From ce8eacb771aa4b287311a6ba97c398c8d87c9358 Mon Sep 17 00:00:00 2001 From: Michael Bestas Date: Wed, 10 Dec 2025 21:06:20 +0200 Subject: [PATCH] gs201: sepolicy: Regenerate Change-Id: I39143fba971fbe24b4bcb5a1c205d040616837e7 --- sepolicy/product/private/pbcs_app.te | 4 ++-- sepolicy/product/private/pcs_app.te | 4 ++-- sepolicy/system_ext/private/con_monitor_app.te | 4 ++-- sepolicy/system_ext/private/dcservice_app.te | 8 ++++---- sepolicy/system_ext/private/hbmsvmanager_app.te | 4 ++-- sepolicy/system_ext/private/pixelntnservice_app.te | 4 ++-- sepolicy/system_ext/private/platform_app.te | 4 ++-- sepolicy/vendor/battery_mitigation.te | 6 +++--- sepolicy/vendor/chre.te | 4 ++-- sepolicy/vendor/dump_exynos_display.te | 4 ++-- sepolicy/vendor/dump_gsc.te | 4 ++-- sepolicy/vendor/dump_storage.te | 4 ++-- sepolicy/vendor/edgetpu_app.te | 4 ++-- sepolicy/vendor/edgetpu_dba.te | 8 ++++---- sepolicy/vendor/edgetpu_tachyon.te | 4 ++-- sepolicy/vendor/edgetpu_vendor.te | 4 ++-- sepolicy/vendor/grilservice_app.te | 4 ++-- sepolicy/vendor/hal_audio.te | 8 ++++---- sepolicy/vendor/hal_authsecret_citadel.te | 4 ++-- sepolicy/vendor/hal_camera.te | 10 +++++----- sepolicy/vendor/hal_contexthub.te | 4 ++-- sepolicy/vendor/hal_fingerprint.te | 6 +++--- sepolicy/vendor/hal_graphics_composer.te | 6 +++--- sepolicy/vendor/hal_identity_citadel.te | 4 ++-- sepolicy/vendor/hal_keymint_citadel.te | 4 ++-- sepolicy/vendor/hal_neuralnetworks_darwinn.te | 10 +++++----- sepolicy/vendor/hal_oemlock_citadel.te | 4 ++-- sepolicy/vendor/hal_secure_element_uicc.te | 4 ++-- sepolicy/vendor/hal_sensors.te | 4 ++-- sepolicy/vendor/hal_thermal.te | 4 ++-- sepolicy/vendor/hal_usb_impl.te | 4 ++-- sepolicy/vendor/hal_uwb_vendor.te | 10 +++++----- sepolicy/vendor/hal_weaver_citadel.te | 4 ++-- sepolicy/vendor/ims_app.te | 4 ++-- sepolicy/vendor/mediacodec_google.te | 4 ++-- sepolicy/vendor/mediacodec_samsung.te | 8 ++++---- sepolicy/vendor/pktrouter.te | 4 ++-- sepolicy/vendor/rcs_app.te | 4 ++-- sepolicy/vendor/uwb_vendor_app.te | 6 ++---- 39 files changed, 98 insertions(+), 100 deletions(-) diff --git a/sepolicy/product/private/pbcs_app.te b/sepolicy/product/private/pbcs_app.te index 89e99aa7..81b8bbca 100644 --- a/sepolicy/product/private/pbcs_app.te +++ b/sepolicy/product/private/pbcs_app.te @@ -1,11 +1,11 @@ +app_domain(vendor_pbcs_app) + typeattribute vendor_pbcs_app coredomain; add_service(vendor_pbcs_app, camera_binder_service) add_service(vendor_pbcs_app, camera_cameraidremapper_service) add_service(vendor_pbcs_app, camera_lyricconfigprovider_service) -app_domain(vendor_pbcs_app) - allow vendor_pbcs_app app_api_service:service_manager find; allow vendor_pbcs_app cameraserver_service:service_manager find; diff --git a/sepolicy/product/private/pcs_app.te b/sepolicy/product/private/pcs_app.te index 2a064ba7..8f9498fb 100644 --- a/sepolicy/product/private/pcs_app.te +++ b/sepolicy/product/private/pcs_app.te @@ -1,11 +1,11 @@ -typeattribute vendor_pcs_app coredomain; - app_domain(vendor_pcs_app) bluetooth_domain(vendor_pcs_app) net_domain(vendor_pcs_app) +typeattribute vendor_pcs_app coredomain; + r_dir_file(vendor_pcs_app, preloads_data_file) r_dir_file(vendor_pcs_app, preloads_media_file) diff --git a/sepolicy/system_ext/private/con_monitor_app.te b/sepolicy/system_ext/private/con_monitor_app.te index d0667d29..ffa66b3a 100644 --- a/sepolicy/system_ext/private/con_monitor_app.te +++ b/sepolicy/system_ext/private/con_monitor_app.te @@ -1,7 +1,7 @@ -typeattribute con_monitor_app coredomain; - app_domain(con_monitor_app) +typeattribute