -# This is needed for chaining a boot partition vbmeta -# descriptor, where init will probe the boot partition -# to read the chained vbmeta in the first-stage, then -# relabel /dev/block/by-name/boot_[a|b] to block_device -# after loading sepolicy in the second stage. -allow init boot_block_device:lnk_file relabelto; - -allow init persist_file:dir mounton; -allow init modem_efs_file:dir mounton; -allow init modem_userdata_file:dir mounton; allow init ram_device:blk_file w_file_perms; allow init per_boot_file:file ioctl; allowxperm init per_boot_file:file ioctl { F2FS_IOC_SET_PIN_FILE }; diff --git a/legacy/vendor_init.te b/legacy/vendor_init.te index 759fa83d..b2e53a88 100644 --- a/legacy/vendor_init.te +++ b/legacy/vendor_init.te @@ -12,7 +12,6 @@ set_prop(vendor_init, vendor_thermal_prop) allow vendor_init proc_dirty:file w_file_perms; allow vendor_init proc_sched:file write; -allow vendor_init bootdevice_sysdev:file create_file_perms; userdebug_or_eng(` set_prop(vendor_init, logpersistd_logging_prop) diff --git a/legacy/vold.te b/legacy/vold.te index ecea1946..79bec3d2 100644 --- a/legacy/vold.te +++ b/legacy/vold.te @@ -1,6 +1,4 @@ allow vold sysfs_scsi_devices_0000:file rw_file_perms; -allow vold modem_efs_file:dir rw_dir_perms; -allow vold modem_userdata_file:dir rw_dir_perms; dontaudit vold dumpstate:fifo_file rw_file_perms; dontaudit vold dumpstate:fd { use }; diff --git a/legacy/bootdevice_sysdev.te b/whitechapel_pro/bootdevice_sysdev.te similarity index 100% rename from legacy/bootdevice_sysdev.te rename to whitechapel_pro/bootdevice_sysdev.te diff --git a/whitechapel_pro/device.te b/whitechapel_pro/device.te index 5140108b..3b5feaf5 100644 --- a/whitechapel_pro/device.te +++ b/whitechapel_pro/device.te @@ -1,3 +1,4 @@ type sda_block_device, dev_type, bdev_type; type devinfo_block_device, dev_type, bdev_type; type modem_block_device, dev_type, bdev_type; +type custom_ab_block_device, dev_type, bdev_type; diff --git a/whitechapel_pro/file.te b/whitechapel_pro/file.te index 07ea9e8b..75fd4eed 100644 --- a/whitechapel_pro/file.te +++ b/whitechapel_pro/file.te @@ -1,4 +1,6 @@ # Data +type vendor_log_file, file_type, data_file_type; +type vendor_rfsd_log_file, file_type, data_file_type; type modem_stat_data_file, file_type, data_file_type; type vendor_slog_file, file_type, data_file_type; type radio_vendor_data_file, file_type, data_file_type; @@ -13,6 +15,7 @@ type vendor_fw_file, vendor_file_type, file_type; # sysfs type sysfs_chosen, sysfs_type, fs_type; type sysfs_ota, sysfs_type, fs_type; +type bootdevice_sysdev, dev_type; # vendor extra images type modem_img_file, contextmount_type, file_type, vendor_file_type; diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index 4f32b619..0787e3de 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -19,15 +19,44 @@ /dev/umts_rfs0 u:object_r:radio_device:s0 /dev/umts_dm0 u:object_r:radio_device:s0 /dev/umts_router u:object_r:radio_device:s0 +/dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0 /dev/socket/chre u:object_r:chre_socket:s0 /dev/block/sda u:object_r:sda_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 /dev/block/platform/14700000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/misc u:object_r:misc_block_device:s0 /dev/block/platform/14700000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/persist u:object_r:persist_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/super u:object_r:super_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 # Data /data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0 /data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0 /data/vendor/modem_stat/debug\.txt u:object_r:modem_stat_data_file:s0 +/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0 +/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0 # Persist /mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0 diff --git a/whitechapel_pro/init.te b/whitechapel_pro/init.te index d68103af..ed8fc1cf 100644 --- a/whitechapel_pro/init.te +++ b/whitechapel_pro/init.te @@ -1,3 +1,16 @@ allow init modem_img_file:dir mounton; allow init mnt_vendor_file:dir mounton; allow init modem_img_file:filesystem { getattr mount relabelfrom }; +allow init custom_ab_block_device:lnk_file relabelto; + +# This is needed for chaining a boot partition vbmeta +# descriptor, where init will probe the boot partition +# to read the chained vbmeta in the first-stage, then +# relabel /dev/block/by-name/boot_[a|b] to block_device +# after loading sepolicy in the second stage. +allow init boot_block_device:lnk_file relabelto; + +allow init persist_file:dir mounton; +allow init modem_efs_file:dir mounton; +allow init modem_userdata_file:dir mounton; + diff --git a/legacy/rfsd.te b/whitechapel_pro/rfsd.te similarity index 93% rename from legacy/rfsd.te rename to whitechapel_pro/rfsd.te index 2f7102fc..898e7fca 100644 --- a/legacy/rfsd.te +++ b/whitechapel_pro/rfsd.te @@ -2,9 +2,6 @@ type rfsd, domain; type rfsd_exec, vendor_file_type, exec_type, file_type; init_daemon_domain(rfsd) -# Allow to setuid from root to radio -allow rfsd self:capability { chown setuid }; - # Allow to search block device and mnt dir for modem EFS partitions allow rfsd mnt_vendor_file:dir search; allow rfsd block_device:dir search; diff --git a/legacy/update_engine.te b/whitechapel_pro/update_engine.te similarity index 100% rename from legacy/update_engine.te rename to whitechapel_pro/update_engine.te diff --git a/whitechapel_pro/vendor_init.te b/whitechapel_pro/vendor_init.te index 4218745a..250d228e 100644 --- a/whitechapel_pro/vendor_init.te +++ b/whitechapel_pro/vendor_init.te @@ -1 +1,3 @@ +allow vendor_init bootdevice_sysdev:file create_file_perms; + set_prop(vendor_init, vendor_cbd_prop) diff --git a/whitechapel_pro/vold.te b/whitechapel_pro/vold.te new file mode 100644 index 00000000..40da1b01 --- /dev/null +++ b/whitechapel_pro/vold.te @@ -0,0 +1,3 @@ +allow vold modem_efs_file:dir rw_dir_perms; +allow vold modem_userdata_file:dir rw_dir_perms; +