review dmd sepolicy
Bug: 196916111 Test: boot with dmd launched successfully Change-Id: Ic962ab09dcd7697c27f9b2ab68400a0060573888
This commit is contained in:
Adam Shih
parent
c1ffe9c177
commit
c2582ecc01
21 changed files with 62 additions and 95 deletions
|
|
@ -6,12 +6,10 @@ type vendor_media_data_file, file_type, data_file_type;
|
|||
# Exynos Log Files
|
||||
type vendor_log_file, file_type, data_file_type;
|
||||
type vendor_cbd_log_file, file_type, data_file_type;
|
||||
type vendor_dmd_log_file, file_type, data_file_type;
|
||||
type vendor_rfsd_log_file, file_type, data_file_type;
|
||||
type vendor_dump_log_file, file_type, data_file_type;
|
||||
type vendor_rild_log_file, file_type, data_file_type;
|
||||
type vendor_sced_log_file, file_type, data_file_type;
|
||||
type vendor_slog_file, file_type, data_file_type, mlstrustedobject;
|
||||
type vendor_telephony_log_file, file_type, data_file_type;
|
||||
type vendor_vcd_log_file, file_type, data_file_type;
|
||||
|
||||
|
|
|
|||
|
|
@ -87,14 +87,11 @@
|
|||
/dev/nanohub u:object_r:vendor_nanohub_device:s0
|
||||
/dev/nanohub_comms u:object_r:vendor_nanohub_device:s0
|
||||
/dev/m2m1shot_scaler0 u:object_r:vendor_m2m1shot_device:s0
|
||||
/dev/radio0 u:object_r:radio_device:s0
|
||||
/dev/dri/card0 u:object_r:graphics_device:s0
|
||||
/dev/fimg2d u:object_r:graphics_device:s0
|
||||
/dev/g2d u:object_r:graphics_device:s0
|
||||
/dev/tsmux u:object_r:video_device:s0
|
||||
/dev/repeater u:object_r:video_device:s0
|
||||
/dev/scsc_h4_0 u:object_r:radio_device:s0
|
||||
/dev/umts_boot0 u:object_r:radio_device:s0
|
||||
/dev/tui-driver u:object_r:tui_device:s0
|
||||
/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0
|
||||
/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0
|
||||
|
|
@ -108,17 +105,9 @@
|
|||
/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0
|
||||
|
||||
# DM tools device
|
||||
/dev/umts_dm0 u:object_r:radio_device:s0
|
||||
/dev/umts_router u:object_r:radio_device:s0
|
||||
|
||||
# OEM IPC device
|
||||
/dev/oem_ipc[0-7] u:object_r:radio_device:s0
|
||||
|
||||
# SIPC RIL device
|
||||
/dev/umts_ipc0 u:object_r:radio_device:s0
|
||||
/dev/umts_ipc1 u:object_r:radio_device:s0
|
||||
/dev/umts_rfs0 u:object_r:radio_device:s0
|
||||
/dev/ttyGS[0-3] u:object_r:serial_device:s0
|
||||
/dev/watchdog0 u:object_r:watchdog_device:s0
|
||||
|
||||
# GPU device
|
||||
|
|
@ -130,7 +119,6 @@
|
|||
# Exynos Daemon Exec
|
||||
#
|
||||
/(vendor|system/vendor)/bin/cbd u:object_r:cbd_exec:s0
|
||||
/(vendor|system/vendor)/bin/dmd u:object_r:dmd_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/scd u:object_r:scd_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/gpsd u:object_r:gpsd_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/lhd u:object_r:lhd_exec:s0
|
||||
|
|
@ -154,13 +142,10 @@
|
|||
#
|
||||
/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
|
||||
/data/vendor/log/cbd(/.*)? u:object_r:vendor_cbd_log_file:s0
|
||||
/data/vendor/log/dmd(/.*)? u:object_r:vendor_dmd_log_file:s0
|
||||
/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0
|
||||