con_monitor_app coredomain; + set_prop(con_monitor_app, radio_prop) allow con_monitor_app app_api_service:service_manager find; diff --git a/sepolicy/system_ext/private/dcservice_app.te b/sepolicy/system_ext/private/dcservice_app.te index e0a9b974..4cb0ebad 100644 --- a/sepolicy/system_ext/private/dcservice_app.te +++ b/sepolicy/system_ext/private/dcservice_app.te @@ -1,11 +1,11 @@ -typeattribute dcservice_app coredomain; - app_domain(dcservice_app) -get_prop(dcservice_app, bluetooth_lea_prop) - net_domain(dcservice_app) +typeattribute dcservice_app coredomain; + +get_prop(dcservice_app, bluetooth_lea_prop) + set_prop(dcservice_app, ctl_start_prop) allow dcservice_app app_api_service:service_manager find; diff --git a/sepolicy/system_ext/private/hbmsvmanager_app.te b/sepolicy/system_ext/private/hbmsvmanager_app.te index 4ec8a88f..60c72b85 100644 --- a/sepolicy/system_ext/private/hbmsvmanager_app.te +++ b/sepolicy/system_ext/private/hbmsvmanager_app.te @@ -1,7 +1,7 @@ -typeattribute hbmsvmanager_app coredomain; - app_domain(hbmsvmanager_app) +typeattribute hbmsvmanager_app coredomain; + allow hbmsvmanager_app app_api_service:service_manager find; allow hbmsvmanager_app cameraserver_service:service_manager find; allow hbmsvmanager_app proc_vendor_sched:dir r_dir_perms; diff --git a/sepolicy/system_ext/private/pixelntnservice_app.te b/sepolicy/system_ext/private/pixelntnservice_app.te index 7c98c24e..7eeb4022 100644 --- a/sepolicy/system_ext/private/pixelntnservice_app.te +++ b/sepolicy/system_ext/private/pixelntnservice_app.te @@ -1,7 +1,7 @@ -typeattribute pixelntnservice_app coredomain; - app_domain(pixelntnservice_app) +typeattribute pixelntnservice_app coredomain; + set_prop(pixelntnservice_app, telephony_modem_prop) allow pixelntnservice_app app_api_service:service_manager find; diff --git a/sepolicy/system_ext/private/platform_app.te b/sepolicy/system_ext/private/platform_app.te index a93aa38e..d9934caf 100644 --- a/sepolicy/system_ext/private/platform_app.te +++ b/sepolicy/system_ext/private/platform_app.te @@ -1,3 +1,3 @@ -get_prop(platform_app, bluetooth_lea_prop) - hal_client_domain(platform_app, hal_fingerprint) + +get_prop(platform_app, bluetooth_lea_prop) diff --git a/sepolicy/vendor/battery_mitigation.te b/sepolicy/vendor/battery_mitigation.te index 420f659a..45332355 100644 --- a/sepolicy/vendor/battery_mitigation.te +++ b/sepolicy/vendor/battery_mitigation.te @@ -1,6 +1,9 @@ type battery_mitigation, domain; type battery_mitigation_exec, exec_type, file_type, vendor_file_type; +hal_client_domain(battery_mitigation, hal_health) +hal_client_domain(battery_mitigation, hal_thermal) + add_service(battery_mitigation, hal_battery_mitigation_service) binder_call(battery_mitigation, hal_audio_default) @@ -10,9 +13,6 @@ get_prop(battery_mitigation, boot_status_prop) get_prop(battery_mitigation, system_boot_reason_prop) get_prop(battery_mitigation, vendor_brownout_reason_prop) -hal_client_domain(battery_mitigation, hal_health) -hal_client_domain(battery_mitigation, hal_thermal) - init_daemon_domain(battery_mitigation) r_dir_file(battery_mitigation, sysfs_acpm_stats) diff --git a/sepolicy/vendor/chre.te b/sepolicy/vendor/chre.te index 64966bf2..2228ba88 100644 --- a/sepolicy/vendor/chre.te +++ b/sepolicy/vendor/chre.te @@ -1,10 +1,10 @@ type chre, domain; type chre_exec, exec_type, file_type, vendor_file_type; -binder_call(chre, stats_service_server) - hal_client_domain(chre, hal_graphics_allocator) +binder_call(chre, stats_service_server) + init_daemon_domain(chre) wakelock_use(chre) diff --git a/sepolicy/vendor/dump_exynos_display.te b/sepolicy/vendor/dump_exynos_display.te index 6eb2b210..0d66694b 100644 --- a/sepolicy/vendor/dump_exynos_display.te +++ b/sepolicy/vendor/dump_exynos_display.te @@ -1,7 +1,7 @@ -binder_call(dump_exynos_display, hal_graphics_composer_default) - pixel_bugreport(dump_exynos_display) +binder_call(dump_exynos_display, hal_graphics_composer_default) + vndbinder_use(dump_exynos_display) allow dump_exynos_display sysfs_display:file r_file_perms; diff --git a/sepolicy/vendor/dump_gsc.te b/sepolicy/vendor/dump_gsc.te index cfacacc1..8cb5fdc1 100644 --- a/sepolicy/vendor/dump_gsc.te +++ b/sepolicy/vendor/dump_gsc.te @@ -1,10 +1,10 @@ type dump_gsc, domain; type dump_gsc_exec, exec_type, file_type, vendor_file_type; -binder_call(dump_gsc, citadeld) - hal_client_domain(dump_gsc, hal_dumpstate) +binder_call(dump_gsc, citadeld) + vndbinder_use(dump_gsc) allow dump_gsc citadel_updater:file execute_no_trans; diff --git a/sepolicy/vendor/dump_storage.te b/sepolicy/vendor/dump_storage.te index 40338892..8a614508 100644 --- a/sepolicy/vendor/dump_storage.te +++ b/sepolicy/vendor/dump_storage.te @@ -1,7 +1,7 @@ -get_prop(dump_storage, boottime_public_prop) - pixel_bugreport(dump_storage) +get_prop(dump_storage, boottime_public_prop) + allow dump_storage proc_f2fs:dir r_dir_perms; allow dump_storage proc_f2fs:file r_file_perms; allow dump_storage sysfs:file r_file_perms; diff --git a/sepolicy/vendor/edgetpu_app.te b/sepolicy/vendor/edgetpu_app.te index 170f08a6..a69cf09a 100644 --- a/sepolicy/vendor/edgetpu_app.te +++ b/sepolicy/vendor/edgetpu_app.te @@ -2,13 +2,13 @@ type edgetpu_app_server, coredomain, domain; type edgetpu_app_server_exec, exec_type, file_type, system_file_type; type edgetpu_app_service, app_api_service, isolated_compute_allowed_service, service_manager_type; +binder_service(edgetpu_app_server) + add_service(edgetpu_app_server, edgetpu_app_service) binder_call(edgetpu_app_server, edgetpu_vendor_server) binder_call(edgetpu_app_server, system_server) -binder_service(edgetpu_app_server) - binder_use(edgetpu_app_server) get_prop(edgetpu_app_server, device_config_edgetpu_native_prop) diff --git a/sepolicy/vendor/edgetpu_dba.te b/sepolicy/vendor/edgetpu_dba.te index 80112b1f..713ddc41 100644 --- a/sepolicy/vendor/edgetpu_dba.te +++ b/sepolicy/vendor/edgetpu_dba.te @@ -2,12 +2,14 @@ type edgetpu_dba_server, domain; type edgetpu_dba_server_exec, exec_type, file_type, vendor_file_type; type edgetpu_dba_service, app_api_service, isolated_compute_allowed_service, service_manager_type; +binder_service(edgetpu_dba_server) + +hal_client_domain(edgetpu_dba_server, hal_power) + add_service(edgetpu_dba_server, edgetpu_dba_service) binder_call(edgetpu_dba_server, edgetpu_app_server) -binder_service(edgetpu_dba_server) - binder_use(edgetpu_dba_server) get_prop(edgetpu_dba_server, vendor_edgetpu_cpu_scheduler_prop) @@ -15,8 +17,6 @@ get_prop(edgetpu_dba_server, vendor_edgetpu_runtime_prop) get_prop(edgetpu_dba_server, vendor_hetero_runtime_prop) get_prop(edgetpu_dba_server, vendor_tflite_delegate_prop) -hal_client_domain(edgetpu_dba_server, hal_power) - init_daemon_domain(edgetpu_dba_server) allow edgetpu_dba_server dmabuf_system_heap_device:chr_file r_file_perms; diff --git a/sepolicy/vendor/edgetpu_tachyon.te b/sepolicy/vendor/edgetpu_tachyon.te index 746ea15b..deec065a 100644 --- a/sepolicy/vendor/edgetpu_tachyon.te +++ b/sepolicy/vendor/edgetpu_tachyon.te @@ -2,6 +2,8 @@ type edgetpu_tachyon_server, domain; type edgetpu_tachyon_server_exec, exec_type, file_type, vendor_file_type; type edgetpu_tachyon_service, app_api_service, isolated_compute_allowed_service, service_manager_type; +binder_service(edgetpu_tachyon_server) + add_service(edgetpu_tachyon_server, edgetpu_tachyon_service) binder_call(edgetpu_tachyon_server, edgetpu_app_server) @@ -12,8 +14,6 @@ binder_call(edgetpu_tachyon_server, shell) binder_call(edgetpu_tachyon_server, system_server) binder_call(edgetpu_tachyon_server, untrusted_app_all) -binder_service(edgetpu_tachyon_server) - binder_use(edgetpu_tachyon_server) get_prop(edgetpu_tachyon_server, vendor_edgetpu_cpu_scheduler_prop) diff --git a/sepolicy/vendor/edgetpu_vendor.te b/sepolicy/vendor/edgetpu_vendor.te index 7e35b610..96f6e9da 100644 --- a/sepolicy/vendor/edgetpu_vendor.te +++ b/sepolicy/vendor/edgetpu_vendor.te @@ -2,10 +2,10 @@ type edgetpu_vendor_server, domain; type edgetpu_vendor_server_exec, exec_type, file_type, vendor_file_type; type edgetpu_vendor_service, hal_service_type, service_manager_type; -add_service(edgetpu_vendor_server, edgetpu_vendor_service) - binder_service(edgetpu_vendor_server) +add_service(edgetpu_vendor_server, edgetpu_vendor_service) + binder_use(edgetpu_vendor_server) get_prop(edgetpu_vendor_server, vendor_hetero_runtime_prop) diff --git a/sepolicy/vendor/grilservice_app.te b/sepolicy/vendor/grilservice_app.te index 38c01524..0ce8675a 100644 --- a/sepolicy/vendor/grilservice_app.te +++ b/sepolicy/vendor/grilservice_app.te @@ -2,14 +2,14 @@ type grilservice_app, domain; app_domain(grilservice_app) +hal_client_domain(grilservice_app, hal_power_stats) + binder_call(grilservice_app, hal_audiometricext_default) binder_call(grilservice_app, hal_bluetooth_btlinux) binder_call(grilservice_app, hal_radioext_default) binder_call(grilservice_app, hal_wifi_ext) binder_call(grilservice_app, rild) -hal_client_domain(grilservice_app, hal_power_stats) - r_dir_file(grilservice_app, sysfs_irq) allow grilservice_app app_api_service:service_manager find; diff --git a/sepolicy/vendor/hal_audio.te b/sepolicy/vendor/hal_audio.te index a24e66c3..60d59562 100644 --- a/sepolicy/vendor/hal_audio.te +++ b/sepolicy/vendor/hal_audio.te @@ -1,3 +1,7 @@ +hal_client_domain(hal_audio_default, hal_graphics_allocator) +hal_client_domain(hal_audio_default, hal_health) +hal_client_domain(hal_audio_default, hal_thermal) + add_hwservice(hal_audio_default, hal_audio_ext_hwservice) binder_call(hal_audio_default, aocxd) @@ -8,10 +12,6 @@ get_prop(hal_audio_default, vendor_edgetpu_runtime_prop) get_prop(hal_audio_default, vendor_hetero_runtime_prop) get_prop(hal_audio_default, vendor_tflite_delegate_prop) -hal_client_domain(hal_audio_default, hal_graphics_allocator) -hal_client_domain(hal_audio_default, hal_health) -hal_client_domain(hal_audio_default, hal_thermal) - perfetto_producer(hal_audio_default) r_dir_file(hal_audio_default, aoc_audio_file) diff --git a/sepolicy/vendor/hal_authsecret_citadel.te b/sepolicy/vendor/hal_authsecret_citadel.te index b048f972..d0a437ef 100644 --- a/sepolicy/vendor/hal_authsecret_citadel.te +++ b/sepolicy/vendor/hal_authsecret_citadel.te @@ -1,10 +1,10 @@ type hal_authsecret_citadel, domain; type hal_authsecret_citadel_exec, exec_type, file_type, vendor_file_type; -binder_call(hal_authsecret_citadel, citadeld) - hal_server_domain(hal_authsecret_citadel, hal_authsecret) +binder_call(hal_authsecret_citadel, citadeld) + init_daemon_domain(hal_authsecret_citadel) vndbinder_use(hal_authsecret_citadel) diff --git a/sepolicy/vendor/hal_camera.te b/sepolicy/vendor/hal_camera.te index aaab1db5..5b42c9c7 100644 --- a/sepolicy/vendor/hal_camera.te +++ b/sepolicy/vendor/hal_camera.te @@ -1,3 +1,8 @@ +hal_client_domain(hal_camera_default, hal_graphics_allocator) +hal_client_domain(hal_camera_default, hal_graphics_composer) +hal_client_domain(hal_camera_default, hal_power) +hal_client_domain(hal_camera_default, hal_thermal) + add_service(hal_camera_default, vendor_image_processing_hal_service) binder_call(hal_camera_default, edgetpu_app_server) @@ -16,11 +21,6 @@ get_prop(hal_camera_default, vendor_gxp_prop) get_prop(hal_camera_default, vendor_hetero_runtime_prop) get_prop(hal_camera_default, vendor_tflite_delegate_prop) -hal_client_domain(hal_camera_default, hal_graphics_allocator) -hal_client_domain(hal_camera_default, hal_graphics_composer) -hal_client_domain(hal_camera_default, hal_power) -hal_client_domain(hal_camera_default, hal_thermal) - set_prop(hal_camera_default, log_tag_prop) set_prop(hal_camera_default, vendor_camera_prop) diff --git a/sepolicy/vendor/hal_contexthub.te b/sepolicy/vendor/hal_contexthub.te index 1997cd64..e17062ca 100644 --- a/sepolicy/vendor/hal_contexthub.te +++ b/sepolicy/vendor/hal_contexthub.te @@ -1,10 +1,10 @@ +hal_client_domain(hal_contexthub_default, hal_graphics_allocator) + binder_call(hal_contexthub_default, hal_sensors_default) binder_call(hal_contexthub_default, hal_wifi_ext) get_prop(hal_contexthub_default, vendor_aoc_prop) -hal_client_domain(hal_contexthub_default, hal_graphics_allocator) - unix_socket_connect(hal_contexthub_default, chre, chre) wakelock_use(hal_contexthub_default) diff --git a/sepolicy/vendor/hal_fingerprint.te b/sepolicy/vendor/hal_fingerprint.te index bf9ca4a1..8c973678 100644 --- a/sepolicy/vendor/hal_fingerprint.te +++ b/sepolicy/vendor/hal_fingerprint.te @@ -1,12 +1,12 @@ +hal_client_domain(hal_fingerprint_default, hal_power) +hal_client_domain(hal_fingerprint_default, hal_thermal) + add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice) binder_call(hal_fingerprint_default, hal_graphics_composer_default) get_prop(hal_fingerprint_default, fingerprint_ghbm_prop) -hal_client_domain(hal_fingerprint_default, hal_power) -hal_client_domain(hal_fingerprint_default, hal_thermal) - r_dir_file(hal_fingerprint_default, sysfs_chosen) set_prop(hal_fingerprint_default, vendor_fingerprint_prop) diff --git a/sepolicy/vendor/hal_graphics_composer.te b/sepolicy/vendor/hal_graphics_composer.te index 839cb5ed..c3f3bb27 100644 --- a/sepolicy/vendor/hal_graphics_composer.te +++ b/sepolicy/vendor/hal_graphics_composer.te @@ -1,3 +1,6 @@ +hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator) +hal_client_domain(hal_graphics_composer_default, hal_power) + add_service(hal_graphics_composer_default, hal_pixel_display_service) add_service(hal_graphics_composer_default, vendor_displaycolor_service) add_service(hal_graphics_composer_default, vendor_surfaceflinger_vndservice) @@ -6,9 +9,6 @@ get_prop(hal_graphics_composer_default, boot_status_prop) get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop) get_prop(hal_graphics_composer_default, vendor_persist_sys_default_prop) -hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator) -hal_client_domain(hal_graphics_composer_default, hal_power) - set_prop(hal_graphics_composer_default, vendor_display_prop) vndbinder_use(hal_graphics_composer_default) diff --git a/sepolicy/vendor/hal_identity_citadel.te b/sepolicy/vendor/hal_identity_citadel.te index e913ee33..2a2a31a1 100644 --- a/sepolicy/vendor/hal_identity_citadel.te +++ b/sepolicy/vendor/hal_identity_citadel.te @@ -1,11 +1,11 @@ type hal_identity_citadel, domain; type hal_identity_citadel_exec, exec_type, file_type, vendor_file_type; -binder_call(hal_identity_citadel, citadeld) - hal_server_domain(hal_identity_citadel, hal_identity) hal_server_domain(hal_identity_citadel, hal_keymint) +binder_call(hal_identity_citadel, citadeld) + init_daemon_domain(hal_identity_citadel) vndbinder_use(hal_identity_citadel) diff --git a/sepolicy/vendor/hal_keymint_citadel.te b/sepolicy/vendor/hal_keymint_citadel.te index d707ea72..dda3705b 100644 --- a/sepolicy/vendor/hal_keymint_citadel.te +++ b/sepolicy/vendor/hal_keymint_citadel.te @@ -1,12 +1,12 @@ type hal_keymint_citadel, domain; type hal_keymint_citadel_exec, exec_type, file_type, vendor_file_type; +hal_server_domain(hal_keymint_citadel, hal_keymint) + binder_call(hal_keymint_citadel, citadeld) get_prop(hal_keymint_citadel, vendor_security_patch_level_prop) -hal_server_domain(hal_keymint_citadel, hal_keymint) - init_daemon_domain(hal_keymint_citadel) vndbinder_use(hal_keymint_citadel) diff --git a/sepolicy/vendor/hal_neuralnetworks_darwinn.te b/sepolicy/vendor/hal_neuralnetworks_darwinn.te index 7434cdbd..069bee56 100644 --- a/sepolicy/vendor/hal_neuralnetworks_darwinn.te +++ b/sepolicy/vendor/hal_neuralnetworks_darwinn.te @@ -1,6 +1,11 @@ type hal_neuralnetworks_darwinn, domain; type hal_neuralnetworks_darwinn_exec, exec_type, file_type, vendor_file_type; +hal_client_domain(hal_neuralnetworks_darwinn, hal_graphics_allocator) +hal_client_domain(hal_neuralnetworks_darwinn, hal_power) + +hal_server_domain(hal_neuralnetworks_darwinn, hal_neuralnetworks) + add_service(hal_neuralnetworks_darwinn, edgetpu_nnapi_service) binder_call(hal_neuralnetworks_darwinn, edgetpu_app_server) @@ -13,11 +18,6 @@ get_prop(hal_neuralnetworks_darwinn, vendor_edgetpu_runtime_prop) get_prop(hal_neuralnetworks_darwinn, vendor_hetero_runtime_prop) get_prop(hal_neuralnetworks_darwinn, vendor_tflite_delegate_prop) -hal_client_domain(hal_neuralnetworks_darwinn, hal_graphics_allocator) -hal_client_domain(hal_neuralnetworks_darwinn, hal_power) - -hal_server_domain(hal_neuralnetworks_darwinn, hal_neuralnetworks) - hwbinder_use(hal_neuralnetworks_darwinn) init_daemon_domain(hal_neuralnetworks_darwinn) diff --git a/sepolicy/vendor/hal_oemlock_citadel.te b/sepolicy/vendor/hal_oemlock_citadel.te index 379e1e71..7f0787de 100644 --- a/sepolicy/vendor/hal_oemlock_citadel.te +++ b/sepolicy/vendor/hal_oemlock_citadel.te @@ -1,10 +1,10 @@ type hal_oemlock_citadel, domain; type hal_oemlock_citadel_exec, exec_type, file_type, vendor_file_type; -binder_call(hal_oemlock_citadel, citadeld) - hal_server_domain(hal_oemlock_citadel, hal_oemlock) +binder_call(hal_oemlock_citadel, citadeld) + init_daemon_domain(hal_oemlock_citadel) vndbinder_use(hal_oemlock_citadel) diff --git a/sepolicy/vendor/hal_secure_element_uicc.te b/sepolicy/vendor/hal_secure_element_uicc.te index 03df1b34..2feb4655 100644 --- a/sepolicy/vendor/hal_secure_element_uicc.te +++ b/sepolicy/vendor/hal_secure_element_uicc.te @@ -1,10 +1,10 @@ type hal_secure_element_uicc, domain; type hal_secure_element_uicc_exec, exec_type, file_type, vendor_file_type; -binder_call(hal_secure_element_uicc, rild) - hal_server_domain(hal_secure_element_uicc, hal_secure_element) +binder_call(hal_secure_element_uicc, rild) + init_daemon_domain(hal_secure_element_uicc) allow hal_secure_element_uicc hal_exynos_rild_hwservice:hwservice_manager find; diff --git a/sepolicy/vendor/hal_sensors.te b/sepolicy/vendor/hal_sensors.te index 04438457..af5f353e 100644 --- a/sepolicy/vendor/hal_sensors.te +++ b/sepolicy/vendor/hal_sensors.te @@ -1,3 +1,5 @@ +hal_client_domain(hal_sensors_default, hal_graphics_allocator) + binder_call(hal_sensors_default, hal_contexthub_default) binder_call(hal_sensors_default, hal_graphics_composer_default) binder_call(hal_sensors_default, system_server) @@ -6,8 +8,6 @@ get_prop(hal_sensors_default, vendor_aoc_prop) get_prop(hal_sensors_default, vendor_chre_hal_prop) get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) -hal_client_domain(hal_sensors_default, hal_graphics_allocator) - r_dir_file(hal_sensors_default, persist_camera_file) r_dir_file(hal_sensors_default, persist_sensor_reg_file) r_dir_file(hal_sensors_default, sysfs_batteryinfo) diff --git a/sepolicy/vendor/hal_thermal.te b/sepolicy/vendor/hal_thermal.te index 391de0f3..8310524a 100644 --- a/sepolicy/vendor/hal_thermal.te +++ b/sepolicy/vendor/hal_thermal.te @@ -1,9 +1,9 @@ +hal_client_domain(hal_thermal_default, hal_power) + binder_call(hal_thermal_default, servicemanager) get_prop(hal_thermal_default, vendor_thermal_prop) -hal_client_domain(hal_thermal_default, hal_power) - r_dir_file(hal_thermal_default, sysfs_iio_devices) r_dir_file(hal_thermal_default, sysfs_odpm) diff --git a/sepolicy/vendor/hal_usb_impl.te b/sepolicy/vendor/hal_usb_impl.te index d81e73ad..84da1df8 100644 --- a/sepolicy/vendor/hal_usb_impl.te +++ b/sepolicy/vendor/hal_usb_impl.te @@ -1,13 +1,13 @@ type hal_usb_impl, domain; type hal_usb_impl_exec, exec_type, file_type, vendor_file_type; -binder_call(hal_usb_impl, servicemanager) - hal_client_domain(hal_usb_impl, hal_thermal) hal_server_domain(hal_usb_impl, hal_usb) hal_server_domain(hal_usb_impl, hal_usb_gadget) +binder_call(hal_usb_impl, servicemanager) + init_daemon_domain(hal_usb_impl) set_prop(hal_usb_impl, vendor_usb_config_prop) diff --git a/sepolicy/vendor/hal_uwb_vendor.te b/sepolicy/vendor/hal_uwb_vendor.te index 723b899a..c1c1964c 100644 --- a/sepolicy/vendor/hal_uwb_vendor.te +++ b/sepolicy/vendor/hal_uwb_vendor.te @@ -2,6 +2,11 @@ type hal_uwb_vendor_default, domain; type hal_uwb_vendor_default_exec, exec_type, file_type, vendor_file_type; type hal_uwb_vendor_service, hal_service_type, service_manager_type; +dump_hal(hal_uwb_vendor) + +hal_server_domain(hal_uwb_vendor_default, hal_uwb) +hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor) + add_service(hal_uwb_vendor_default, hal_uwb_vendor_service) binder_call(hal_uwb_vendor_client, hal_uwb_vendor_server) @@ -9,15 +14,10 @@ binder_call(hal_uwb_vendor_default, uwb_vendor_app) binder_call(hal_uwb_vendor_server, hal_uwb_vendor_client) binder_call(hal_uwb_vendor_server, servicemanager) -dump_hal(hal_uwb_vendor) - get_prop(hal_uwb_vendor_default, vendor_uwb_calibration_prop) hal_attribute_service(hal_uwb_vendor, hal_uwb_vendor_service) -hal_server_domain(hal_uwb_vendor_default, hal_uwb) -hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor) - init_daemon_domain(hal_uwb_vendor_default) allow hal_uwb_vendor self:global_capability_class_set net_admin; diff --git a/sepolicy/vendor/hal_weaver_citadel.te b/sepolicy/vendor/hal_weaver_citadel.te index 661d7ec9..febfed1d 100644 --- a/sepolicy/vendor/hal_weaver_citadel.te +++ b/sepolicy/vendor/hal_weaver_citadel.te @@ -1,12 +1,12 @@ type hal_weaver_citadel, domain; type hal_weaver_citadel_exec, exec_type, file_type, vendor_file_type; -binder_call(hal_weaver_citadel, citadeld) - hal_server_domain(hal_weaver_citadel, hal_authsecret) hal_server_domain(hal_weaver_citadel, hal_oemlock) hal_server_domain(hal_weaver_citadel, hal_weaver) +binder_call(hal_weaver_citadel, citadeld) + init_daemon_domain(hal_weaver_citadel) vndbinder_use(hal_weaver_citadel) diff --git a/sepolicy/vendor/ims_app.te b/sepolicy/vendor/ims_app.te index 0d7a2582..cca786e5 100644 --- a/sepolicy/vendor/ims_app.te +++ b/sepolicy/vendor/ims_app.te @@ -2,12 +2,12 @@ type vendor_ims_app, domain; app_domain(vendor_ims_app) +net_domain(vendor_ims_app) + binder_call(vendor_ims_app, rild) get_prop(vendor_ims_app, vendor_imssvc_prop) -net_domain(vendor_ims_app) - set_prop(vendor_ims_app, radio_prop) set_prop(vendor_ims_app, vendor_rild_prop) diff --git a/sepolicy/vendor/mediacodec_google.te b/sepolicy/vendor/mediacodec_google.te index d4bd1e5f..3f2e0a46 100644 --- a/sepolicy/vendor/mediacodec_google.te +++ b/sepolicy/vendor/mediacodec_google.te @@ -1,13 +1,13 @@ type mediacodec_google, domain; type mediacodec_google_exec, exec_type, file_type, vendor_file_type; -crash_dump_fallback(mediacodec_google) - hal_client_domain(mediacodec_google, hal_codec2) hal_client_domain(mediacodec_google, hal_graphics_allocator) hal_server_domain(mediacodec_google, hal_codec2) +crash_dump_fallback(mediacodec_google) + init_daemon_domain(mediacodec_google) vndbinder_use(mediacodec_google) diff --git a/sepolicy/vendor/mediacodec_samsung.te b/sepolicy/vendor/mediacodec_samsung.te index 93929a80..0dcf09f7 100644 --- a/sepolicy/vendor/mediacodec_samsung.te +++ b/sepolicy/vendor/mediacodec_samsung.te @@ -1,6 +1,10 @@ type mediacodec_samsung, domain; type mediacodec_samsung_exec, exec_type, file_type, vendor_file_type; +hal_client_domain(mediacodec_samsung, hal_graphics_allocator) + +hal_server_domain(mediacodec_samsung, hal_codec2) + add_service(mediacodec_samsung, eco_service) binder_call(mediacodec_samsung, hal_camera_default) @@ -9,10 +13,6 @@ binder_use(mediacodec_samsung) crash_dump_fallback(mediacodec_samsung) -hal_client_domain(mediacodec_samsung, hal_graphics_allocator) - -hal_server_domain(mediacodec_samsung, hal_codec2) - init_daemon_domain(mediacodec_samsung) vndbinder_use(mediacodec_samsung) diff --git a/sepolicy/vendor/pktrouter.te b/sepolicy/vendor/pktrouter.te index 4824d901..f45d3c17 100644 --- a/sepolicy/vendor/pktrouter.te +++ b/sepolicy/vendor/pktrouter.te @@ -1,14 +1,14 @@ type pktrouter, domain; type pktrouter_exec, exec_type, file_type, vendor_file_type; +net_domain(pktrouter) + domain_auto_trans(pktrouter, netutils_wrapper_exec, netutils_wrapper) get_prop(pktrouter, vendor_ims_prop) init_daemon_domain(pktrouter) -net_domain(pktrouter) - allow pktrouter pktrouter_device:chr_file rw_file_perms; allow pktrouter radio_device:chr_file r_file_perms; allow pktrouter self:capability net_raw; diff --git a/sepolicy/vendor/rcs_app.te b/sepolicy/vendor/rcs_app.te index 0fa83bde..0eb1f40d 100644 --- a/sepolicy/vendor/rcs_app.te +++ b/sepolicy/vendor/rcs_app.te @@ -2,10 +2,10 @@ type vendor_rcs_app, domain; app_domain(vendor_rcs_app) -binder_call(vendor_rcs_app, rild) - net_domain(vendor_rcs_app) +binder_call(vendor_rcs_app, rild) + allow vendor_rcs_app app_api_service:service_manager find; allow vendor_rcs_app hal_exynos_rild_hwservice:hwservice_manager find; allow vendor_rcs_app radio_service:service_manager find; diff --git a/sepolicy/vendor/uwb_vendor_app.te b/sepolicy/vendor/uwb_vendor_app.te index a2ad6ea3..488d8950 100644 --- a/sepolicy/vendor/uwb_vendor_app.te +++ b/sepolicy/vendor/uwb_vendor_app.te @@ -1,13 +1,11 @@ not_recovery(` +hal_client_domain(uwb_vendor_app, hal_uwb_vendor) + binder_call(uwb_vendor_app, hal_uwb_vendor_default) ') get_prop(uwb_vendor_app, vendor_secure_element_prop) -not_recovery(` -hal_client_domain(uwb_vendor_app, hal_uwb_vendor) -') - set_prop(uwb_vendor_app, vendor_uwb_calibration_country_code) not_recovery(`