/data/vendor/log/dump(/.*)? u:object_r:vendor_dump_log_file:s0
|
||||
/data/vendor/log/rild(/.*)? u:object_r:vendor_rild_log_file:s0
|
||||
/data/vendor/log/sced(/.*)? u:object_r:vendor_sced_log_file:s0
|
||||
/data/vendor/log/slog(/.*)? u:object_r:vendor_slog_file:s0
|
||||
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
|
||||
/data/vendor/log/vcd(/.*)? u:object_r:vendor_vcd_log_file:s0
|
||||
|
||||
/persist/sensorcal\.json u:object_r:sensors_cal_file:s0
|
||||
|
|
@ -255,9 +240,6 @@
|
|||
/(vendor|system/vendor)/bin/chre u:object_r:chre_exec:s0
|
||||
/dev/socket/chre u:object_r:chre_socket:s0
|
||||
|
||||
# Modem logging
|
||||
/vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0
|
||||
|
||||
# TCP logging
|
||||
/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0
|
||||
/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
type hal_vendor_telephony_hwservice, hwservice_manager_type;
|
||||
type hal_vendor_surfaceflinger_hwservice, hwservice_manager_type;
|
||||
|
||||
# dmd servcie
|
||||
type hal_vendor_oem_hwservice, hwservice_manager_type;
|
||||
|
||||
# rild service
|
||||
type hal_exynos_rild_hwservice, hwservice_manager_type;
|
||||
|
||||
|
|
|
|||
|
|
@ -2,9 +2,6 @@ vendor.samsung_slsi.hardware.radio::IOemSamsungslsi u:object_r
|
|||
vendor.samsung_slsi.hardware.ExynosHWCServiceTW::IExynosHWCServiceTW u:object_r:hal_vendor_surfaceflinger_hwservice:s0
|
||||
vendor.samsung_slsi.hardware.configstore::IExynosHWCConfigs u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
|
||||
|
||||
# dmd HAL
|
||||
vendor.samsung_slsi.telephony.hardware.oemservice::IOemService u:object_r:hal_vendor_oem_hwservice:s0
|
||||
|
||||
# rild HAL
|
||||
vendor.samsung_slsi.telephony.hardware.radio::IOemSamsungslsi u:object_r:hal_exynos_rild_hwservice:s0
|
||||
android.vendor.samsung_slsi.telephony.hardware.radio::IOemSamsungslsi u:object_r:hal_exynos_rild_hwservice:s0
|
||||
|
|
|
|||
|
|
@ -1,6 +1,3 @@
|
|||
type modem_diagnostic_app, domain;
|
||||
|
||||
app_domain(modem_diagnostic_app)
|
||||
net_domain(modem_diagnostic_app)
|
||||
|
||||
allow modem_diagnostic_app app_api_service:service_manager find;
|
||||
|
|
|
|||
|
|
@ -1,8 +1,3 @@
|
|||
type modem_logging_control, domain;
|
||||
type modem_logging_control_exec, vendor_file_type, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(modem_logging_control)
|
||||
|
||||
hwbinder_use(modem_logging_control)
|
||||
binder_call(modem_logging_control, dmd)
|
||||
|
||||
|
|
|
|||
|
|
@ -2,19 +2,15 @@
|
|||
vendor_internal_prop(vendor_prop)
|
||||
vendor_internal_prop(vendor_ims_prop)
|
||||
vendor_internal_prop(vendor_rild_prop)
|
||||
vendor_internal_prop(vendor_slog_prop)
|
||||
vendor_internal_prop(sensors_prop)
|
||||
vendor_internal_prop(vendor_ssrdump_prop)
|
||||
vendor_internal_prop(vendor_device_prop)
|
||||
vendor_internal_prop(vendor_usb_config_prop)
|
||||
vendor_internal_prop(vendor_secure_element_prop)
|
||||
vendor_internal_prop(vendor_modem_prop)
|
||||
vendor_internal_prop(vendor_diag_prop)
|
||||
vendor_internal_prop(vendor_cbd_prop)
|
||||
# vendor defaults
|
||||
vendor_internal_prop(vendor_config_default_prop)
|
||||
vendor_internal_prop(vendor_ro_config_default_prop)
|
||||
vendor_internal_prop(vendor_persist_config_default_prop)
|
||||
vendor_internal_prop(vendor_sys_default_prop)
|
||||
vendor_internal_prop(vendor_ro_sys_default_prop)
|
||||
vendor_internal_prop(vendor_persist_sys_default_prop)
|
||||
|
|
|
|||
|
|
@ -33,14 +33,6 @@ vendor.debug.c2.dump.opt u:object_r:vendor_codec2_debug_prop:s0
|
|||
persist.vendor.usb. u:object_r:vendor_usb_config_prop:s0
|
||||
vendor.usb. u:object_r:vendor_usb_config_prop:s0
|
||||
|
||||
# for modem
|
||||
persist.vendor.modem. u:object_r:vendor_modem_prop:s0
|
||||
vendor.modem. u:object_r:vendor_modem_prop:s0
|
||||
vendor.sys.modem. u:object_r:vendor_modem_prop:s0
|
||||
ro.vendor.sys.modem. u:object_r:vendor_modem_prop:s0
|
||||
vendor.sys.exynos.modempath u:object_r:vendor_modem_prop:s0
|
||||
persist.vendor.sys.modem. u:object_r:vendor_modem_prop:s0
|
||||
|
||||
# for logger app
|
||||
vendor.pixellogger. u:object_r:vendor_logger_prop:s0
|
||||
persist.vendor.pixellogger. u:object_r:vendor_logger_prop:s0
|
||||
|
|
@ -49,21 +41,9 @@ persist.vendor.pixellogger. u:object_r:vendor_logger_prop:s0
|
|||
vendor.cbd. u:object_r:vendor_cbd_prop:s0
|
||||
persist.vendor.cbd. u:object_r:vendor_cbd_prop:s0
|
||||
|
||||
# for slog
|
||||
vendor.sys.silentlog. u:object_r:vendor_slog_prop:s0
|
||||
vendor.sys.exynos.slog. u:object_r:vendor_slog_prop:s0
|
||||
persist.vendor.sys.silentlog u:object_r:vendor_slog_prop:s0
|
||||
|
||||
# for dmd
|
||||
persist.vendor.sys.dm. u:object_r:vendor_diag_prop:s0
|
||||
persist.vendor.sys.diag. u:object_r:vendor_diag_prop:s0
|
||||
vendor.sys.dmd. u:object_r:vendor_diag_prop:s0
|
||||
vendor.sys.diag. u:object_r:vendor_diag_prop:s0
|
||||
|
||||
# vendor default
|
||||
vendor.config. u:object_r:vendor_config_default_prop:s0
|
||||
ro.vendor.config. u:object_r:vendor_ro_config_default_prop:s0
|
||||
persist.vendor.config. u:object_r:vendor_persist_config_default_prop:s0
|
||||
vendor.sys. u:object_r:vendor_sys_default_prop:s0
|
||||
ro.vendor.sys. u:object_r:vendor_ro_sys_default_prop:s0
|
||||
persist.vendor.sys. u:object_r:vendor_persist_sys_default_prop:s0
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ typeattribute sced vendor_executes_system_violators;
|
|||
|
||||
hwbinder_use(sced)
|
||||
binder_call(sced, dmd)
|
||||
binder_call(sced, vendor_telephony_app)
|
||||
|
||||
get_prop(sced, hwservicemanager_prop)
|
||||
allow sced self:packet_socket create_socket_perms_no_ioctl;
|
||||
|
|
|
|||
|
|
@ -1,11 +1,3 @@
|
|||
# Samsung S.LSI telephony
|
||||
user=system seinfo=platform name=com.samsung.slsi.telephony.silentlogging domain=vendor_telephony_app levelFrom=all
|
||||
user=system seinfo=platform name=com.samsung.slsi.telephony.silentlogging:remote domain=vendor_telephony_app levelFrom=all
|
||||
user=system seinfo=platform name=com.samsung.slsi.telephony.testmode domain=vendor_telephony_app levelFrom=all
|
||||
user=system seinfo=platform name=com.samsung.slsi.telephony.uartswitch domain=vendor_telephony_app levelFrom=all
|
||||
user=system seinfo=platform name=com.samsung.slsi.sysdebugmode domain=vendor_telephony_app levelFrom=all
|
||||
user=system seinfo=platform name=com.samsung.slsi.telephony.networktestmode domain=vendor_telephony_app levelFrom=all
|
||||
|
||||
# Samsung S.LSI IMS
|
||||
user=_app isPrivApp=true name=com.shannon.imsservice domain=vendor_ims_app levelFrom=all
|
||||
user=_app isPrivApp=true name=com.shannon.imsservice:remote domain=vendor_ims_app levelFrom=all
|
||||
|
|
@ -27,9 +19,6 @@ user=_app isPrivApp=true name=com.google.android.hardwareinfo domain=hardware_in
|
|||
# Domain for omadm
|
||||
user=_app isPrivApp=true seinfo=platform name=com.android.omadm.service domain=omadm_app type=app_data_file levelFrom=all
|
||||
|
||||
# Modem Diagnostic System
|
||||
user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user
|
||||
|
||||
# Domain for connectivity monitor
|
||||
user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
|
||||
|
||||
|
|
|
|||
|
|
@ -1,22 +0,0 @@
|
|||
type vendor_telephony_app, domain;
|
||||
app_domain(vendor_telephony_app)
|
||||
|
||||
get_prop(vendor_telephony_app, vendor_rild_prop)
|
||||
set_prop(vendor_telephony_app, vendor_persist_sys_default_prop)
|
||||
set_prop(vendor_telephony_app, vendor_modem_prop)
|
||||
set_prop(vendor_telephony_app, vendor_slog_prop)
|
||||
|
||||
allow vendor_telephony_app vendor_slog_file:dir create_dir_perms;
|
||||
allow vendor_telephony_app vendor_slog_file:file create_file_perms;
|
||||
|
||||
allow vendor_telephony_app app_api_service:service_manager find;
|
||||
allow vendor_telephony_app hal_vendor_oem_hwservice:hwservice_manager find;
|
||||
binder_call(vendor_telephony_app, dmd)
|
||||
binder_call(vendor_telephony_app, sced)
|
||||
|
||||
userdebug_or_eng(`
|
||||
# Silent Logging
|
||||
dontaudit vendor_telephony_app system_app_data_file:dir create_dir_perms;
|
||||
dontaudit vendor_telephony_app system_app_data_file:file create_file_perms;
|
||||
dontaudit vendor_telephony_app default_prop:file { getattr open read map };
|
||||
')
|
||||
|
|
@ -21,8 +21,6 @@ set_prop(dmd, vendor_diag_prop)
|
|||
set_prop(dmd, vendor_slog_prop)
|
||||
set_prop(dmd, vendor_modem_prop)
|
||||
|
||||
get_prop(dmd, vendor_persist_config_default_prop)
|
||||
|
||||
# Grant to access hwservice manager
|
||||
get_prop(dmd, hwservicemanager_prop)
|
||||
allow dmd hidl_base_hwservice:hwservice_manager add;
|
||||
|
|
@ -30,4 +28,3 @@ allow dmd hal_vendor_oem_hwservice:hwservice_manager { add find };
|
|||
binder_call(dmd, hwservicemanager)
|
||||
binder_call(dmd, modem_diagnostic_app)
|
||||
binder_call(dmd, modem_logging_control)
|
||||
binder_call(dmd, vendor_telephony_app)
|
||||
1
whitechapel_pro/file.te
Normal file
1
whitechapel_pro/file.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
type vendor_slog_file, file_type, data_file_type;
|
||||
16
whitechapel_pro/file_contexts
Normal file
16
whitechapel_pro/file_contexts
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
# Binaries
|
||||
/vendor/bin/dmd u:object_r:dmd_exec:s0
|
||||
/vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0
|
||||
|
||||
# Devices
|
||||
/dev/ttyGS[0-3] u:object_r:serial_device:s0
|
||||
/dev/oem_ipc[0-7] u:object_r:radio_device:s0
|
||||
/dev/umts_boot0 u:object_r:radio_device:s0
|
||||
/dev/umts_ipc0 u:object_r:radio_device:s0
|
||||
/dev/umts_ipc1 u:object_r:radio_device:s0
|
||||
/dev/umts_rfs0 u:object_r:radio_device:s0
|
||||
/dev/umts_dm0 u:object_r:radio_device:s0
|
||||
/dev/umts_router u:object_r:radio_device:s0
|
||||
|
||||
# Data
|
||||
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
|
||||
3
whitechapel_pro/hwservice.te
Normal file
3
whitechapel_pro/hwservice.te
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
# dmd servcie
|
||||
type hal_vendor_oem_hwservice, hwservice_manager_type;
|
||||
|
||||
4
whitechapel_pro/hwservice_contexts
Normal file
4
whitechapel_pro/hwservice_contexts
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
# dmd HAL
|
||||
vendor.samsung_slsi.telephony.hardware.oemservice::IOemService u:object_r:hal_vendor_oem_hwservice:s0
|
||||
|
||||
|
||||
4
whitechapel_pro/modem_diagnostics.te
Normal file
4
whitechapel_pro/modem_diagnostics.te
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
type modem_diagnostic_app, domain;
|
||||
|
||||
app_domain(modem_diagnostic_app)
|
||||
|
||||
6
whitechapel_pro/modem_logging_control.te
Normal file
6
whitechapel_pro/modem_logging_control.te
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
type modem_logging_control, domain;
|
||||
type modem_logging_control_exec, vendor_file_type, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(modem_logging_control)
|
||||
|
||||
|
||||
4
whitechapel_pro/property.te
Normal file
4
whitechapel_pro/property.te
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
vendor_internal_prop(vendor_diag_prop)
|
||||
vendor_internal_prop(vendor_slog_prop)
|
||||
vendor_internal_prop(vendor_modem_prop)
|
||||
vendor_internal_prop(vendor_persist_config_default_prop)
|
||||
21
whitechapel_pro/property_contexts
Normal file
21
whitechapel_pro/property_contexts
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
# for dmd
|
||||
persist.vendor.sys.dm. u:object_r:vendor_diag_prop:s0
|
||||
persist.vendor.sys.diag. u:object_r:vendor_diag_prop:s0
|
||||
vendor.sys.dmd. u:object_r:vendor_diag_prop:s0
|
||||
vendor.sys.diag. u:object_r:vendor_diag_prop:s0
|
||||
|
||||
# for slog
|
||||
vendor.sys.silentlog. u:object_r:vendor_slog_prop:s0
|
||||
vendor.sys.exynos.slog. u:object_r:vendor_slog_prop:s0
|
||||
persist.vendor.sys.silentlog u:object_r:vendor_slog_prop:s0
|
||||
|
||||
# for modem
|
||||
persist.vendor.modem. u:object_r:vendor_modem_prop:s0
|
||||
vendor.modem. u:object_r:vendor_modem_prop:s0
|
||||
vendor.sys.modem. u:object_r:vendor_modem_prop:s0
|
||||
ro.vendor.sys.modem. u:object_r:vendor_modem_prop:s0
|
||||
vendor.sys.exynos.modempath u:object_r:vendor_modem_prop:s0
|
||||
persist.vendor.sys.modem. u:object_r:vendor_modem_prop:s0
|
||||
|
||||
|
||||
persist.vendor.config. u:object_r:vendor_persist_config_default_prop:s0
|
||||
3
whitechapel_pro/seapp_contexts
Normal file
3
whitechapel_pro/seapp_contexts
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
# Modem Diagnostic System
|
||||
user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue