clone sepolicy from gs101
s/gs101/gs201/g Bug: 186836335 Test: Boot Signed-off-by: Pat Tjin <pattjin@google.com> Change-Id: Ifa0d083f7317c38eb02c8228c2804cbd4d5ee19f
This commit is contained in:
Pat Tjin
parent
703587e97c
commit
d3a63de64b
172 changed files with 3678 additions and 0 deletions
20
ambient/exo_app.te
Normal file
20
ambient/exo_app.te
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
type exo_app, coredomain, domain;
|
||||||
|
|
||||||
|
app_domain(exo_app)
|
||||||
|
net_domain(exo_app)
|
||||||
|
|
||||||
|
allow exo_app app_api_service:service_manager find;
|
||||||
|
allow exo_app audioserver_service:service_manager find;
|
||||||
|
allow exo_app cameraserver_service:service_manager find;
|
||||||
|
allow exo_app mediaserver_service:service_manager find;
|
||||||
|
allow exo_app radio_service:service_manager find;
|
||||||
|
allow exo_app fwk_stats_service:service_manager find;
|
||||||
|
allow exo_app mediametrics_service:service_manager find;
|
||||||
|
allow exo_app gpu_device:dir search;
|
||||||
|
|
||||||
|
allow exo_app uhid_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
binder_call(exo_app, statsd)
|
||||||
|
binder_use(exo_app)
|
||||||
|
|
||||||
|
get_prop(exo_app, device_config_runtime_native_boot_prop)
|
||||||
2
ambient/seapp_contexts
Normal file
2
ambient/seapp_contexts
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# Domain for Exo app
|
||||||
|
user=_app seinfo=platform name=com.google.pixel.exo domain=exo_app type=app_data_file levelFrom=all
|
||||||
1
display/common/file.te
Normal file
1
display/common/file.te
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
type persist_display_file, file_type, vendor_persist_type;
|
||||||
1
display/common/file_contexts
Normal file
1
display/common/file_contexts
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0
|
||||||
14
display/gs101/genfs_contexts
Normal file
14
display/gs101/genfs_contexts
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0
|
||||||
|
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0
|
||||||
|
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0
|
||||||
|
genfscon sysfs /firmware/devicetree/base/drmdsim@0x1C2C0000/panel@0/compatible u:object_r:sysfs_display:s0
|
||||||
|
|
||||||
|
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0
|
||||||
|
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0
|
||||||
|
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0
|
||||||
|
genfscon sysfs /firmware/devicetree/base/drmdsim@0x1C2D0000/panel@0/compatible u:object_r:sysfs_display:s0
|
||||||
|
|
||||||
|
genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0
|
||||||
|
|
||||||
|
genfscon sysfs /devices/platform/1c300000.drmdecon/dqe/atc u:object_r:sysfs_display:s0
|
||||||
|
genfscon sysfs /devices/platform/1c300000.drmdecon/early_wakeup u:object_r:sysfs_display:s0
|
||||||
38
display/gs101/hal_graphics_composer_default.te
Normal file
38
display/gs101/hal_graphics_composer_default.te
Normal file
|
|
@ -0,0 +1,38 @@
|
||||||
|
allow hal_graphics_composer_default video_device:chr_file rw_file_perms;
|
||||||
|
add_service(hal_graphics_composer_default, vendor_surfaceflinger_vndservice)
|
||||||
|
hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)
|
||||||
|
allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
||||||
|
vndbinder_use(hal_graphics_composer_default)
|
||||||
|
|
||||||
|
userdebug_or_eng(`
|
||||||
|
allow hal_graphics_composer_default vendor_log_file:dir create_dir_perms;
|
||||||
|
|
||||||
|
# For HWC/libdisplaycolor to generate calibration file.
|
||||||
|
allow hal_graphics_composer_default persist_display_file:file create_file_perms;
|
||||||
|
allow hal_graphics_composer_default persist_display_file:dir rw_dir_perms;
|
||||||
|
')
|
||||||
|
|
||||||
|
# allow HWC/libdisplaycolor to read calibration data
|
||||||
|
allow hal_graphics_composer_default mnt_vendor_file:dir search;
|
||||||
|
allow hal_graphics_composer_default persist_file:dir search;
|
||||||
|
allow hal_graphics_composer_default persist_display_file:file r_file_perms;
|
||||||
|
|
||||||
|
# allow HWC to r/w backlight
|
||||||
|
allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;
|
||||||
|
allow hal_graphics_composer_default sysfs_leds:file rw_file_perms;
|
||||||
|
|
||||||
|
# allow HWC to get vendor_persist_sys_default_prop
|
||||||
|
get_prop(hal_graphics_composer_default, vendor_persist_sys_default_prop)
|
||||||
|
|
||||||
|
# allow HWC to get vendor_display_prop
|
||||||
|
get_prop(hal_graphics_composer_default, vendor_display_prop)
|
||||||
|
|
||||||
|
# allow HWC to access vendor_displaycolor_service
|
||||||
|
add_service(hal_graphics_composer_default, vendor_displaycolor_service)
|
||||||
|
|
||||||
|
add_service(hal_graphics_composer_default, hal_pixel_display_service)
|
||||||
|
binder_use(hal_graphics_composer_default)
|
||||||
|
get_prop(hal_graphics_composer_default, boot_status_prop);
|
||||||
|
|
||||||
|
# allow HWC to access vendor log file
|
||||||
|
allow hal_graphics_composer_default vendor_log_file:file create_file_perms;
|
||||||
|
|
@ -0,0 +1,39 @@
|
||||||
|
# sepolicy that are shared among devices using whitechapel
|
||||||
|
BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/whitechapel/vendor/google
|
||||||
|
|
||||||
|
# unresolved SELinux error log with bug tracking
|
||||||
|
BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/tracking_denials
|
||||||
|
|
||||||
|
PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs201-sepolicy/private
|
||||||
|
|
||||||
|
# Display
|
||||||
|
BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/display/common
|
||||||
|
BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/display/gs201
|
||||||
|
|
||||||
|
# Micro sensor framework (usf)
|
||||||
|
BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/usf
|
||||||
|
|
||||||
|
# system_ext
|
||||||
|
SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/gs201-sepolicy/system_ext/public
|
||||||
|
SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs201-sepolicy/system_ext/private
|
||||||
|
|
||||||
|
#
|
||||||
|
# Pixel-wide
|
||||||
|
#
|
||||||
|
# Dauntless (uses Citadel policy currently)
|
||||||
|
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/citadel
|
||||||
|
|
||||||
|
# Wifi
|
||||||
|
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_ext
|
||||||
|
|
||||||
|
# PowerStats HAL
|
||||||
|
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
|
||||||
|
|
||||||
|
# sscoredump
|
||||||
|
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/sscoredump
|
||||||
|
|
||||||
|
# Sniffer Logger
|
||||||
|
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_sniffer
|
||||||
|
|
||||||
|
# Wifi Logger
|
||||||
|
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_logger
|
||||||
59
private/dex2oat.te
Normal file
59
private/dex2oat.te
Normal file
|
|
@ -0,0 +1,59 @@
|
||||||
|
# b/187016929
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat proc_filesystems:file read ;
|
||||||
|
dontaudit dex2oat postinstall_apex_mnt_dir:file getattr ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat proc_filesystems:file read ;
|
||||||
|
dontaudit dex2oat postinstall_apex_mnt_dir:file getattr ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
|
dontaudit dex2oat vendor_overlay_file:file read ;
|
||||||
2
private/gmscore_app.te
Normal file
2
private/gmscore_app.te
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# b/177389198
|
||||||
|
dontaudit gmscore_app adbd_prop:file *;
|
||||||
2
private/hal_dumpstate_default.te
Normal file
2
private/hal_dumpstate_default.te
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# b/176868217
|
||||||
|
dontaudit hal_dumpstate adbd_prop:file *;
|
||||||
14
private/incidentd.te
Normal file
14
private/incidentd.te
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
# b/174961589
|
||||||
|
dontaudit incidentd adbd_config_prop:file open ;
|
||||||
|
dontaudit incidentd adbd_prop:file getattr ;
|
||||||
|
dontaudit incidentd adbd_prop:file open ;
|
||||||
|
dontaudit incidentd adbd_config_prop:file open ;
|
||||||
|
dontaudit incidentd adbd_config_prop:file getattr ;
|
||||||
|
dontaudit incidentd adbd_config_prop:file map ;
|
||||||
|
dontaudit incidentd adbd_prop:file open ;
|
||||||
|
dontaudit incidentd adbd_prop:file getattr ;
|
||||||
|
dontaudit incidentd adbd_prop:file map ;
|
||||||
|
dontaudit incidentd apexd_prop:file open ;
|
||||||
|
dontaudit incidentd adbd_config_prop:file getattr ;
|
||||||
|
dontaudit incidentd adbd_config_prop:file map ;
|
||||||
|
dontaudit incidentd adbd_prop:file map ;
|
||||||
7
private/lpdumpd.te
Normal file
7
private/lpdumpd.te
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
# b/177176997
|
||||||
|
dontaudit lpdumpd block_device:blk_file getattr ;
|
||||||
|
dontaudit lpdumpd block_device:blk_file getattr ;
|
||||||
|
dontaudit lpdumpd block_device:blk_file read ;
|
||||||
|
dontaudit lpdumpd block_device:blk_file getattr ;
|
||||||
|
dontaudit lpdumpd block_device:blk_file read ;
|
||||||
|
dontaudit lpdumpd block_device:blk_file read ;
|
||||||
19
private/priv_app.te
Normal file
19
private/priv_app.te
Normal file
|
|
@ -0,0 +1,19 @@
|
||||||
|
# b/178433525
|
||||||
|
dontaudit priv_app adbd_prop:file { map };
|
||||||
|
dontaudit priv_app adbd_prop:file { getattr };
|
||||||
|
dontaudit priv_app adbd_prop:file { open };
|
||||||
|
dontaudit priv_app ab_update_gki_prop:file { map };
|
||||||
|
dontaudit priv_app ab_update_gki_prop:file { getattr };
|
||||||
|
dontaudit priv_app ab_update_gki_prop:file { open };
|
||||||
|
dontaudit priv_app aac_drc_prop:file { map };
|
||||||
|
dontaudit priv_app aac_drc_prop:file { getattr };
|
||||||
|
dontaudit priv_app aac_drc_prop:file { open };
|
||||||
|
dontaudit priv_app adbd_prop:file { map };
|
||||||
|
dontaudit priv_app aac_drc_prop:file { open };
|
||||||
|
dontaudit priv_app aac_drc_prop:file { getattr };
|
||||||
|
dontaudit priv_app aac_drc_prop:file { map };
|
||||||
|
dontaudit priv_app ab_update_gki_prop:file { open };
|
||||||
|
dontaudit priv_app ab_update_gki_prop:file { getattr };
|
||||||
|
dontaudit priv_app ab_update_gki_prop:file { map };
|
||||||
|
dontaudit priv_app adbd_prop:file { open };
|
||||||
|
dontaudit priv_app adbd_prop:file { getattr };
|
||||||
1
private/radio.te
Normal file
1
private/radio.te
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
add_service(radio, uce_service)
|
||||||
1
private/service_contexts
Normal file
1
private/service_contexts
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
telephony.oem.oemrilhook u:object_r:radio_service:s0
|
||||||
2
private/untrusted_app_25.te
Normal file
2
private/untrusted_app_25.te
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# b/177389321
|
||||||
|
dontaudit untrusted_app_25 adbd_prop:file *;
|
||||||
2
private/wait_for_keymaster.te
Normal file
2
private/wait_for_keymaster.te
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# b/188114822
|
||||||
|
dontaudit wait_for_keymaster servicemanager:binder transfer;
|
||||||
2
system_ext/private/property_contexts
Normal file
2
system_ext/private/property_contexts
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# Fingerprint (UDFPS) GHBM/LHBM toggle
|
||||||
|
persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool
|
||||||
2
system_ext/public/property.te
Normal file
2
system_ext/public/property.te
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# Fingerprint (UDFPS) GHBM/LHBM toggle
|
||||||
|
system_vendor_config_prop(fingerprint_ghbm_prop)
|
||||||
4
tracking_denials/dumpstate.te
Normal file
4
tracking_denials/dumpstate.te
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
# b/185723618
|
||||||
|
dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
|
||||||
|
# b/187795940
|
||||||
|
dontaudit dumpstate twoshay:binder call;
|
||||||
11
tracking_denials/gpsd.te
Normal file
11
tracking_denials/gpsd.te
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
# b/173969091
|
||||||
|
dontaudit gpsd radio_prop:file { read };
|
||||||
|
dontaudit gpsd radio_prop:file { open };
|
||||||
|
dontaudit gpsd radio_prop:file { map };
|
||||||
|
dontaudit gpsd radio_prop:file { map };
|
||||||
|
dontaudit gpsd system_data_file:dir { search };
|
||||||
|
dontaudit gpsd radio_prop:file { read };
|
||||||
|
dontaudit gpsd radio_prop:file { open };
|
||||||
|
dontaudit gpsd radio_prop:file { getattr };
|
||||||
|
dontaudit gpsd system_data_file:dir { search };
|
||||||
|
dontaudit gpsd radio_prop:file { getattr };
|
||||||
5
tracking_denials/hal_camera_default.te
Normal file
5
tracking_denials/hal_camera_default.te
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
# b/178980085
|
||||||
|
dontaudit hal_camera_default system_data_file:dir { search };
|
||||||
|
# b/180567725
|
||||||
|
dontaudit hal_camera_default traced:unix_stream_socket { connectto };
|
||||||
|
dontaudit hal_camera_default traced_producer_socket:sock_file { write };
|
||||||
15
tracking_denials/hal_fingerprint_default.te
Normal file
15
tracking_denials/hal_fingerprint_default.te
Normal file
|
|
@ -0,0 +1,15 @@
|
||||||
|
# b/183338543
|
||||||
|
dontaudit hal_fingerprint_default system_data_root_file:file { read };
|
||||||
|
dontaudit hal_fingerprint_default default_prop:file { getattr };
|
||||||
|
dontaudit hal_fingerprint_default default_prop:file { map };
|
||||||
|
dontaudit hal_fingerprint_default default_prop:file { open };
|
||||||
|
dontaudit hal_fingerprint_default default_prop:file { read };
|
||||||
|
dontaudit hal_fingerprint_default system_data_root_file:file { open };
|
||||||
|
dontaudit hal_fingerprint_default system_data_root_file:file { read };
|
||||||
|
dontaudit hal_fingerprint_default default_prop:file { map };
|
||||||
|
dontaudit hal_fingerprint_default default_prop:file { getattr };
|
||||||
|
dontaudit hal_fingerprint_default default_prop:file { open };
|
||||||
|
dontaudit hal_fingerprint_default default_prop:file { read };
|
||||||
|
dontaudit hal_fingerprint_default system_data_root_file:file { open };
|
||||||
|
# b/187015705
|
||||||
|
dontaudit hal_fingerprint_default property_socket:sock_file write;
|
||||||
3
tracking_denials/hal_graphics_composer_default.te
Normal file
3
tracking_denials/hal_graphics_composer_default.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
# b/185723492
|
||||||
|
dontaudit hal_graphics_composer_default hal_dumpstate_default:fd { use };
|
||||||
|
dontaudit hal_graphics_composer_default hal_dumpstate_default:fd { use };
|
||||||
33
tracking_denials/hal_neuralnetworks_armnn.te
Normal file
33
tracking_denials/hal_neuralnetworks_armnn.te
Normal file
|
|
@ -0,0 +1,33 @@
|
||||||
|
# b/171160755
|
||||||
|
dontaudit hal_neuralnetworks_armnn traced:unix_stream_socket connectto ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn hal_neuralnetworks_hwservice:hwservice_manager add ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn hal_neuralnetworks_hwservice:hwservice_manager find ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn hwservicemanager:binder transfer ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn hwservicemanager:binder call ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn hwservicemanager_prop:file map ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn hwservicemanager_prop:file getattr ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn hwservicemanager_prop:file open ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn hwservicemanager_prop:file read ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn gpu_device:chr_file {read write} ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn gpu_device:chr_file open ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn gpu_device:chr_file getattr ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn gpu_device:chr_file ioctl ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn gpu_device:chr_file map ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn gpu_device:chr_file {read write} ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn traced_producer_socket:sock_file write ;
|
||||||
|
dontaudit hal_neuralnetworks_armnn hidl_base_hwservice:hwservice_manager add ;
|
||||||
|
# b/171670122
|
||||||
|
dontaudit hal_neuralnetworks_armnn debugfs_tracing:file { read };
|
||||||
|
dontaudit hal_neuralnetworks_armnn debugfs_tracing:file { open };
|
||||||
|
# b/180550063
|
||||||
|
dontaudit hal_neuralnetworks_armnn system_data_file:dir { search };
|
||||||
|
dontaudit hal_neuralnetworks_armnn system_data_file:dir { search };
|
||||||
|
# b/180858476
|
||||||
|
dontaudit hal_neuralnetworks_armnn default_prop:file { read };
|
||||||
|
dontaudit hal_neuralnetworks_armnn default_prop:file { read };
|
||||||
|
dontaudit hal_neuralnetworks_armnn default_prop:file { open };
|
||||||
|
dontaudit hal_neuralnetworks_armnn default_prop:file { getattr };
|
||||||
|
dontaudit hal_neuralnetworks_armnn default_prop:file { map };
|
||||||
|
dontaudit hal_neuralnetworks_armnn default_prop:file { open };
|
||||||
|
dontaudit hal_neuralnetworks_armnn default_prop:file { getattr };
|
||||||
|
dontaudit hal_neuralnetworks_armnn default_prop:file { map };
|
||||||
14
tracking_denials/hal_neuralnetworks_darwinn.te
Normal file
14
tracking_denials/hal_neuralnetworks_darwinn.te
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
# b/182524105
|
||||||
|
dontaudit hal_neuralnetworks_darwinn tmpfs:file { open };
|
||||||
|
dontaudit hal_neuralnetworks_darwinn tmpfs:file { write };
|
||||||
|
dontaudit hal_neuralnetworks_darwinn tmpfs:file { map };
|
||||||
|
dontaudit hal_neuralnetworks_darwinn tmpfs:file { write };
|
||||||
|
dontaudit hal_neuralnetworks_darwinn tmpfs:file { read };
|
||||||
|
dontaudit hal_neuralnetworks_darwinn tmpfs:file { open };
|
||||||
|
dontaudit hal_neuralnetworks_darwinn tmpfs:file { map };
|
||||||
|
dontaudit hal_neuralnetworks_darwinn tmpfs:file { read };
|
||||||
|
dontaudit hal_neuralnetworks_darwinn tmpfs:file { read };
|
||||||
|
dontaudit hal_neuralnetworks_darwinn tmpfs:file { read };
|
||||||
|
# b/183935302
|
||||||
|
dontaudit hal_neuralnetworks_darwinn proc_version:file { read };
|
||||||
|
dontaudit hal_neuralnetworks_darwinn proc_version:file { read };
|
||||||
12
tracking_denials/hal_power_default.te
Normal file
12
tracking_denials/hal_power_default.te
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
# b/171760921
|
||||||
|
dontaudit hal_power_default hal_power_default:capability { dac_override };
|
||||||
|
# b/178331773
|
||||||
|
dontaudit hal_power_default sysfs:file { write };
|
||||||
|
dontaudit hal_power_default sysfs:file { open };
|
||||||
|
dontaudit hal_power_default sysfs:file { write };
|
||||||
|
dontaudit hal_power_default sysfs:file { open };
|
||||||
|
# b/178752616
|
||||||
|
dontaudit hal_power_default sysfs:file { read };
|
||||||
|
dontaudit hal_power_default sysfs:file { getattr };
|
||||||
|
dontaudit hal_power_default sysfs:file { read };
|
||||||
|
dontaudit hal_power_default sysfs:file { getattr };
|
||||||
18
tracking_denials/hardware_info_app.te
Normal file
18
tracking_denials/hardware_info_app.te
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
# b/181177926
|
||||||
|
dontaudit hardware_info_app sysfs_scsi_devices_0000:file { getattr };
|
||||||
|
dontaudit hardware_info_app sysfs_scsi_devices_0000:file { open };
|
||||||
|
dontaudit hardware_info_app sysfs_batteryinfo:file { read };
|
||||||
|
dontaudit hardware_info_app sysfs:file { read };
|
||||||
|
dontaudit hardware_info_app sysfs:file { open };
|
||||||
|
dontaudit hardware_info_app sysfs:file { getattr };
|
||||||
|
dontaudit hardware_info_app sysfs_scsi_devices_0000:dir { search };
|
||||||
|
dontaudit hardware_info_app sysfs_scsi_devices_0000:file { read };
|
||||||
|
dontaudit hardware_info_app sysfs_batteryinfo:dir { search };
|
||||||
|
# b/181914888
|
||||||
|
dontaudit hardware_info_app sysfs_batteryinfo:file { open };
|
||||||
|
dontaudit hardware_info_app sysfs_batteryinfo:file { getattr };
|
||||||
|
dontaudit hardware_info_app vendor_regmap_debugfs:dir { search };
|
||||||
|
# b/181915166
|
||||||
|
dontaudit hardware_info_app sysfs_batteryinfo:file { getattr };
|
||||||
|
dontaudit hardware_info_app sysfs_batteryinfo:file { open };
|
||||||
|
dontaudit hardware_info_app vendor_regmap_debugfs:dir { search };
|
||||||
2
tracking_denials/incidentd.te
Normal file
2
tracking_denials/incidentd.te
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# b/187015816
|
||||||
|
dontaudit incidentd apex_info_file:file getattr;
|
||||||
3
tracking_denials/init.te
Normal file
3
tracking_denials/init.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
# b/180963348
|
||||||
|
dontaudit init overlayfs_file:chr_file { unlink };
|
||||||
|
dontaudit init overlayfs_file:file { rename };
|
||||||
3
tracking_denials/ofl_app.te
Normal file
3
tracking_denials/ofl_app.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
# b/184005231
|
||||||
|
dontaudit ofl_app default_prop:file { read };
|
||||||
|
|
||||||
7
tracking_denials/pixelstats_vendor.te
Normal file
7
tracking_denials/pixelstats_vendor.te
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
# b/183338421
|
||||||
|
dontaudit pixelstats_vendor sysfs_dma_heap:dir { search };
|
||||||
|
dontaudit pixelstats_vendor sysfs_dma_heap:file { read };
|
||||||
|
dontaudit pixelstats_vendor sysfs_dma_heap:file { open };
|
||||||
|
dontaudit pixelstats_vendor sysfs_dma_heap:file { getattr };
|
||||||
|
# b/188114896
|
||||||
|
dontaudit pixelstats_vendor debugfs_mgm:dir read;
|
||||||
2
tracking_denials/priv_app.te
Normal file
2
tracking_denials/priv_app.te
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# b/187016930
|
||||||
|
dontaudit priv_app fwk_stats_service:service_manager find ;
|
||||||
3
tracking_denials/servicemanager.te
Normal file
3
tracking_denials/servicemanager.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
# b/182086688
|
||||||
|
dontaudit servicemanager hal_sensors_default:binder { call };
|
||||||
|
dontaudit servicemanager hal_sensors_default:binder { call };
|
||||||
12
tracking_denials/surfaceflinger.te
Normal file
12
tracking_denials/surfaceflinger.te
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
# b/176868297
|
||||||
|
dontaudit surfaceflinger hal_graphics_composer_default:dir search ;
|
||||||
|
# b/177176899
|
||||||
|
dontaudit surfaceflinger hal_graphics_composer_default:file open ;
|
||||||
|
dontaudit surfaceflinger hal_graphics_composer_default:file read ;
|
||||||
|
dontaudit surfaceflinger hal_graphics_composer_default:file getattr ;
|
||||||
|
dontaudit surfaceflinger hal_graphics_composer_default:file read ;
|
||||||
|
dontaudit surfaceflinger hal_graphics_composer_default:file open ;
|
||||||
|
dontaudit surfaceflinger hal_graphics_composer_default:file read ;
|
||||||
|
dontaudit surfaceflinger hal_graphics_composer_default:file open ;
|
||||||
|
dontaudit surfaceflinger hal_graphics_composer_default:file getattr ;
|
||||||
|
dontaudit surfaceflinger hal_graphics_composer_default:file getattr ;
|
||||||
3
tracking_denials/trusty_apploader.te
Normal file
3
tracking_denials/trusty_apploader.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
# b/182953825
|
||||||
|
dontaudit trusty_apploader trusty_apploader:capability { dac_override };
|
||||||
|
dontaudit trusty_apploader trusty_apploader:capability { dac_override };
|
||||||
4
tracking_denials/untrusted_app.te
Normal file
4
tracking_denials/untrusted_app.te
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
# b/184593993
|
||||||
|
dontaudit untrusted_app vendor_camera_prop:file { read };
|
||||||
|
dontaudit untrusted_app vendor_camera_prop:file { read };
|
||||||
|
dontaudit untrusted_app vendor_camera_prop:file { read };
|
||||||
2
tracking_denials/update_engine.te
Normal file
2
tracking_denials/update_engine.te
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# b/187016910
|
||||||
|
dontaudit update_engine mnt_vendor_file:dir search ;
|
||||||
2
tracking_denials/vendor_init.te
Normal file
2
tracking_denials/vendor_init.te
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# b/176528557
|
||||||
|
dontaudit vendor_init debugfs_trace_marker:file { getattr };
|
||||||
12
usf/file.te
Normal file
12
usf/file.te
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
#
|
||||||
|
# USF file SELinux type enforcements.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Declare the sensor registry persist file type. By convention, persist file
|
||||||
|
# types begin with "persist_".
|
||||||
|
type persist_sensor_reg_file, file_type, vendor_persist_type;
|
||||||
|
|
||||||
|
# Declare the sensor registry data file type. By convention, data file types
|
||||||
|
# end with "data_file".
|
||||||
|
type sensor_reg_data_file, file_type, data_file_type;
|
||||||
|
|
||||||
10
usf/file_contexts
Normal file
10
usf/file_contexts
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
#
|
||||||
|
# USF SELinux file security contexts.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Sensor registry persist files.
|
||||||
|
/mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0
|
||||||
|
|
||||||
|
# Sensor registry data files.
|
||||||
|
/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0
|
||||||
|
|
||||||
60
usf/sensor_hal.te
Normal file
60
usf/sensor_hal.te
Normal file
|
|
@ -0,0 +1,60 @@
|
||||||
|
#
|
||||||
|
# USF sensor HAL SELinux type enforcements.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Allow reading of sensor registry persist files.
|
||||||
|
allow hal_sensors_default persist_file:dir search;
|
||||||
|
allow hal_sensors_default mnt_vendor_file:dir search;
|
||||||
|
r_dir_file(hal_sensors_default, persist_sensor_reg_file)
|
||||||
|
|
||||||
|
# Allow creation and writing of sensor registry data files.
|
||||||
|
allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms;
|
||||||
|
allow hal_sensors_default sensor_reg_data_file:file create_file_perms;
|
||||||
|
|
||||||
|
# Allow access to the AoC communication driver.
|
||||||
|
allow hal_sensors_default aoc_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow access to the AoC clock and kernel boot time sys FS node. This is needed
|
||||||
|
# to synchronize the AP and AoC clock timestamps.
|
||||||
|
allow hal_sensors_default sysfs_aoc_boottime:file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow create thread to watch AOC's device.
|
||||||
|
allow hal_sensors_default device:dir r_dir_perms;
|
||||||
|
|
||||||
|
# Allow access to the files of CDT information.
|
||||||
|
r_dir_file(hal_sensors_default, sysfs_chosen)
|
||||||
|
|
||||||
|
# Allow display_info_service access to the backlight driver.
|
||||||
|
allow hal_sensors_default sysfs_leds:dir search;
|
||||||
|
allow hal_sensors_default sysfs_leds:file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow access to the power supply files for MagCC.
|
||||||
|
r_dir_file(hal_sensors_default, sysfs_batteryinfo)
|
||||||
|
allow hal_sensors_default sysfs_wlc:dir r_dir_perms;
|
||||||
|
|
||||||
|
# Allow access to sensor service for sensor_listener.
|
||||||
|
binder_call(hal_sensors_default, system_server);
|
||||||
|
|
||||||
|
# Allow access to the sysfs_aoc.
|
||||||
|
allow hal_sensors_default sysfs_aoc:dir search;
|
||||||
|
allow hal_sensors_default sysfs_aoc:file r_file_perms;
|
||||||
|
|
||||||
|
# Allow use of the USF low latency transport.
|
||||||
|
usf_low_latency_transport(hal_sensors_default)
|
||||||
|
|
||||||
|
# Allow sensor HAL to reset AOC.
|
||||||
|
allow hal_sensors_default sysfs_aoc_reset:file w_file_perms;
|
||||||
|
|
||||||
|
#
|
||||||
|
# Suez type enforcements.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Allow SensorSuez to connect AIDL stats.
|
||||||
|
binder_use(hal_sensors_default);
|
||||||
|
allow hal_sensors_default fwk_stats_service:service_manager find;
|
||||||
|
|
||||||
|
# Allow access to CHRE socket to connect to nanoapps.
|
||||||
|
unix_socket_connect(hal_sensors_default, chre, chre)
|
||||||
|
|
||||||
|
# Allow sensor HAL to read lhbm.
|
||||||
|
allow hal_sensors_default sysfs_lhbm:file r_file_perms;
|
||||||
14
usf/te_macros
Normal file
14
usf/te_macros
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
#
|
||||||
|
# USF SELinux type enforcement macros.
|
||||||
|
#
|
||||||
|
|
||||||
|
#
|
||||||
|
# usf_low_latency_transport(domain)
|
||||||
|
#
|
||||||
|
# Allows domain use of the USF low latency transport.
|
||||||
|
#
|
||||||
|
define(`usf_low_latency_transport', `
|
||||||
|
allow $1 hal_graphics_mapper_hwservice:hwservice_manager find;
|
||||||
|
hal_client_domain($1, hal_graphics_allocator)
|
||||||
|
')
|
||||||
|
|
||||||
21
whitechapel/vendor/google/aocd.te
vendored
Normal file
21
whitechapel/vendor/google/aocd.te
vendored
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
type aocd, domain;
|
||||||
|
type aocd_exec, vendor_file_type, exec_type, file_type;
|
||||||
|
init_daemon_domain(aocd)
|
||||||
|
|
||||||
|
# access persist files
|
||||||
|
allow aocd mnt_vendor_file:dir search;
|
||||||
|
allow aocd persist_file:dir search;
|
||||||
|
r_dir_file(aocd, persist_aoc_file);
|
||||||
|
|
||||||
|
# sysfs operations
|
||||||
|
allow aocd sysfs_aoc:dir search;
|
||||||
|
allow aocd sysfs_aoc_firmware:file w_file_perms;
|
||||||
|
|
||||||
|
# dev operations
|
||||||
|
allow aocd aoc_device:chr_file r_file_perms;
|
||||||
|
|
||||||
|
# allow inotify to watch for additions/removals from /dev
|
||||||
|
allow aocd device:dir r_dir_perms;
|
||||||
|
|
||||||
|
# set properties
|
||||||
|
set_prop(aocd, vendor_aoc_prop)
|
||||||
19
whitechapel/vendor/google/aocdump.te
vendored
Normal file
19
whitechapel/vendor/google/aocdump.te
vendored
Normal file
|
|
@ -0,0 +1,19 @@
|
||||||
|
type aocdump, domain;
|
||||||
|
type aocdump_exec, vendor_file_type, exec_type, file_type;
|
||||||
|
init_daemon_domain(aocdump)
|
||||||
|
|
||||||
|
userdebug_or_eng(`
|
||||||
|
# Permit communication with AoC
|
||||||
|
allow aocdump aoc_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
allow aocdump radio_vendor_data_file:dir rw_dir_perms;
|
||||||
|
allow aocdump radio_vendor_data_file:file create_file_perms;
|
||||||
|
allow aocdump wifi_logging_data_file:dir create_dir_perms;
|
||||||
|
allow aocdump wifi_logging_data_file:file create_file_perms;
|
||||||
|
set_prop(aocdump, vendor_audio_prop);
|
||||||
|
r_dir_file(aocdump, proc_asound)
|
||||||
|
|
||||||
|
allow aocdump self:unix_stream_socket create_stream_socket_perms;
|
||||||
|
allow aocdump property_socket:sock_file { write };
|
||||||
|
allow aocdump audio_vendor_data_file:sock_file { create unlink };
|
||||||
|
')
|
||||||
1
whitechapel/vendor/google/attributes
vendored
Normal file
1
whitechapel/vendor/google/attributes
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
attribute vendor_persist_type;
|
||||||
2
whitechapel/vendor/google/audioserver.te
vendored
Normal file
2
whitechapel/vendor/google/audioserver.te
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# allow access to ALSA MMAP FDs for AAudio API
|
||||||
|
allow audioserver audio_device:chr_file r_file_perms;
|
||||||
9
whitechapel/vendor/google/bipchmgr.te
vendored
Normal file
9
whitechapel/vendor/google/bipchmgr.te
vendored
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
type bipchmgr, domain;
|
||||||
|
type bipchmgr_exec, vendor_file_type, exec_type, file_type;
|
||||||
|
init_daemon_domain(bipchmgr)
|
||||||
|
|
||||||
|
get_prop(bipchmgr, hwservicemanager_prop);
|
||||||
|
|
||||||
|
allow bipchmgr hal_exynos_rild_hwservice:hwservice_manager find;
|
||||||
|
hwbinder_use(bipchmgr)
|
||||||
|
binder_call(bipchmgr, rild)
|
||||||
5
whitechapel/vendor/google/bootanim.te
vendored
Normal file
5
whitechapel/vendor/google/bootanim.te
vendored
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
# TODO(b/62954877). On Android Wear, bootanim reads the time
|
||||||
|
# during boot to display. It currently gets that time from a file
|
||||||
|
# in /data/system. This should be moved. In the meantime, suppress
|
||||||
|
# this denial on phones since this functionality is not used.
|
||||||
|
dontaudit bootanim system_data_file:dir r_dir_perms;
|
||||||
1
whitechapel/vendor/google/bootdevice_sysdev.te
vendored
Normal file
1
whitechapel/vendor/google/bootdevice_sysdev.te
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
allow bootdevice_sysdev sysfs:filesystem associate;
|
||||||
63
whitechapel/vendor/google/cbd.te
vendored
Normal file
63
whitechapel/vendor/google/cbd.te
vendored
Normal file
|
|
@ -0,0 +1,63 @@
|
||||||
|
type cbd, domain;
|
||||||
|
type cbd_exec, vendor_file_type, exec_type, file_type;
|
||||||
|
init_daemon_domain(cbd)
|
||||||
|
|
||||||
|
set_prop(cbd, vendor_modem_prop)
|
||||||
|
set_prop(cbd, vendor_cbd_prop)
|
||||||
|
set_prop(cbd, vendor_rild_prop)
|
||||||
|
|
||||||
|
# Allow cbd to setuid from root to radio
|
||||||
|
# TODO: confirming with vendor via b/182334947
|
||||||
|
allow cbd self:capability { setgid setuid };
|
||||||
|
|
||||||
|
allow cbd mnt_vendor_file:dir r_dir_perms;
|
||||||
|
|
||||||
|
allow cbd kmsg_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
allow cbd vendor_shell_exec:file execute_no_trans;
|
||||||
|
allow cbd vendor_toolbox_exec:file execute_no_trans;
|
||||||
|
|
||||||
|
# Allow cbd to access modem block device
|
||||||
|
allow cbd block_device:dir search;
|
||||||
|
allow cbd modem_block_device:blk_file r_file_perms;
|
||||||
|
|
||||||
|
# Allow cbd to access sysfs chosen files
|
||||||
|
allow cbd sysfs_chosen:file r_file_perms;
|
||||||
|
allow cbd sysfs_chosen:dir r_dir_perms;
|
||||||
|
|
||||||
|
allow cbd radio_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
allow cbd proc_cmdline:file r_file_perms;
|
||||||
|
|
||||||
|
allow cbd persist_modem_file:dir create_dir_perms;
|
||||||
|
allow cbd persist_modem_file:file create_file_perms;
|
||||||
|
|
||||||
|
allow cbd radio_vendor_data_file:dir create_dir_perms;
|
||||||
|
allow cbd radio_vendor_data_file:file create_file_perms;
|
||||||
|
|
||||||
|
# Allow cbd to operate with modem EFS file/dir
|
||||||
|
allow cbd modem_efs_file:dir create_dir_perms;
|
||||||
|
allow cbd modem_efs_file:file create_file_perms;
|
||||||
|
|
||||||
|
# Allow cbd to operate with modem userdata file/dir
|
||||||
|
allow cbd modem_userdata_file:dir create_dir_perms;
|
||||||
|
allow cbd modem_userdata_file:file create_file_perms;
|
||||||
|
|
||||||
|
# Allow cbd to access modem image file/dir
|
||||||
|
allow cbd modem_img_file:dir r_dir_perms;
|
||||||
|
allow cbd modem_img_file:file r_file_perms;
|
||||||
|
allow cbd modem_img_file:lnk_file r_file_perms;
|
||||||
|
|
||||||
|
# Allow cbd to collect crash info
|
||||||
|
allow cbd sscoredump_vendor_data_crashinfo_file:dir create_dir_perms;
|
||||||
|
allow cbd sscoredump_vendor_data_crashinfo_file:file create_file_perms;
|
||||||
|
|
||||||
|
userdebug_or_eng(`
|
||||||
|
r_dir_file(cbd, vendor_slog_file)
|
||||||
|
|
||||||
|
allow cbd kernel:system syslog_read;
|
||||||
|
|
||||||
|
allow cbd sscoredump_vendor_data_coredump_file:dir create_dir_perms;
|
||||||
|
allow cbd sscoredump_vendor_data_coredump_file:file create_file_perms;
|
||||||
|
')
|
||||||
|
|
||||||
13
whitechapel/vendor/google/cbrs_setup.te
vendored
Normal file
13
whitechapel/vendor/google/cbrs_setup.te
vendored
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
# GoogleCBRS app
|
||||||
|
type cbrs_setup_app, domain;
|
||||||
|
|
||||||
|
userdebug_or_eng(`
|
||||||
|
app_domain(cbrs_setup_app)
|
||||||
|
net_domain(cbrs_setup_app)
|
||||||
|
|
||||||
|
allow cbrs_setup_app app_api_service:service_manager find;
|
||||||
|
allow cbrs_setup_app cameraserver_service:service_manager find;
|
||||||
|
allow cbrs_setup_app radio_service:service_manager find;
|
||||||
|
set_prop(cbrs_setup_app, radio_prop)
|
||||||
|
set_prop(cbrs_setup_app, vendor_rild_prop)
|
||||||
|
')
|
||||||
29
whitechapel/vendor/google/certs/com_google_mds.x509.pem
vendored
Normal file
29
whitechapel/vendor/google/certs/com_google_mds.x509.pem
vendored
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIF1TCCA72gAwIBAgIVAPZ4KZV2jpxRBCoVAidCu62l3cDqMA0GCSqGSIb3DQEBCwUAMHsxCzAJ
|
||||||
|
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
|
||||||
|
EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEXMBUGA1UEAwwOY29tX2dvb2ds
|
||||||
|
ZV9tZHMwHhcNMTkwNDIyMTQ1NzA1WhcNNDkwNDIyMTQ1NzA1WjB7MQswCQYDVQQGEwJVUzETMBEG
|
||||||
|
A1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xl
|
||||||
|
IEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxFzAVBgNVBAMMDmNvbV9nb29nbGVfbWRzMIICIjANBgkq
|
||||||
|
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqgNC0hhI3NzaPUllJfe01hCTuEpl35D02+DKJ5prPFxv
|
||||||
|
6KGTk6skjZOwV87Zf2pyj/cbnv28ioDjwvqMBe4ntFdKtH9gl2tTAVl69HMKXF4Iny/wnrt2mxzh
|
||||||
|
WxFUd5PuW+mWug+UQw/NGUuaf5d/yys/RrchHKM1+zBV6aOzH6BXiwDoOF2i43d5GlNQ/tFuMySW
|
||||||
|
LJftJN0QULFelxNDFFJZhw2P3c4opxjmF2yCoIiDfBEIhTZFKUbHX6YDLXmtUpXl35q+cxK4TCxP
|
||||||
|
URyzwdfiyheF3TTxagfzhvXNg/ifrY67S4qCGfzoEMPxrTz02gS0u3D6r/2+hl9vAJChLKDNdIs6
|
||||||
|
TqIw+YnABrELiZLLFnaABnjQ7xC3xv1s3W6dWxaxnoVMtC1YvdgwhC5gSpJ4A+AGcCLv96hoeB1I
|
||||||
|
IoGV9Yt0Z97MFpXeHFpAxFZ1F9feBqwOCDbu50dmdKZvqGHZ4Ts3uy7ukDQ08dquHpT+NmqkmmW5
|
||||||
|
GGhkuyZS3HHpU/QeVsZiyJCJBbDe5lz6NGXK56ruuF9ILeGHtldjQm40oYRc01ESScyVjSU0kpMO
|
||||||
|
C7hn1B7rKAm8xxG7eH04ieQrNnbbee7atOO4C3157W5CqujfLMeo6OCRVtcYkYIuSi8hIPNySu/q
|
||||||
|
OaEtEP4owVNZR0H6mCHy5pANsyBofMkCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU
|
||||||
|
gk8pmLx8yP3RILwR5am1G10PBEowHwYDVR0jBBgwFoAUgk8pmLx8yP3RILwR5am1G10PBEowDQYJ
|
||||||
|
KoZIhvcNAQELBQADggIBAC9iQ1huo6CzjcsB1IIw3WYPYVfHtvG7fiB49QO6cjth8fxM36YOxnMz
|
||||||
|
K9Zh89cnFx7BeXG4MdbR3lAWO+wTbEpM/5azAQfqHB/ZEEAo1THtqS58C1bTwJ5zxkA+wL/x1ucT
|
||||||
|
EV0QZtPHC1K5nIV5FuICiJjui5FHfj2HYu2A5a5729rdZ7sL8Vgx6TUFKpEPs5iCrlx5X/E+/wJa
|
||||||
|
DM5iIjVvrGJJq0VWHHeDJEE+Sw1CDxWYRzvu1WvCvhk149hf4LlfrR0A5t8QJRGx0WwF10DLGgJx
|
||||||
|
7epMBpzhMIXc529FTIx4Rx2PcufjTZC9EN7PkLgVfYahWEkt/YIfV/0F6U6viLxdNC5O0pimSV57
|
||||||
|
vT6HIthX1OC34eZca0cPqH1kOuhRDKOhbP4yIgdYX6knpvw8aXsYcyTfAmDyrt0EWffeBPedaxMo
|
||||||
|
xfijdlsBQUymviUQ8qBbfl1Ew9VoC+VEsiobK7Ubog0IK+82LQ7FOLMoNYnhk5wJ63i1kVvBVAgH
|
||||||
|
64PMME2KG//BwYFfKK6jUXibabyNke72+1Jr0xpw1BHJPxNJ8Q8yCBLF0wmXmFJSM+9lSDd10Bni
|
||||||
|
FJeMFMQ0T1Sf8GUSIxYYbMK5pDguRs+JOYkUID02ylJ3L6GAnxXCjGWzpdxw29/WWJc+qsYFEIbP
|
||||||
|
kKzTUNQHaaLHmcLK22Ht
|
||||||
|
-----END CERTIFICATE-----
|
||||||
29
whitechapel/vendor/google/certs/com_qorvo_uwb.x509.pem
vendored
Normal file
29
whitechapel/vendor/google/certs/com_qorvo_uwb.x509.pem
vendored
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIF1TCCA72gAwIBAgIVALSpAFqvtr1ntTS7YgB0Y5R6WqEtMA0GCSqGSIb3DQEBCwUAMHoxCzAJ
|
||||||
|
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
|
||||||
|
EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEWMBQGA1UEAwwNY29tX3FvcnZv
|
||||||
|
X3V3YjAgFw0yMTA1MDQwNTAyMDlaGA8yMDUxMDUwNDA1MDIwOVowejELMAkGA1UEBhMCVVMxEzAR
|
||||||
|
BgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dvb2ds
|
||||||
|
ZSBJbmMuMRAwDgYDVQQLEwdBbmRyb2lkMRYwFAYDVQQDDA1jb21fcW9ydm9fdXdiMIICIjANBgkq
|
||||||
|
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyoe1/UDAyMZd5iWqaKPDKN0cCESsWBTTkuLFpzMfcTEa
|
||||||
|
IyMORaIYriuAxvWhNzidPQvvRPyw0XQbl7GZLjXLF004G5xPTXFHIdtWv/scuC53INqTerppcHeW
|
||||||
|
fP4hfJPbZMQNcDB9EHa2bhA0wPdfoJD4cz8T7sgQcbRirdR8KoiOVWYe5UTSdk0df2IbiMZav2DJ
|
||||||
|
KhFql323emi4QHoDeUMAYy35mTh5vhfJ8NrCRAUwMh0zlw6LwZw/Dr8AbzDXl4Mo6Ij2pTn3/1zW
|
||||||
|
BPNkJonvONiMvuUUDl6LnP/41qhxYSg9RBp3wBJLknmfD/hEaXxTSLdkJyF43t61sU12mDQbLu4s
|
||||||
|
ZoiQKeKMJ0VpC56gUzkpnx3pzusq+/bAlTXf8Tfqrm7nizwR/69kntNYp8iaUJnvQQzlChc2lg2X
|
||||||
|
QNzf6zShPptpPqJIgmWawH6DL8JPHgkpguWyz47dWHCLnTfp8miEZPrQkPKL13SCMYCwxmlNYNWG
|
||||||
|
gUFPX5UJfnNVH4y2gPpXssROyKQKp/ArZkWb2zURrC1RUvNFADvvFt+hb2iXXVnfVeEtKAkSdhOj
|
||||||
|
RHwXhc/EtraSMMYUeO/uhUiPmPFR0FVLxCIm6i91/xqgWhKgRN0uatornO3lSNgzk4c7b0JCncEn
|
||||||
|
iArWJ516/nqWIvEdYjcqIBDAdSx8S1sCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU
|
||||||
|
EGKtCMO6w0UKLbAmd/laZERZZrkwHwYDVR0jBBgwFoAUEGKtCMO6w0UKLbAmd/laZERZZrkwDQYJ
|
||||||
|
KoZIhvcNAQELBQADggIBAIRowmuGiFeZdyDsbYi0iYISNW2HID4uLM3Pp8CEx5swlntJu1Z19R9t
|
||||||
|
fzzY9lvcMgdbdVJYnGrHzUGUCVqbhfDH7GxP9ybg1QUqYxi6AvZU3wrRqjoUoDw7HlecNBXFZI6z
|
||||||
|
0f2J3XSzST3kq5lCuUaEKGHkU8jVgwqVGMcz1foLGzBXQhMgIKl966c5DWoXsLToBCXrNgDokkHe
|
||||||
|
cj9tI1ufsWrSxl5/AT0/DMjHkcBmZk78RiTcGJtSZU8YwqNIQa+U2hpDE34iy2LC6YEqMKggjCm0
|
||||||
|
6nOBbIH0EXnrr0iBX3YJmDM8O4a9eDpI7FSjabPx9YvfQne08pNwYkExOMafibyAwt7Du0cpxNkg
|
||||||
|
NE3xeDZ+TVr+4I10HF1gKpJ+rQsBOIYVTWLKATO4TMQxLNLY9oy2gt12PcsCdkOIThX4bAHXq1eY
|
||||||
|
ulAxoA7Hba2xq/wnh2JH5VZIjz3yZBJXX/GyFeHkqv7wFRVrx4DjZC1s5uTdqDh6y8pfM49w9/Zp
|
||||||
|
BKtz5B+37bC9FmM+ux39MElqx+kbsITzBDtDWa2Q8onWQR0R4WHI43n1mJSvW4cdR6Xf/a1msPXh
|
||||||
|
NHc3XCJYq4WvlMuXWEGVka20LPJXIjiuU3sB088YpjAG1+roSn//CL8N9iDWHCRXy+UKElIbhWLz
|
||||||
|
lHV8gmlwBAuAx9ITcTJr
|
||||||
|
-----END CERTIFICATE-----
|
||||||
17
whitechapel/vendor/google/chre.te
vendored
Normal file
17
whitechapel/vendor/google/chre.te
vendored
Normal file
|
|
@ -0,0 +1,17 @@
|
||||||
|
type chre, domain;
|
||||||
|
type chre_exec, vendor_file_type, exec_type, file_type;
|
||||||
|
init_daemon_domain(chre)
|
||||||
|
|
||||||
|
# Permit communication with AoC
|
||||||
|
allow chre aoc_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow CHRE to determine AoC's current clock
|
||||||
|
allow chre sysfs_aoc:dir search;
|
||||||
|
allow chre sysfs_aoc_boottime:file r_file_perms;
|
||||||
|
|
||||||
|
# Allow CHRE to create thread to watch AOC's device
|
||||||
|
allow chre device:dir r_dir_perms;
|
||||||
|
|
||||||
|
# Allow CHRE to use the USF low latency transport
|
||||||
|
usf_low_latency_transport(chre)
|
||||||
|
|
||||||
10
whitechapel/vendor/google/con_monitor.te
vendored
Normal file
10
whitechapel/vendor/google/con_monitor.te
vendored
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
# ConnectivityMonitor app
|
||||||
|
type con_monitor_app, domain, coredomain;
|
||||||
|
|
||||||
|
app_domain(con_monitor_app)
|
||||||
|
|
||||||
|
set_prop(con_monitor_app, radio_prop)
|
||||||
|
allow con_monitor_app app_api_service:service_manager find;
|
||||||
|
allow con_monitor_app radio_service:service_manager find;
|
||||||
|
allow con_monitor_app radio_vendor_data_file:dir rw_dir_perms;
|
||||||
|
allow con_monitor_app radio_vendor_data_file:file create_file_perms;
|
||||||
62
whitechapel/vendor/google/device.te
vendored
Normal file
62
whitechapel/vendor/google/device.te
vendored
Normal file
|
|
@ -0,0 +1,62 @@
|
||||||
|
# Block Devices
|
||||||
|
type efs_block_device, dev_type;
|
||||||
|
type fat_block_device, dev_type;
|
||||||
|
type modem_block_device, dev_type;
|
||||||
|
type modem_userdata_block_device, dev_type;
|
||||||
|
type persist_block_device, dev_type;
|
||||||
|
type vendor_block_device, dev_type;
|
||||||
|
type sda_block_device, dev_type;
|
||||||
|
|
||||||
|
# Exynos devices
|
||||||
|
type vendor_m2m1shot_device, dev_type;
|
||||||
|
type vendor_gnss_device, dev_type;
|
||||||
|
type vendor_nanohub_device, dev_type;
|
||||||
|
type vendor_secmem_device, dev_type;
|
||||||
|
type pktrouter_device, dev_type;
|
||||||
|
type vendor_toe_device, dev_type;
|
||||||
|
type custom_ab_block_device, dev_type;
|
||||||
|
type devinfo_block_device, dev_type;
|
||||||
|
type tui_device, dev_type;
|
||||||
|
|
||||||
|
# usbpd
|
||||||
|
type logbuffer_device, dev_type;
|
||||||
|
|
||||||
|
# EdgeTPU device (DarwiNN)
|
||||||
|
type edgetpu_device, dev_type, mlstrustedobject;
|
||||||
|
|
||||||
|
#cpuctl
|
||||||
|
type cpuctl_device, dev_type;
|
||||||
|
|
||||||
|
# Bt Wifi Coexistence device
|
||||||
|
type wb_coexistence_dev, dev_type;
|
||||||
|
|
||||||
|
# Touch
|
||||||
|
type touch_offload_device, dev_type;
|
||||||
|
|
||||||
|
# LWIS (Lightweight Imaging Subsystem) devices, used by Lyric camera HAL
|
||||||
|
type lwis_device, dev_type;
|
||||||
|
|
||||||
|
# RLS device
|
||||||
|
type rls_device, dev_type;
|
||||||
|
|
||||||
|
# sensor direct DMA-BUF heap
|
||||||
|
type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
|
||||||
|
|
||||||
|
#faceauth DMA-BUF heaps
|
||||||
|
type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
|
||||||
|
|
||||||
|
#vframe-secure DMA-BUF heap
|
||||||
|
type vframe_heap_device, dmabuf_heap_device_type, dev_type;
|
||||||
|
|
||||||
|
#vscaler-secure DMA-BUF heap
|
||||||
|
type vscaler_heap_device, dmabuf_heap_device_type, dev_type;
|
||||||
|
|
||||||
|
# AOC device
|
||||||
|
type aoc_device, dev_type;
|
||||||
|
|
||||||
|
# Fingerprint device
|
||||||
|
type fingerprint_device, dev_type;
|
||||||
|
|
||||||
|
# AMCS device
|
||||||
|
type amcs_device, dev_type;
|
||||||
|
|
||||||
33
whitechapel/vendor/google/dmd.te
vendored
Normal file
33
whitechapel/vendor/google/dmd.te
vendored
Normal file
|
|
@ -0,0 +1,33 @@
|
||||||
|
type dmd, domain;
|
||||||
|
type dmd_exec, vendor_file_type, exec_type, file_type;
|
||||||
|
init_daemon_domain(dmd)
|
||||||
|
|
||||||
|
# Grant to access serial device for external logging tool
|
||||||
|
allow dmd serial_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# Grant to access radio device
|
||||||
|
allow dmd radio_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# Grant to access slog dir/file
|
||||||
|
allow dmd vendor_slog_file:dir create_dir_perms;
|
||||||
|
allow dmd vendor_slog_file:file create_file_perms;
|
||||||
|
|
||||||
|
# Grant to access tcp socket
|
||||||
|
allow dmd node:tcp_socket node_bind;
|
||||||
|
allow dmd self:tcp_socket { create_socket_perms_no_ioctl listen accept bind };
|
||||||
|
|
||||||
|
# Grant to access log related properties
|
||||||
|
set_prop(dmd, vendor_diag_prop)
|
||||||
|
set_prop(dmd, vendor_slog_prop)
|
||||||
|
set_prop(dmd, vendor_modem_prop)
|
||||||
|
|
||||||
|
get_prop(dmd, vendor_persist_config_default_prop)
|
||||||
|
|
||||||
|
# Grant to access hwservice manager
|
||||||
|
get_prop(dmd, hwservicemanager_prop)
|
||||||
|
allow dmd hidl_base_hwservice:hwservice_manager add;
|
||||||
|
allow dmd hal_vendor_oem_hwservice:hwservice_manager { add find };
|
||||||
|
binder_call(dmd, hwservicemanager)
|
||||||
|
binder_call(dmd, modem_diagnostic_app)
|
||||||
|
binder_call(dmd, modem_logging_control)
|
||||||
|
binder_call(dmd, vendor_telephony_app)
|
||||||
1
whitechapel/vendor/google/domain.te
vendored
Normal file
1
whitechapel/vendor/google/domain.te
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
allow {domain -appdomain -rs} sysfs_vendor_sched:file w_file_perms;
|
||||||
16
whitechapel/vendor/google/dumpstate.te
vendored
Normal file
16
whitechapel/vendor/google/dumpstate.te
vendored
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
dump_hal(hal_telephony)
|
||||||
|
dump_hal(hal_graphics_composer)
|
||||||
|
|
||||||
|
userdebug_or_eng(`
|
||||||
|
allow dumpstate media_rw_data_file:file append;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
|
||||||
|
allow dumpstate persist_file:dir r_dir_perms;
|
||||||
|
|
||||||
|
allow dumpstate modem_efs_file:dir getattr;
|
||||||
|
allow dumpstate modem_img_file:dir getattr;
|
||||||
|
allow dumpstate modem_userdata_file:dir getattr;
|
||||||
|
allow dumpstate fuse:dir search;
|
||||||
|
|
||||||
|
dontaudit dumpstate vendor_dmabuf_debugfs:file r_file_perms;
|
||||||
6
whitechapel/vendor/google/e2fs.te
vendored
Normal file
6
whitechapel/vendor/google/e2fs.te
vendored
Normal file
|
|
@ -0,0 +1,6 @@
|
||||||
|
allow e2fs persist_block_device:blk_file rw_file_perms;
|
||||||
|
allow e2fs efs_block_device:blk_file rw_file_perms;
|
||||||
|
allow e2fs modem_userdata_block_device:blk_file rw_file_perms;
|
||||||
|
allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_device }:blk_file ioctl {
|
||||||
|
BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
|
||||||
|
};
|
||||||
41
whitechapel/vendor/google/edgetpu_app_service.te
vendored
Normal file
41
whitechapel/vendor/google/edgetpu_app_service.te
vendored
Normal file
|
|
@ -0,0 +1,41 @@
|
||||||
|
# EdgeTPU app server process which runs the EdgeTPU binder service.
|
||||||
|
type edgetpu_app_server, coredomain, domain;
|
||||||
|
type edgetpu_app_server_exec, exec_type, system_file_type, file_type;
|
||||||
|
init_daemon_domain(edgetpu_app_server)
|
||||||
|
|
||||||
|
# The server will use binder calls.
|
||||||
|
binder_use(edgetpu_app_server);
|
||||||
|
|
||||||
|
# The server will serve a binder service.
|
||||||
|
binder_service(edgetpu_app_server);
|
||||||
|
|
||||||
|
# EdgeTPU binder service type declaration.
|
||||||
|
type edgetpu_app_service, service_manager_type;
|
||||||
|
|
||||||
|
# EdgeTPU server to register the service to service_manager.
|
||||||
|
add_service(edgetpu_app_server, edgetpu_app_service);
|
||||||
|
|
||||||
|
# EdgeTPU service needs to access /dev/abrolhos.
|
||||||
|
allow edgetpu_app_server edgetpu_device:chr_file rw_file_perms;
|
||||||
|
allow edgetpu_app_server sysfs_edgetpu:dir r_dir_perms;
|
||||||
|
allow edgetpu_app_server sysfs_edgetpu:file rw_file_perms;
|
||||||
|
|
||||||
|
# Applications are not allowed to open the EdgeTPU device directly.
|
||||||
|
neverallow appdomain edgetpu_device:chr_file { open };
|
||||||
|
|
||||||
|
# Allow EdgeTPU service to access the Package Manager service.
|
||||||
|
allow edgetpu_app_server package_native_service:service_manager find;
|
||||||
|
binder_call(edgetpu_app_server, system_server);
|
||||||
|
|
||||||
|
# Allow EdgeTPU service to read EdgeTPU service related system properties.
|
||||||
|
get_prop(edgetpu_app_server, vendor_edgetpu_service_prop);
|
||||||
|
|
||||||
|
# Allow EdgeTPU service to generate Perfetto traces.
|
||||||
|
perfetto_producer(edgetpu_app_server);
|
||||||
|
|
||||||
|
# Allow EdgeTPU service to connect to the EdgeTPU vendor version of the service.
|
||||||
|
allow edgetpu_app_server edgetpu_vendor_service:service_manager find;
|
||||||
|
binder_call(edgetpu_app_server, edgetpu_vendor_server);
|
||||||
|
|
||||||
|
# Allow EdgeTPU service to log to stats service. (metrics)
|
||||||
|
allow edgetpu_app_server fwk_stats_service:service_manager find;
|
||||||
15
whitechapel/vendor/google/edgetpu_logging.te
vendored
Normal file
15
whitechapel/vendor/google/edgetpu_logging.te
vendored
Normal file
|
|
@ -0,0 +1,15 @@
|
||||||
|
type edgetpu_logging, domain;
|
||||||
|
type edgetpu_logging_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(edgetpu_logging)
|
||||||
|
|
||||||
|
# The logging service accesses /dev/abrolhos
|
||||||
|
allow edgetpu_logging edgetpu_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# Allows the logging service to access /sys/class/edgetpu
|
||||||
|
allow edgetpu_logging sysfs_edgetpu:dir search;
|
||||||
|
allow edgetpu_logging sysfs_edgetpu:file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow TPU logging service to log to stats service. (metrics)
|
||||||
|
allow edgetpu_logging fwk_stats_service:service_manager find;
|
||||||
|
binder_call(edgetpu_logging, system_server);
|
||||||
|
binder_use(edgetpu_logging)
|
||||||
28
whitechapel/vendor/google/edgetpu_vendor_service.te
vendored
Normal file
28
whitechapel/vendor/google/edgetpu_vendor_service.te
vendored
Normal file
|
|
@ -0,0 +1,28 @@
|
||||||
|
# EdgeTPU vendor service.
|
||||||
|
type edgetpu_vendor_server, domain;
|
||||||
|
type edgetpu_vendor_server_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(edgetpu_vendor_server)
|
||||||
|
|
||||||
|
# The vendor service will use binder calls.
|
||||||
|
binder_use(edgetpu_vendor_server);
|
||||||
|
|
||||||
|
# The vendor service will serve a binder service.
|
||||||
|
binder_service(edgetpu_vendor_server);
|
||||||
|
|
||||||
|
# EdgeTPU vendor service to register the service to service_manager.
|
||||||
|
add_service(edgetpu_vendor_server, edgetpu_vendor_service);
|
||||||
|
|
||||||
|
# Allow communications between other vendor services.
|
||||||
|
allow edgetpu_vendor_server vndbinder_device:chr_file { read write open ioctl map };
|
||||||
|
|
||||||
|
# Allow EdgeTPU vendor service to access its data files.
|
||||||
|
allow edgetpu_vendor_server edgetpu_vendor_service_data_file:file create_file_perms;
|
||||||
|
allow edgetpu_vendor_server edgetpu_vendor_service_data_file:dir create_dir_perms;
|
||||||
|
|
||||||
|
# Allow EdgeTPU vendor service to access Android shared memory allocated
|
||||||
|
# by the camera hal for on-device compilation.
|
||||||
|
allow edgetpu_vendor_server hal_camera_default:fd use;
|
||||||
|
|
||||||
|
# Allow EdgeTPU vendor service to read the kernel version.
|
||||||
|
# This is done inside the InitGoogle.
|
||||||
|
allow edgetpu_vendor_server proc_version:file r_file_perms;
|
||||||
2
whitechapel/vendor/google/exo_camera_injection/dumpstate.te
vendored
Normal file
2
whitechapel/vendor/google/exo_camera_injection/dumpstate.te
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# For collecting bugreports.
|
||||||
|
dump_hal(hal_camera)
|
||||||
3
whitechapel/vendor/google/exo_camera_injection/exo_app.te
vendored
Normal file
3
whitechapel/vendor/google/exo_camera_injection/exo_app.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
# Allow exo app to find and bind exo camera injection hal.
|
||||||
|
allow exo_app hal_exo_camera_injection_hwservice:hwservice_manager find;
|
||||||
|
binder_call(exo_app, hal_exo_camera_injection)
|
||||||
1
whitechapel/vendor/google/exo_camera_injection/file_contexts
vendored
Normal file
1
whitechapel/vendor/google/exo_camera_injection/file_contexts
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
/vendor/bin/hw/vendor\.google\.exo_camera_injection@1\.0-service u:object_r:hal_exo_camera_injection_exec:s0
|
||||||
10
whitechapel/vendor/google/exo_camera_injection/hal_exo_camera_injection.te
vendored
Normal file
10
whitechapel/vendor/google/exo_camera_injection/hal_exo_camera_injection.te
vendored
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
# TODO(b/180558115): It will moved to pixel-sepolicy after pixel 6 launches.
|
||||||
|
type hal_exo_camera_injection, domain;
|
||||||
|
hal_server_domain(hal_exo_camera_injection, hal_camera)
|
||||||
|
|
||||||
|
type hal_exo_camera_injection_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(hal_exo_camera_injection)
|
||||||
|
|
||||||
|
hwbinder_use(hal_exo_camera_injection)
|
||||||
|
add_hwservice(hal_exo_camera_injection, hal_exo_camera_injection_hwservice)
|
||||||
|
allow hal_exo_camera_injection hal_graphics_mapper_hwservice:hwservice_manager find;
|
||||||
1
whitechapel/vendor/google/exo_camera_injection/hwservice.te
vendored
Normal file
1
whitechapel/vendor/google/exo_camera_injection/hwservice.te
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
type hal_exo_camera_injection_hwservice, hwservice_manager_type;
|
||||||
1
whitechapel/vendor/google/exo_camera_injection/hwservice_contexts
vendored
Normal file
1
whitechapel/vendor/google/exo_camera_injection/hwservice_contexts
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
vendor.google.exo_camera_injection::IExoCameraInjection u:object_r:hal_exo_camera_injection_hwservice:s0
|
||||||
6
whitechapel/vendor/google/fastbootd.te
vendored
Normal file
6
whitechapel/vendor/google/fastbootd.te
vendored
Normal file
|
|
@ -0,0 +1,6 @@
|
||||||
|
# Required by the bootcontrol HAL for the 'set_active' command.
|
||||||
|
recovery_only(`
|
||||||
|
allow fastbootd devinfo_block_device:blk_file rw_file_perms;
|
||||||
|
allow fastbootd sda_block_device:blk_file rw_file_perms;
|
||||||
|
allow fastbootd sysfs_ota:file rw_file_perms;
|
||||||
|
')
|
||||||
210
whitechapel/vendor/google/file.te
vendored
Normal file
210
whitechapel/vendor/google/file.te
vendored
Normal file
|
|
@ -0,0 +1,210 @@
|
||||||
|
# Exynos Data Files
|
||||||
|
#type vendor_data_file, file_type, data_file_type;
|
||||||
|
type vendor_cbd_boot_file, file_type, data_file_type;
|
||||||
|
type vendor_media_data_file, file_type, data_file_type;
|
||||||
|
|
||||||
|
# Exynos Log Files
|
||||||
|
type vendor_log_file, file_type, data_file_type;
|
||||||
|
type vendor_cbd_log_file, file_type, data_file_type;
|
||||||
|
type vendor_dmd_log_file, file_type, data_file_type;
|
||||||
|
type vendor_rfsd_log_file, file_type, data_file_type;
|
||||||
|
type vendor_dump_log_file, file_type, data_file_type;
|
||||||
|
type vendor_rild_log_file, file_type, data_file_type;
|
||||||
|
type vendor_sced_log_file, file_type, data_file_type;
|
||||||
|
type vendor_slog_file, file_type, data_file_type, mlstrustedobject;
|
||||||
|
type vendor_telephony_log_file, file_type, data_file_type;
|
||||||
|
type vendor_vcd_log_file, file_type, data_file_type;
|
||||||
|
|
||||||
|
# app data files
|
||||||
|
type vendor_test_data_file, file_type, data_file_type;
|
||||||
|
type vendor_telephony_data_file, file_type, data_file_type;
|
||||||
|
type vendor_ims_data_file, file_type, data_file_type;
|
||||||
|
type vendor_misc_data_file, file_type, data_file_type;
|
||||||
|
type vendor_rpmbmock_data_file, file_type, data_file_type;
|
||||||
|
|
||||||
|
# Exynos debugfs
|
||||||
|
type vendor_ion_debugfs, fs_type, debugfs_type;
|
||||||
|
type vendor_dmabuf_debugfs, fs_type, debugfs_type;
|
||||||
|
type vendor_page_pinner_debugfs, fs_type, debugfs_type, sysfs_type;
|
||||||
|
type vendor_mali_debugfs, fs_type, debugfs_type;
|
||||||
|
type vendor_dri_debugfs, fs_type, debugfs_type;
|
||||||
|
type vendor_pm_genpd_debugfs, fs_type, debugfs_type;
|
||||||
|
type vendor_regmap_debugfs, fs_type, debugfs_type;
|
||||||
|
type vendor_usb_debugfs, fs_type, debugfs_type;
|
||||||
|
type vendor_maxfg_debugfs, fs_type, debugfs_type;
|
||||||
|
type vendor_charger_debugfs, fs_type, debugfs_type;
|
||||||
|
type vendor_votable_debugfs, fs_type, debugfs_type;
|
||||||
|
type vendor_battery_debugfs, fs_type, debugfs_type;
|
||||||
|
type vendor_sjtag_debugfs, fs_type, debugfs_type;
|
||||||
|
|
||||||
|
# Exynos sysfs
|
||||||
|
type sysfs_exynos_bts, sysfs_type, fs_type;
|
||||||
|
type sysfs_exynos_bts_stats, sysfs_type, fs_type;
|
||||||
|
type sysfs_ota, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Exynos Firmware
|
||||||
|
type vendor_fw_file, vendor_file_type, file_type;
|
||||||
|
|
||||||
|
# ACPM
|
||||||
|
type sysfs_acpm_stats, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Vendor tools
|
||||||
|
type vendor_usf_stats, vendor_file_type, file_type;
|
||||||
|
type vendor_usf_reg_edit, vendor_file_type, file_type;
|
||||||
|
type vendor_dumpsys, vendor_file_type, file_type;
|
||||||
|
|
||||||
|
# Sensors
|
||||||
|
type nanohub_lock_file, file_type, data_file_type;
|
||||||
|
type sensor_vendor_data_file, file_type, data_file_type, mlstrustedobject;
|
||||||
|
type sensors_cal_file, file_type;
|
||||||
|
type sysfs_nanoapp_cmd, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Fingerprint
|
||||||
|
type sysfs_fingerprint, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# CHRE
|
||||||
|
type chre_socket, file_type;
|
||||||
|
|
||||||
|
# IOMMU
|
||||||
|
type sysfs_iommu, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
type sysfs_devicetree, sysfs_type, fs_type;
|
||||||
|
type sysfs_mem, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# WiFi
|
||||||
|
type sysfs_wifi, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# All files under /data/vendor/firmware/wifi
|
||||||
|
type updated_wifi_firmware_data_file, file_type, data_file_type;
|
||||||
|
|
||||||
|
# Widevine DRM
|
||||||
|
type mediadrm_vendor_data_file, file_type, data_file_type;
|
||||||
|
|
||||||
|
# Storage Health HAL
|
||||||
|
type sysfs_scsi_devices_0000, sysfs_type, fs_type;
|
||||||
|
type debugfs_f2fs, debugfs_type, fs_type;
|
||||||
|
type proc_f2fs, proc_type, fs_type;
|
||||||
|
|
||||||
|
type bootdevice_sysdev, dev_type;
|
||||||
|
|
||||||
|
# ZRam
|
||||||
|
type per_boot_file, file_type, data_file_type, core_data_file_type;
|
||||||
|
|
||||||
|
# Touch
|
||||||
|
type proc_touch, proc_type, fs_type, mlstrustedobject;
|
||||||
|
type sysfs_touch, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# AOC
|
||||||
|
type sysfs_aoc_boottime, sysfs_type, fs_type;
|
||||||
|
type sysfs_aoc_firmware, sysfs_type, fs_type;
|
||||||
|
type sysfs_aoc, sysfs_type, fs_type;
|
||||||
|
type sysfs_aoc_reset, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Audio
|
||||||
|
type persist_audio_file, file_type, vendor_persist_type;
|
||||||
|
type persist_aoc_file, file_type, vendor_persist_type;
|
||||||
|
type audio_vendor_data_file, file_type, data_file_type;
|
||||||
|
type aoc_audio_file, file_type, vendor_file_type;
|
||||||
|
|
||||||
|
# Radio
|
||||||
|
type radio_vendor_data_file, file_type, data_file_type, mlstrustedobject;
|
||||||
|
|
||||||
|
# RILD
|
||||||
|
type rild_vendor_data_file, file_type, data_file_type;
|
||||||
|
|
||||||
|
# Modem
|
||||||
|
type modem_stat_data_file, file_type, data_file_type;
|
||||||
|
type modem_efs_file, file_type;
|
||||||
|
type modem_userdata_file, file_type;
|
||||||
|
type sysfs_modem, sysfs_type, fs_type;
|
||||||
|
type persist_modem_file, file_type, vendor_persist_type;
|
||||||
|
|
||||||
|
|
||||||
|
type modem_img_file, contextmount_type, file_type, vendor_file_type;
|
||||||
|
allow modem_img_file self:filesystem associate;
|
||||||
|
|
||||||
|
# TCP logging
|
||||||
|
type tcpdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
|
||||||
|
|
||||||
|
# Wireless
|
||||||
|
type sysfs_wlc, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Camera
|
||||||
|
type persist_camera_file, file_type;
|
||||||
|
type vendor_camera_tuning_file, vendor_file_type, file_type;
|
||||||
|
type vendor_camera_data_file, file_type, data_file_type;
|
||||||
|
|
||||||
|
# EdgeTPU hal data file
|
||||||
|
type hal_neuralnetworks_darwinn_data_file, file_type, data_file_type;
|
||||||
|
|
||||||
|
# EdgeTPU vendor service data file
|
||||||
|
type edgetpu_vendor_service_data_file, file_type, data_file_type;
|
||||||
|
|
||||||
|
# EdgeTPU sysfs
|
||||||
|
type sysfs_edgetpu, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Vendor sched files
|
||||||
|
type sysfs_vendor_sched, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# GPS
|
||||||
|
type vendor_gps_file, file_type, data_file_type;
|
||||||
|
userdebug_or_eng(`
|
||||||
|
typeattribute vendor_gps_file mlstrustedobject;
|
||||||
|
')
|
||||||
|
type sysfs_gps, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Display
|
||||||
|
type sysfs_display, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Backlight
|
||||||
|
type sysfs_backlight, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Charger
|
||||||
|
type sysfs_chargelevel, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# ODPM
|
||||||
|
type odpm_config_file, file_type, data_file_type;
|
||||||
|
type sysfs_odpm, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# bcl
|
||||||
|
type sysfs_bcl, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Chosen
|
||||||
|
type sysfs_chosen, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
type sysfs_chip_id, sysfs_type, fs_type;
|
||||||
|
type sysfs_spi, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Battery
|
||||||
|
type persist_battery_file, file_type, vendor_persist_type;
|
||||||
|
|
||||||
|
# CPU
|
||||||
|
type sysfs_cpu, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# GPU
|
||||||
|
type sysfs_gpu, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Fabric
|
||||||
|
type sysfs_fabric, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Memory
|
||||||
|
type sysfs_memory, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# bcmdhd (Broadcom FullMAC wireless cards support)
|
||||||
|
type sysfs_bcmdhd, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Video
|
||||||
|
type sysfs_video, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# TODO(b/184768835): remove this once the bug is fixed
|
||||||
|
# LHBM (Local High Brightness Mode)
|
||||||
|
type sysfs_lhbm, sysfs_type, fs_type, mlstrustedobject;
|
||||||
|
|
||||||
|
# UWB vendor
|
||||||
|
type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type;
|
||||||
|
|
||||||
|
# PixelStats_vendor
|
||||||
|
type sysfs_pixelstats, fs_type, sysfs_type;
|
||||||
|
|
||||||
|
# WLC FW
|
||||||
|
type vendor_wlc_fwupdata_file, vendor_file_type, file_type;
|
||||||
462
whitechapel/vendor/google/file_contexts
vendored
Normal file
462
whitechapel/vendor/google/file_contexts
vendored
Normal file
|
|
@ -0,0 +1,462 @@
|
||||||
|
#
|
||||||
|
# Exynos HAL
|
||||||
|
#
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.4-service\.widevine u:object_r:hal_drm_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service32 u:object_r:hal_usb_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.ExynosHWCServiceTW@1\.0-service u:object_r:hal_vendor_hwcservice_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.configstore@1\.0-service u:object_r:hal_configstore_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.3-service\.gs201 u:object_r:hal_usb_impl_exec:s0
|
||||||
|
/(vendor|system/vendor)/lib(64)?/libion_exynos\.so u:object_r:same_process_hal_file:s0
|
||||||
|
|
||||||
|
/(vendor|system/vendor)/lib(64)?/libOpenCL\.so u:object_r:same_process_hal_file:s0
|
||||||
|
/(vendor|system/vendor)/lib(64)?/libOpenCL-pixel\.so u:object_r:same_process_hal_file:s0
|
||||||
|
/(vendor|system/vendor)/lib(64)?/libdmabufheap\.so u:object_r:same_process_hal_file:s0
|
||||||
|
/(vendor|system/vendor)/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0
|
||||||
|
|
||||||
|
/vendor/bin/usf_stats u:object_r:vendor_usf_stats:s0
|
||||||
|
/vendor/bin/usf_reg_edit u:object_r:vendor_usf_reg_edit:s0
|
||||||
|
/vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0
|
||||||
|
|
||||||
|
#
|
||||||
|
# HALs
|
||||||
|
#
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-2]-service-gs201 u:object_r:hal_bootctl_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@1\.1-service-brcm u:object_r:hal_gnss_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@2\.0-service-brcm u:object_r:hal_gnss_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@[0-9]\.[0-9]-service-brcm u:object_r:hal_gnss_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.1-service\.gs201 u:object_r:hal_dumpstate_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service\.gs201 u:object_r:hal_power_stats_default_exec:s0
|
||||||
|
# Wireless charger HAL
|
||||||
|
/(vendor|system/vendor)/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0
|
||||||
|
|
||||||
|
# Vendor Firmwares
|
||||||
|
/(vendor|system/vendor)/firmware(/.*)? u:object_r:vendor_fw_file:s0
|
||||||
|
|
||||||
|
#
|
||||||
|
# Exynos Block Devices
|
||||||
|
#
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/cache u:object_r:cache_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/fat u:object_r:fat_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/modem u:object_r:modem_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/persist u:object_r:persist_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/system u:object_r:system_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/vendor u:object_r:vendor_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/frp u:object_r:frp_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/misc u:object_r:misc_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/acpm_test_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/dtb_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/ect_test_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/hypervisor_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/keystorage_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/reclaim_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/super u:object_r:super_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0
|
||||||
|
/dev/block/sda u:object_r:sda_block_device:s0
|
||||||
|
/dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0
|
||||||
|
|
||||||
|
#
|
||||||
|
# Exynos Devices
|
||||||
|
#
|
||||||
|
/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
|
||||||
|
/dev/bbd_control u:object_r:vendor_gnss_device:s0
|
||||||
|
/dev/bbd_pwrstat u:object_r:power_stats_device:s0
|
||||||
|
/dev/ttyBCM u:object_r:vendor_gnss_device:s0
|
||||||
|
/dev/nanohub u:object_r:vendor_nanohub_device:s0
|
||||||
|
/dev/nanohub_comms u:object_r:vendor_nanohub_device:s0
|
||||||
|
/dev/m2m1shot_scaler0 u:object_r:vendor_m2m1shot_device:s0
|
||||||
|
/dev/radio0 u:object_r:radio_device:s0
|
||||||
|
/dev/dri/card0 u:object_r:graphics_device:s0
|
||||||
|
/dev/fimg2d u:object_r:graphics_device:s0
|
||||||
|
/dev/g2d u:object_r:graphics_device:s0
|
||||||
|
/dev/tsmux u:object_r:video_device:s0
|
||||||
|
/dev/repeater u:object_r:video_device:s0
|
||||||
|
/dev/scsc_h4_0 u:object_r:radio_device:s0
|
||||||
|
/dev/umts_boot0 u:object_r:radio_device:s0
|
||||||
|
/dev/tui-driver u:object_r:tui_device:s0
|
||||||
|
/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0
|
||||||
|
/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0
|
||||||
|
/dev/logbuffer_wireless u:object_r:logbuffer_device:s0
|
||||||
|
/dev/logbuffer_ttf u:object_r:logbuffer_device:s0
|
||||||
|
/dev/logbuffer_maxq u:object_r:logbuffer_device:s0
|
||||||
|
/dev/logbuffer_rtx u:object_r:logbuffer_device:s0
|
||||||
|
/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0
|
||||||
|
/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0
|
||||||
|
/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0
|
||||||
|
/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0
|
||||||
|
|
||||||
|
# DM tools device
|
||||||
|
/dev/umts_dm0 u:object_r:radio_device:s0
|
||||||
|
/dev/umts_router u:object_r:radio_device:s0
|
||||||
|
|
||||||
|
# OEM IPC device
|
||||||
|
/dev/oem_ipc[0-7] u:object_r:radio_device:s0
|
||||||
|
|
||||||
|
# SIPC RIL device
|
||||||
|
/dev/umts_ipc0 u:object_r:radio_device:s0
|
||||||
|
/dev/umts_ipc1 u:object_r:radio_device:s0
|
||||||
|
/dev/umts_rfs0 u:object_r:radio_device:s0
|
||||||
|
/dev/ttyGS[0-3] u:object_r:serial_device:s0
|
||||||
|
/dev/watchdog0 u:object_r:watchdog_device:s0
|
||||||
|
|
||||||
|
# GPU device
|
||||||
|
/dev/mali0 u:object_r:gpu_device:s0
|
||||||
|
/dev/s5p-smem u:object_r:vendor_secmem_device:s0
|
||||||
|
/dev/umts_wfc[01] u:object_r:pktrouter_device:s0
|
||||||
|
|
||||||
|
#
|
||||||
|
# Exynos Daemon Exec
|
||||||
|
#
|
||||||
|
/(vendor|system/vendor)/bin/cbd u:object_r:cbd_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/dmd u:object_r:dmd_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/scd u:object_r:scd_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/gpsd u:object_r:gpsd_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/lhd u:object_r:lhd_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/rild_exynos u:object_r:rild_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/rfsd u:object_r:rfsd_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/sced u:object_r:sced_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/vcd u:object_r:vcd_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/bipchmgr u:object_r:bipchmgr_exec:s0
|
||||||
|
|
||||||
|
# WFC
|
||||||
|
/(vendor|system/vendor)/bin/wfc-pkt-router u:object_r:pktrouter_exec:s0
|
||||||
|
|
||||||
|
#
|
||||||
|
# Exynos Data Files
|
||||||
|
#
|
||||||
|
# gnss/gps data/log files
|
||||||
|
/data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0
|
||||||
|
|
||||||
|
#
|
||||||
|
# Exynos Log Files
|
||||||
|
#
|
||||||
|
/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
|
||||||
|
/data/vendor/log/cbd(/.*)? u:object_r:vendor_cbd_log_file:s0
|
||||||
|
/data/vendor/log/dmd(/.*)? u:object_r:vendor_dmd_log_file:s0
|
||||||
|
/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0
|
||||||
|
/data/vendor/log/dump(/.*)? u:object_r:vendor_dump_log_file:s0
|
||||||
|
/data/vendor/log/rild(/.*)? u:object_r:vendor_rild_log_file:s0
|
||||||
|
/data/vendor/log/sced(/.*)? u:object_r:vendor_sced_log_file:s0
|
||||||
|
/data/vendor/log/slog(/.*)? u:object_r:vendor_slog_file:s0
|
||||||
|
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
|
||||||
|
/data/vendor/log/vcd(/.*)? u:object_r:vendor_vcd_log_file:s0
|
||||||
|
|
||||||
|
/persist/sensorcal\.json u:object_r:sensors_cal_file:s0
|
||||||
|
|
||||||
|
# data files
|
||||||
|
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
|
||||||
|
|
||||||
|
# Camera
|
||||||
|
/vendor/bin/hw/android\.hardware\.camera\.provider@2\.7-service-google u:object_r:hal_camera_default_exec:s0
|
||||||
|
/vendor/lib64/camera u:object_r:vendor_camera_tuning_file:s0
|
||||||
|
/vendor/lib64/camera/ghawb_para_lut\.bin u:object_r:vendor_camera_tuning_file:s0
|
||||||
|
/vendor/lib64/camera/slider_.*\.binarypb u:object_r:vendor_camera_tuning_file:s0
|
||||||
|
/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0
|
||||||
|
/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0
|
||||||
|
/data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0
|
||||||
|
/vendor/lib(64)?/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0
|
||||||
|
/vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0
|
||||||
|
|
||||||
|
/dev/stmvl53l1_ranging u:object_r:rls_device:s0
|
||||||
|
|
||||||
|
/dev/lwis-act0 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-act1 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-act-ak7377 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-act-lc898129 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-act-sem1215sa u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-csi u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-dpm u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-eeprom0 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-eeprom1 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-eeprom2 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-eeprom-lc898128 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-eeprom-lc898129 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-eeprom-m24c64s u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-eeprom-m24c64s-imx355-inner u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-eeprom-m24c64s-imx355-outer u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-eeprom-m24c64x u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-eeprom-m24c64x-imx386 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-eeprom-m24c64x-imx663 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-eeprom-sem1215sa u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-flash0 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-g3aa u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-gdc0 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-gdc1 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-gtnr-align u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-gtnr-merge u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-ipp u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-itp u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-mcsc u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-ois-lc898128 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-ois-lc898129 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-ois-sem1215sa u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-pdp u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-scsc u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-sensor0 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-sensor1 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-sensor2 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-sensor-gn1 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-sensor-imx355 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-sensor-imx355-inner u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-sensor-imx355-outer u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-sensor-imx363 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-sensor-imx386 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-sensor-imx586 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-sensor-imx663 u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-slc u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-top u:object_r:lwis_device:s0
|
||||||
|
/dev/lwis-votf u:object_r:lwis_device:s0
|
||||||
|
|
||||||
|
# VIDEO
|
||||||
|
/vendor/bin/hw/samsung\.hardware\.media\.c2@1\.0-service u:object_r:mediacodec_exec:s0
|
||||||
|
/vendor/bin/hw/google\.hardware\.media\.c2@1\.0-service u:object_r:mediacodec_exec:s0
|
||||||
|
/data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0
|
||||||
|
|
||||||
|
# thermal sysfs files
|
||||||
|
/sys/class/thermal(/.*)? u:object_r:sysfs_thermal:s0
|
||||||
|
/sys/devices/virtual/thermal(/.*)? u:object_r:sysfs_thermal:s0
|
||||||
|
|
||||||
|
|
||||||
|
# IMS VoWiFi
|
||||||
|
/data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0
|
||||||
|
/data/vendor/VoWiFi(/.*)? u:object_r:vendor_ims_data_file:s0
|
||||||
|
|
||||||
|
# Sensors
|
||||||
|
/data/vendor/sensor(/.*)? u:object_r:sensor_vendor_data_file:s0
|
||||||
|
/dev/acd-com.google.usf u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-logging u:object_r:aoc_device:s0
|
||||||
|
/dev/aoc u:object_r:aoc_device:s0
|
||||||
|
|
||||||
|
# Contexthub
|
||||||
|
/vendor/bin/hw/android\.hardware\.contexthub@1\.2-service\.generic u:object_r:hal_contexthub_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/chre u:object_r:chre_exec:s0
|
||||||
|
/dev/socket/chre u:object_r:chre_socket:s0
|
||||||
|
|
||||||
|
# Modem logging
|
||||||
|
/vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0
|
||||||
|
|
||||||
|
# TCP logging
|
||||||
|
/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0
|
||||||
|
/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0
|
||||||
|
|
||||||
|
# Audio logging
|
||||||
|
/vendor/bin/aocdump u:object_r:aocdump_exec:s0
|
||||||
|
|
||||||
|
# modem_svc_sit files
|
||||||
|
/vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0
|
||||||
|
/data/vendor/modem_stat/debug\.txt u:object_r:modem_stat_data_file:s0
|
||||||
|
|
||||||
|
# modem mnt files
|
||||||
|
/mnt/vendor/efs(/.*)? u:object_r:modem_efs_file:s0
|
||||||
|
/mnt/vendor/efs_backup(/.*)? u:object_r:modem_efs_file:s0
|
||||||
|
/mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0
|
||||||
|
/mnt/vendor/modem_userdata(/.*)? u:object_r:modem_userdata_file:s0
|
||||||
|
/mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0
|
||||||
|
|
||||||
|
# Kernel modules related
|
||||||
|
/vendor/bin/init\.insmod\.sh u:object_r:init-insmod-sh_exec:s0
|
||||||
|
|
||||||
|
# NFC
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0
|
||||||
|
/dev/st21nfc u:object_r:nfc_device:s0
|
||||||
|
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
|
||||||
|
|
||||||
|
# SecureElement
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service\.st u:object_r:hal_secure_element_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_default_exec:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2 u:object_r:hal_secure_element_default_exec:s0
|
||||||
|
/dev/st54j_se u:object_r:secure_element_device:s0
|
||||||
|
/dev/st54spi u:object_r:secure_element_device:s0
|
||||||
|
/dev/st33spi u:object_r:secure_element_device:s0
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_default_exec:s0
|
||||||
|
|
||||||
|
# Bluetooth
|
||||||
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.1-service\.bcmbtlinux u:object_r:hal_bluetooth_btlinux_exec:s0
|
||||||
|
/dev/wbrc u:object_r:wb_coexistence_dev:s0
|
||||||
|
/dev/ttySAC16 u:object_r:hci_attach_dev:s0
|
||||||
|
/dev/logbuffer_btlpm u:object_r:logbuffer_device:s0
|
||||||
|
/dev/logbuffer_tty16 u:object_r:logbuffer_device:s0
|
||||||
|
|
||||||
|
# Audio
|
||||||
|
/mnt/vendor/persist/aoc(/.*)? u:object_r:persist_aoc_file:s0
|
||||||
|
/mnt/vendor/persist/audio(/.*)? u:object_r:persist_audio_file:s0
|
||||||
|
/data/vendor/audio(/.*)? u:object_r:audio_vendor_data_file:s0
|
||||||
|
/vendor/etc/aoc(/.*)? u:object_r:aoc_audio_file:s0
|
||||||
|
/dev/acd-audio_output_tuning u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-audio_bulk_tx u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-audio_bulk_rx u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-audio_input_tuning u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-audio_input_bulk_tx u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-audio_input_bulk_rx u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-sound_trigger u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-hotword_notification u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-hotword_pcm u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-ambient_pcm u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-model_data u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-debug u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-audio_tap[0-9]* u:object_r:aoc_device:s0
|
||||||
|
/dev/acd-audio_dcdoff_ref u:object_r:aoc_device:s0
|
||||||
|
/dev/amcs u:object_r:amcs_device:s0
|
||||||
|
|
||||||
|
# AudioMetric
|
||||||
|
/(vendor|system/vendor)/bin/hw/vendor\.google\.audiometricext@1\.0-service-vendor u:object_r:hal_audiometricext_default_exec:s0
|
||||||
|
|
||||||
|
|
||||||
|
# Trusty
|
||||||
|
/vendor/bin/securedpud.slider u:object_r:securedpud_slider_exec:s0
|
||||||
|
/vendor/bin/storageproxyd u:object_r:tee_exec:s0
|
||||||
|
/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0
|
||||||
|
/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0
|
||||||
|
/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0
|
||||||
|
/vendor/bin/hw/android\.hardware\.keymaster@4\.0-service\.trusty u:object_r:hal_keymaster_default_exec:s0
|
||||||
|
/vendor/bin/hw/android\.hardware\.confirmationui@1\.0-service\.trusty\.vendor u:object_r:hal_confirmationui_default_exec:s0
|
||||||
|
/dev/trusty-ipc-dev0 u:object_r:tee_device:s0
|
||||||
|
/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0
|
||||||
|
/mnt/vendor/persist/ss(/.*)? u:object_r:tee_data_file:s0
|
||||||
|
/dev/sg1 u:object_r:sg_device:s0
|
||||||
|
|
||||||
|
# Battery
|
||||||
|
/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0
|
||||||
|
|
||||||
|
# AoC file contexts.
|
||||||
|
/vendor/bin/aocd u:object_r:aocd_exec:s0
|
||||||
|
|
||||||
|
# NeuralNetworks file contexts
|
||||||
|
/vendor/bin/hw/android\.hardware\.neuralnetworks@1\.3-service-armnn u:object_r:hal_neuralnetworks_armnn_exec:s0
|
||||||
|
/vendor/bin/hw/android\.hardware\.neuralnetworks@1\.3-service-darwinn u:object_r:hal_neuralnetworks_darwinn_exec:s0
|
||||||
|
/vendor/bin/hw/android\.hardware\.neuralnetworks@service-darwinn-aidl u:object_r:hal_neuralnetworks_darwinn_exec:s0
|
||||||
|
|
||||||
|
# GRIL
|
||||||
|
/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0
|
||||||
|
|
||||||
|
# Uwb
|
||||||
|
# R4
|
||||||
|
/vendor/bin/hw/hardware\.qorvo\.uwb-service u:object_r:hal_uwb_default_exec:s0
|
||||||
|
|
||||||
|
# Radio files.
|
||||||
|
/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
|
||||||
|
|
||||||
|
# RILD files
|
||||||
|
/data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0
|
||||||
|
|
||||||
|
# Citadel StrongBox
|
||||||
|
/dev/gsc0 u:object_r:citadel_device:s0
|
||||||
|
|
||||||
|
# EdgeTPU device (DarwiNN)
|
||||||
|
/dev/abrolhos u:object_r:edgetpu_device:s0
|
||||||
|
|
||||||
|
# EdgeTPU logging service
|
||||||
|
/vendor/bin/hw/android\.hardware\.edgetpu\.logging@service-edgetpu-logging u:object_r:edgetpu_logging_exec:s0
|
||||||
|
|
||||||
|
# EdgeTPU service binaries and libraries
|
||||||
|
/system_ext/bin/hw/vendor\.google\.edgetpu_app_service@1\.0-service u:object_r:edgetpu_app_server_exec:s0
|
||||||
|
/vendor/lib64/com\.google\.edgetpu_app_service-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
|
||||||
|
/vendor/lib64/libedgetpu_client\.google\.so u:object_r:same_process_hal_file:s0
|
||||||
|
|
||||||
|
# EdgeTPU vendor service
|
||||||
|
/vendor/bin/hw/vendor\.google\.edgetpu_vendor_service@1\.0-service u:object_r:edgetpu_vendor_server_exec:s0
|
||||||
|
/vendor/lib64/com\.google\.edgetpu_vendor_service-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
|
||||||
|
|
||||||
|
# EdgeTPU runtime libraries
|
||||||
|
/vendor/lib64/libedgetpu_darwinn2\.so u:object_r:same_process_hal_file:s0
|
||||||
|
/vendor/lib64/libedgetpu_util\.so u:object_r:same_process_hal_file:s0
|
||||||
|
|
||||||
|
# EdgeTPU data files
|
||||||
|
/data/vendor/edgetpu(/.*)? u:object_r:edgetpu_vendor_service_data_file:s0
|
||||||
|
/data/vendor/hal_neuralnetworks_darwinn(/.*)? u:object_r:hal_neuralnetworks_darwinn_data_file:s0
|
||||||
|
|
||||||
|
# Tetheroffload Service
|
||||||
|
/dev/dit2 u:object_r:vendor_toe_device:s0
|
||||||
|
/vendor/bin/hw/vendor\.samsung_slsi\.hardware\.tetheroffload@1\.0-service u:object_r:hal_tetheroffload_default_exec:s0
|
||||||
|
|
||||||
|
# pixelstats binary
|
||||||
|
/vendor/bin/pixelstats-vendor u:object_r:pixelstats_vendor_exec:s0
|
||||||
|
|
||||||
|
# Vendor_kernel_modules
|
||||||
|
/vendor_dlkm/lib/modules/.*\.ko u:object_r:vendor_kernel_modules:s0
|
||||||
|
|
||||||
|
# Display
|
||||||
|
/vendor/lib(64)?/libion_google\.so u:object_r:same_process_hal_file:s0
|
||||||
|
/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0
|
||||||
|
/vendor/lib(64)?/hw/gralloc\.gs201\.so u:object_r:same_process_hal_file:s0
|
||||||
|
/vendor/lib(64)?/hw/vulkan\.gs201\.so u:object_r:same_process_hal_file:s0
|
||||||
|
/vendor/lib(64)?/arm\.graphics-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
|
||||||
|
|
||||||
|
# Touch
|
||||||
|
/dev/touch_offload u:object_r:touch_offload_device:s0
|
||||||
|
/vendor/bin/twoshay u:object_r:twoshay_exec:s0
|
||||||
|
|
||||||
|
# Fingerprint
|
||||||
|
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
||||||
|
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
||||||
|
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:hal_fingerprint_default_exec:s0
|
||||||
|
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.fpc u:object_r:hal_fingerprint_default_exec:s0
|
||||||
|
|
||||||
|
# ECC List
|
||||||
|
/vendor/bin/init\.radio\.sh u:object_r:init_radio_exec:s0
|
||||||
|
|
||||||
|
# Zram
|
||||||
|
/data/per_boot(/.*)? u:object_r:per_boot_file:s0
|
||||||
|
|
||||||
|
# cpuctl
|
||||||
|
/dev/cpuctl(/.*)? u:object_r:cpuctl_device:s0
|
||||||
|
|
||||||
|
# ODPM
|
||||||
|
/data/vendor/powerstats(/.*)? u:object_r:odpm_config_file:s0
|
||||||
|
|
||||||
|
# sensor direct DMA-BUF heap
|
||||||
|
/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0
|
||||||
|
|
||||||
|
# Console
|
||||||
|
/dev/ttySAC0 u:object_r:tty_device:s0
|
||||||
|
|
||||||
|
# faceauth DMA-BUF heaps
|
||||||
|
/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0
|
||||||
|
/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0
|
||||||
|
/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0
|
||||||
|
/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0
|
||||||
|
/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0
|
||||||
|
|
||||||
|
# vframe-secure DMA-BUF heap
|
||||||
|
/dev/dma_heap/vframe-secure u:object_r:vframe_heap_device:s0
|
||||||
|
|
||||||
|
# vscaler-secure DMA-BUF heap
|
||||||
|
/dev/dma_heap/vscaler-secure u:object_r:vscaler_heap_device:s0
|
||||||
|
|
||||||
|
# vstream-secure DMA-BUF heap
|
||||||
|
/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0
|
||||||
|
|
||||||
|
# BigOcean
|
||||||
|
/dev/bigocean u:object_r:video_device:s0
|
||||||
|
|
||||||
|
# Fingerprint
|
||||||
|
/dev/goodix_fp u:object_r:fingerprint_device:s0
|
||||||
|
|
||||||
|
# Wifi Firmware config update
|
||||||
|
/data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0
|
||||||
|
|
||||||
|
# WLC FW update
|
||||||
|
/vendor/bin/wlc_upt/p9412_mtp u:object_r:vendor_wlc_fwupdata_file:s0
|
||||||
|
/vendor/bin/wlc_upt/wlc_fw_update\.sh u:object_r:wlcfwupdate_exec:s0
|
||||||
3
whitechapel/vendor/google/fsck.te
vendored
Normal file
3
whitechapel/vendor/google/fsck.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
allow fsck persist_block_device:blk_file rw_file_perms;
|
||||||
|
allow fsck efs_block_device:blk_file rw_file_perms;
|
||||||
|
allow fsck modem_userdata_block_device:blk_file rw_file_perms;
|
||||||
356
whitechapel/vendor/google/genfs_contexts
vendored
Normal file
356
whitechapel/vendor/google/genfs_contexts
vendored
Normal file
|
|
@ -0,0 +1,356 @@
|
||||||
|
# AOC
|
||||||
|
genfscon sysfs /devices/platform/19000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0
|
||||||
|
genfscon sysfs /devices/platform/19000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0
|
||||||
|
genfscon sysfs /devices/platform/19000000.aoc u:object_r:sysfs_aoc:s0
|
||||||
|
genfscon sysfs /devices/platform/19000000.aoc/reset u:object_r:sysfs_aoc_reset:s0
|
||||||
|
|
||||||
|
# WiFi
|
||||||
|
genfscon sysfs /wifi u:object_r:sysfs_wifi:s0
|
||||||
|
# Battery
|
||||||
|
genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/google,cpm/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0
|
||||||
|
|
||||||
|
# Slider
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-8/8-0050 u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-8/8-0050/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d10000.hsi2c/i2c-7/i2c-p9412 u:object_r:sysfs_wlc:s0
|
||||||
|
genfscon sysfs /devices/platform/10d10000.hsi2c/i2c-7/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
# Whitefin
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0050 u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0050/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
# R4 / P7 LunchBox
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/i2c-max77759tcpc u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/i2c-max77759tcpc/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-p9412 u:object_r:sysfs_wlc:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0061/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d30000.spi/spi_master/spi10/spi10.0/uwb/power_stats u:object_r:sysfs_power_stats:s0
|
||||||
|
|
||||||
|
# O6
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/i2c-max77759tcpc u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/i2c-max77759tcpc/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-p9412 u:object_r:sysfs_wlc:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0
|
||||||
|
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/i2c-max77759tcpc u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/i2c-max77759tcpc/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||||
|
|
||||||
|
# Storage
|
||||||
|
genfscon debugfs /f2fs u:object_r:debugfs_f2fs:s0
|
||||||
|
genfscon proc /fs/f2fs u:object_r:proc_f2fs:s0
|
||||||
|
genfscon proc /sys/vm/swappiness u:object_r:proc_dirty:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0
|
||||||
|
|
||||||
|
# Tethering
|
||||||
|
genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/gadget/net u:object_r:sysfs_net:s0
|
||||||
|
|
||||||
|
# Vibrator
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/4-005a u:object_r:sysfs_vibrator:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l25a u:object_r:sysfs_vibrator:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0042 u:object_r:sysfs_vibrator:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l25a u:object_r:sysfs_vibrator:s0
|
||||||
|
|
||||||
|
# Fingerprint
|
||||||
|
genfscon sysfs /devices/platform/odm/odm:fp_fpc1020 u:object_r:sysfs_fingerprint:s0
|
||||||
|
|
||||||
|
# System_suspend
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/cpif/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0050/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0050/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/175b0000.serial/serial0/serial0-0/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d40000.spi/spi_master/spi11/spi11.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/11110000.usb/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /sys/devices/platform/10d50000.hsi2c/i2c-5/5-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/6-0036/power_supply/maxfg_base/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0050/power_supply/tcpm-source-psy-5-0050/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10960000.hsi2c/i2c-3/i2c-st21nfc/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/19000000.aoc/usb_control/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/11110000.usb/11110000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
|
||||||
|
# Touch
|
||||||
|
genfscon sysfs /devices/platform/10d40000.spi/spi_master/spi11/spi11.0 u:object_r:sysfs_touch:s0
|
||||||
|
genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0 u:object_r:sysfs_touch:s0
|
||||||
|
genfscon proc /fts/driver_test u:object_r:proc_touch:s0
|
||||||
|
genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0
|
||||||
|
genfscon sysfs /devices/virtual/sec/tsp u:object_r:sysfs_touch:s0
|
||||||
|
|
||||||
|
# EdgeTPU
|
||||||
|
genfscon sysfs /devices/platform/1ce00000.abrolhos u:object_r:sysfs_edgetpu:s0
|
||||||
|
genfscon sysfs /devices/platform/abrolhos u:object_r:sysfs_edgetpu:s0
|
||||||
|
|
||||||
|
# Vendor sched files
|
||||||
|
genfscon sysfs /kernel/vendor_sched/bg_prefer_high_cap u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/bg_prefer_idle u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/bg_task_spreading u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/bg_uclamp_max u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/bg_uclamp_min u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/cam_prefer_high_cap u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/cam_prefer_idle u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/cam_task_spreading u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/cam_uclamp_max u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/cam_uclamp_min u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/fg_prefer_high_cap u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/fg_prefer_idle u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/fg_task_spreading u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/fg_uclamp_max u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/fg_uclamp_min u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/ta_prefer_high_cap u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/ta_prefer_idle u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/ta_task_spreading u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/ta_uclamp_max u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/ta_uclamp_min u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/sys_prefer_high_cap u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/sys_prefer_idle u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/sys_task_spreading u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/sys_uclamp_max u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/sys_uclamp_min u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/sysbg_prefer_high_cap u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/sysbg_prefer_idle u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/sysbg_task_spreading u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/sysbg_uclamp_max u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/sysbg_uclamp_min u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/nnapi_prefer_high_cap u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/nnapi_prefer_idle u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/nnapi_task_spreading u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/nnapi_uclamp_max u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/nnapi_uclamp_min u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/clear_group u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/set_task_group_bg u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/set_task_group_cam u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/set_task_group_fg u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/set_task_group_nnapi u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/set_task_group_sys u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/set_task_group_sysbg u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/set_task_group_ta u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/high_capacity_start_cpu u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/uclamp_effective_stats u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/reset_uclamp_stats u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/uclamp_stats u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/uclamp_threshold u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/uclamp_util_diff_stats u:object_r:sysfs_vendor_sched:s0
|
||||||
|
genfscon sysfs /kernel/vendor_sched/util_threshold u:object_r:sysfs_vendor_sched:s0
|
||||||
|
|
||||||
|
# GPS
|
||||||
|
genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby u:object_r:sysfs_gps:s0
|
||||||
|
|
||||||
|
# Display
|
||||||
|
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/gamma u:object_r:sysfs_display:s0
|
||||||
|
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/gamma u:object_r:sysfs_display:s0
|
||||||
|
genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock u:object_r:sysfs_display:s0
|
||||||
|
genfscon sysfs /devices/platform/1c2d0000.drmdsim/hs_clock u:object_r:sysfs_display:s0
|
||||||
|
|
||||||
|
# TODO(b/184768835): remove this once the bug is fixed
|
||||||
|
# Display / LHBM (Local High Brightness Mode)
|
||||||
|
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/local_hbm_mode u:object_r:sysfs_lhbm:s0
|
||||||
|
|
||||||
|
# Modem
|
||||||
|
genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0
|
||||||
|
|
||||||
|
# Bluetooth
|
||||||
|
genfscon sysfs /devices/platform/175b0000.serial/serial0/serial0-0/bluetooth/hci0/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
|
||||||
|
genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
|
||||||
|
genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0
|
||||||
|
genfscon proc /bluetooth/sleep/lpm u:object_r:proc_bluetooth_writable:s0
|
||||||
|
genfscon proc /bluetooth/sleep/btwrite u:object_r:proc_bluetooth_writable:s0
|
||||||
|
genfscon proc /bluetooth/sleep/btwake u:object_r:proc_bluetooth_writable:s0
|
||||||
|
|
||||||
|
# ODPM
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0
|
||||||
|
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0
|
||||||
|
|
||||||
|
# bcl sysfs files
|
||||||
|
genfscon sysfs /devices/virtual/pmic/mitigation u:object_r:sysfs_bcl:s0
|
||||||
|
|
||||||
|
# Chosen
|
||||||
|
genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0
|
||||||
|
|
||||||
|
genfscon sysfs /devices/system/chip-id/ap_hw_tune_str u:object_r:sysfs_chip_id:s0
|
||||||
|
genfscon sysfs /devices/system/chip-id/evt_ver u:object_r:sysfs_chip_id:s0
|
||||||
|
genfscon sysfs /devices/system/chip-id/lot_id u:object_r:sysfs_chip_id:s0
|
||||||
|
genfscon sysfs /devices/system/chip-id/product_id u:object_r:sysfs_chip_id:s0
|
||||||
|
genfscon sysfs /devices/system/chip-id/revision u:object_r:sysfs_chip_id:s0
|
||||||
|
genfscon sysfs /devices/system/chip-id/raw_str u:object_r:sysfs_chip_id:s0
|
||||||
|
|
||||||
|
# system_suspend wakeup nodes
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-p9412/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-p9412/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/14520000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/i2c-max77759tcpc/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/i2c-max77759tcpc/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0057/power_supply/pca9468-mains/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l25a/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/i2c-max77759tcpc/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/14520000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-p9412/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/i2c-max77759tcpc/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/i2c-s2mpg11mfd/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-p9412/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/i2c-max77759tcpc/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/6-0057/power_supply/pca9468-mains/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/i2c-max77759tcpc/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/6-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/6-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10960000.hsi2c/i2c-4/i2c-st21nfc/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l25a/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/6-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/i2c-max77759tcpc/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/i2c-max77759tcpc/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/i2c-max77759tcpc/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/7-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/7-0069/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/7-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0
|
||||||
|
|
||||||
|
# OTA
|
||||||
|
genfscon sysfs /devices/platform/14700000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0
|
||||||
|
|
||||||
|
# ACPM
|
||||||
|
genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0
|
||||||
|
|
||||||
|
genfscon sysfs /devices/platform/10d40000.spi/spi_master u:object_r:sysfs_spi:s0
|
||||||
|
|
||||||
|
# Exynos
|
||||||
|
genfscon sysfs /devices/platform/exynos-bts u:object_r:sysfs_exynos_bts:s0
|
||||||
|
genfscon sysfs /devices/platform/exynos-bts/bts_stats u:object_r:sysfs_exynos_bts_stats:s0
|
||||||
|
|
||||||
|
# CPU
|
||||||
|
genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/time_in_state u:object_r:sysfs_cpu:s0
|
||||||
|
genfscon sysfs /devices/platform/cpupm/cpupm/time_in_state u:object_r:sysfs_cpu:s0
|
||||||
|
genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/time_in_state u:object_r:sysfs_cpu:s0
|
||||||
|
genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/time_in_state u:object_r:sysfs_cpu:s0
|
||||||
|
genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/time_in_state u:object_r:sysfs_cpu:s0
|
||||||
|
genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/time_in_state u:object_r:sysfs_cpu:s0
|
||||||
|
genfscon sysfs /devices/platform/1c500000.mali/time_in_state u:object_r:sysfs_cpu:s0
|
||||||
|
genfscon sysfs /devices/platform/1c500000.mali/uid_time_in_state u:object_r:sysfs_cpu:s0
|
||||||
|
genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/time_in_state u:object_r:sysfs_cpu:s0
|
||||||
|
genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/time_in_state u:object_r:sysfs_cpu:s0
|
||||||
|
genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/time_in_state u:object_r:sysfs_cpu:s0
|
||||||
|
|
||||||
|
# Devfreq directory
|
||||||
|
genfscon sysfs /class/devfreq u:object_r:sysfs_devfreq_dir:s0
|
||||||
|
|
||||||
|
# Devfreq current frequency
|
||||||
|
genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0
|
||||||
|
genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0
|
||||||
|
genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0
|
||||||
|
genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0
|
||||||
|
genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0
|
||||||
|
genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0
|
||||||
|
genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0
|
||||||
|
genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0
|
||||||
|
|
||||||
|
# Fabric
|
||||||
|
genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load u:object_r:sysfs_fabric:s0
|
||||||
|
genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/min_freq u:object_r:sysfs_fabric:s0
|
||||||
|
|
||||||
|
# GPU
|
||||||
|
genfscon sysfs /devices/platform/1c500000.mali/hint_min_freq u:object_r:sysfs_gpu:s0
|
||||||
|
|
||||||
|
# nvmem (Non Volatile Memory layer)
|
||||||
|
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/4-0050/4-00500/nvmem u:object_r:sysfs_memory:s0
|
||||||
|
|
||||||
|
# Broadcom
|
||||||
|
genfscon sysfs /module/bcmdhd4389 u:object_r:sysfs_bcmdhd:s0
|
||||||
|
|
||||||
|
# Power Stats
|
||||||
|
genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0
|
||||||
|
genfscon sysfs /devices/platform/10960000.hsi2c/i2c-3/i2c-st21nfc/power_stats u:object_r:sysfs_power_stats:s0
|
||||||
|
genfscon sysfs /devices/platform/10960000.hsi2c/i2c-4/i2c-st21nfc/power_stats u:object_r:sysfs_power_stats:s0
|
||||||
|
genfscon sysfs /devices/platform/11920000.pcie/power_stats u:object_r:sysfs_power_stats:s0
|
||||||
|
genfscon sysfs /devices/platform/14520000.pcie/power_stats u:object_r:sysfs_power_stats:s0
|
||||||
|
|
||||||
|
# debugfs
|
||||||
|
|
||||||
|
genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0
|
||||||
|
genfscon debugfs /maxfg_base u:object_r:vendor_maxfg_debugfs:s0
|
||||||
|
genfscon debugfs /maxfg_flip u:object_r:vendor_maxfg_debugfs:s0
|
||||||
|
genfscon debugfs /dma_buf/bufinfo u:object_r:vendor_dmabuf_debugfs:s0
|
||||||
|
genfscon debugfs /dri/0/crtc- u:object_r:vendor_dri_debugfs:s0
|
||||||
|
genfscon debugfs /ion u:object_r:vendor_ion_debugfs:s0
|
||||||
|
genfscon debugfs /page_pinner u:object_r:vendor_page_pinner_debugfs:s0
|
||||||
|
genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0
|
||||||
|
genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0
|
||||||
|
genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0
|
||||||
|
genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0
|
||||||
|
genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0
|
||||||
|
genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0
|
||||||
|
genfscon debugfs /sjtag u:object_r:vendor_sjtag_debugfs:s0
|
||||||
|
|
||||||
|
# tracefs
|
||||||
|
genfscon tracefs /events/dmabuf_heap/dma_heap_stat u:object_r:debugfs_tracing:s0
|
||||||
|
|
||||||
|
# sscoredump (per device)
|
||||||
|
genfscon sysfs /devices/platform/abrolhos/sscoredump/sscd_abrolhos/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
|
||||||
|
genfscon sysfs /devices/platform/aoc/sscoredump/sscd_aoc/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
|
||||||
|
genfscon sysfs /devices/platform/bigocean/sscoredump/sscd_bigocean/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
|
||||||
|
genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
|
||||||
|
genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
|
||||||
|
genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
|
||||||
|
|
||||||
|
# mediacodec
|
||||||
|
genfscon sysfs /devices/platform/mfc/video4linux/video u:object_r:sysfs_video:s0
|
||||||
|
|
||||||
|
# pixelstat_vendor
|
||||||
|
genfscon sysfs /devices/platform/audiometrics/codec_state u:object_r:sysfs_pixelstats:s0
|
||||||
|
genfscon sysfs /devices/platform/audiometrics/hs_codec_state u:object_r:sysfs_pixelstats:s0
|
||||||
|
genfscon sysfs /devices/platform/audiometrics/speaker_impedance u:object_r:sysfs_pixelstats:s0
|
||||||
|
genfscon sysfs /devices/platform/audiometrics/speaker_excursion u:object_r:sysfs_pixelstats:s0
|
||||||
|
genfscon sysfs /devices/platform/audiometrics/speaker_heartbeat u:object_r:sysfs_pixelstats:s0
|
||||||
|
genfscon sysfs /devices/platform/audiometrics/speaker_temp u:object_r:sysfs_pixelstats:s0
|
||||||
|
genfscon sysfs /devices/platform/audiometrics/mic_broken_degrade u:object_r:sysfs_pixelstats:s0
|
||||||
|
genfscon sysfs /devices/platform/audiometrics/codec_crashed_counter u:object_r:sysfs_pixelstats:s0
|
||||||
25
whitechapel/vendor/google/gpsd.te
vendored
Normal file
25
whitechapel/vendor/google/gpsd.te
vendored
Normal file
|
|
@ -0,0 +1,25 @@
|
||||||
|
type gpsd, domain;
|
||||||
|
type gpsd_exec, vendor_file_type, exec_type, file_type;
|
||||||
|
init_daemon_domain(gpsd)
|
||||||
|
|
||||||
|
# Allow gpsd access PixelLogger unix socket in debug build only
|
||||||
|
userdebug_or_eng(`
|
||||||
|
typeattribute gpsd mlstrustedsubject;
|
||||||
|
allow gpsd logger_app:unix_stream_socket connectto;
|
||||||
|
')
|
||||||
|
|
||||||
|
# Allow gpsd to obtain wakelock
|
||||||
|
wakelock_use(gpsd)
|
||||||
|
|
||||||
|
# Allow gpsd access data vendor gps files
|
||||||
|
allow gpsd vendor_gps_file:dir create_dir_perms;
|
||||||
|
allow gpsd vendor_gps_file:file create_file_perms;
|
||||||
|
allow gpsd vendor_gps_file:fifo_file create_file_perms;
|
||||||
|
|
||||||
|
# Allow gpsd to access rild
|
||||||
|
binder_call(gpsd, rild);
|
||||||
|
allow gpsd hal_exynos_rild_hwservice:hwservice_manager find;
|
||||||
|
|
||||||
|
# Allow gpsd to access sensor service
|
||||||
|
binder_call(gpsd, system_server);
|
||||||
|
allow gpsd fwk_sensor_hwservice:hwservice_manager find;
|
||||||
12
whitechapel/vendor/google/grilservice_app.te
vendored
Normal file
12
whitechapel/vendor/google/grilservice_app.te
vendored
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
type grilservice_app, domain;
|
||||||
|
app_domain(grilservice_app)
|
||||||
|
|
||||||
|
allow grilservice_app app_api_service:service_manager find;
|
||||||
|
allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find;
|
||||||
|
allow grilservice_app hal_radioext_hwservice:hwservice_manager find;
|
||||||
|
allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find;
|
||||||
|
allow grilservice_app hal_audiometricext_hwservice:hwservice_manager find;
|
||||||
|
binder_call(grilservice_app, hal_bluetooth_btlinux)
|
||||||
|
binder_call(grilservice_app, hal_radioext_default)
|
||||||
|
binder_call(grilservice_app, hal_wifi_ext)
|
||||||
|
binder_call(grilservice_app, hal_audiometricext_default)
|
||||||
31
whitechapel/vendor/google/hal_audio_default.te
vendored
Normal file
31
whitechapel/vendor/google/hal_audio_default.te
vendored
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
vndbinder_use(hal_audio_default)
|
||||||
|
hwbinder_use(hal_audio_default)
|
||||||
|
|
||||||
|
allow hal_audio_default audio_vendor_data_file:dir rw_dir_perms;
|
||||||
|
allow hal_audio_default audio_vendor_data_file:file create_file_perms;
|
||||||
|
|
||||||
|
r_dir_file(hal_audio_default, aoc_audio_file);
|
||||||
|
r_dir_file(hal_audio_default, mnt_vendor_file);
|
||||||
|
r_dir_file(hal_audio_default, persist_audio_file);
|
||||||
|
|
||||||
|
allow hal_audio_default persist_file:dir search;
|
||||||
|
allow hal_audio_default aoc_device:file rw_file_perms;
|
||||||
|
allow hal_audio_default aoc_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
allow hal_audio_default hal_audio_ext_hwservice:hwservice_manager { find add };
|
||||||
|
|
||||||
|
allow hal_audio_default amcs_device:file rw_file_perms;
|
||||||
|
allow hal_audio_default amcs_device:chr_file rw_file_perms;
|
||||||
|
allow hal_audio_default sysfs_pixelstats:file rw_file_perms;
|
||||||
|
|
||||||
|
#allow access to DMABUF Heaps for AAudio API
|
||||||
|
allow hal_audio_default dmabuf_heap_device:chr_file r_file_perms;
|
||||||
|
|
||||||
|
get_prop(hal_audio_default, vendor_audio_prop);
|
||||||
|
|
||||||
|
userdebug_or_eng(`
|
||||||
|
allow hal_audio_default self:unix_stream_socket create_stream_socket_perms;
|
||||||
|
allow hal_audio_default audio_vendor_data_file:sock_file { create unlink };
|
||||||
|
')
|
||||||
|
|
||||||
|
wakelock_use(hal_audio_default);
|
||||||
12
whitechapel/vendor/google/hal_audiometricext_default.te
vendored
Normal file
12
whitechapel/vendor/google/hal_audiometricext_default.te
vendored
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
type hal_audiometricext_default, domain;
|
||||||
|
type hal_audiometricext_default_exec, vendor_file_type, exec_type, file_type;
|
||||||
|
init_daemon_domain(hal_audiometricext_default)
|
||||||
|
|
||||||
|
allow hal_audiometricext_default amcs_device:chr_file rw_file_perms;
|
||||||
|
allow hal_audiometricext_default sysfs_pixelstats:file rw_file_perms;
|
||||||
|
|
||||||
|
get_prop(hal_audiometricext_default, vendor_audio_prop);
|
||||||
|
get_prop(hal_audiometricext_default, hwservicemanager_prop);
|
||||||
|
|
||||||
|
hwbinder_use(hal_audiometricext_default);
|
||||||
|
add_hwservice(hal_audiometricext_default, hal_audiometricext_hwservice);
|
||||||
22
whitechapel/vendor/google/hal_bluetooth_btlinux.te
vendored
Normal file
22
whitechapel/vendor/google/hal_bluetooth_btlinux.te
vendored
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
add_hwservice(hal_bluetooth_btlinux, hal_bluetooth_coexistence_hwservice);
|
||||||
|
get_prop(hal_bluetooth_btlinux, boot_status_prop)
|
||||||
|
|
||||||
|
allow hal_bluetooth_btlinux sysfs_bluetooth_writable:file rw_file_perms;
|
||||||
|
allow hal_bluetooth_btlinux proc_bluetooth_writable:file rw_file_perms;
|
||||||
|
allow hal_bluetooth_btlinux hci_attach_dev:chr_file rw_file_perms;
|
||||||
|
allow hal_bluetooth_btlinux wb_coexistence_dev:chr_file rw_file_perms;
|
||||||
|
binder_call(hal_bluetooth_btlinux, servicemanager)
|
||||||
|
|
||||||
|
# power stats
|
||||||
|
vndbinder_use(hal_bluetooth_btlinux)
|
||||||
|
allow hal_bluetooth_btlinux hal_power_stats_vendor_service:service_manager find;
|
||||||
|
binder_call(hal_bluetooth_btlinux, hal_power_stats_default)
|
||||||
|
|
||||||
|
allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:dir create_dir_perms;
|
||||||
|
allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:file create_file_perms;
|
||||||
|
|
||||||
|
userdebug_or_eng(`
|
||||||
|
allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:dir create_dir_perms;
|
||||||
|
allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:file create_file_perms;
|
||||||
|
allow hal_bluetooth_btlinux logbuffer_device:chr_file r_file_perms;
|
||||||
|
')
|
||||||
3
whitechapel/vendor/google/hal_bootctl_default.te
vendored
Normal file
3
whitechapel/vendor/google/hal_bootctl_default.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
allow hal_bootctl_default sda_block_device:blk_file rw_file_perms;
|
||||||
|
allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms;
|
||||||
|
allow hal_bootctl_default sysfs_ota:file rw_file_perms;
|
||||||
77
whitechapel/vendor/google/hal_camera_default.te
vendored
Normal file
77
whitechapel/vendor/google/hal_camera_default.te
vendored
Normal file
|
|
@ -0,0 +1,77 @@
|
||||||
|
type hal_camera_default_tmpfs, file_type;
|
||||||
|
|
||||||
|
allow hal_camera_default self:global_capability_class_set sys_nice;
|
||||||
|
|
||||||
|
binder_use(hal_camera_default);
|
||||||
|
vndbinder_use(hal_camera_default);
|
||||||
|
|
||||||
|
allow hal_camera_default lwis_device:chr_file rw_file_perms;
|
||||||
|
allow hal_camera_default gpu_device:chr_file rw_file_perms;
|
||||||
|
allow hal_camera_default sysfs_chip_id:file r_file_perms;
|
||||||
|
|
||||||
|
# Tuscany (face auth) code that is part of the camera HAL needs to allocate
|
||||||
|
# dma_bufs and access the Trusted Execution Environment device node
|
||||||
|
allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms;
|
||||||
|
allow hal_camera_default tee_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow the camera hal to access the EdgeTPU service and the
|
||||||
|
# Android shared memory allocated by the EdgeTPU service for
|
||||||
|
# on-device compilation.
|
||||||
|
allow hal_camera_default edgetpu_device:chr_file rw_file_perms;
|
||||||
|
allow hal_camera_default sysfs_edgetpu:dir r_dir_perms;
|
||||||
|
allow hal_camera_default sysfs_edgetpu:file r_file_perms;
|
||||||
|
allow hal_camera_default edgetpu_vendor_service:service_manager find;
|
||||||
|
binder_call(hal_camera_default, edgetpu_vendor_server)
|
||||||
|
|
||||||
|
# Allow access to data files used by the camera HAL
|
||||||
|
allow hal_camera_default mnt_vendor_file:dir search;
|
||||||
|
allow hal_camera_default persist_file:dir search;
|
||||||
|
allow hal_camera_default persist_camera_file:dir search;
|
||||||
|
allow hal_camera_default persist_camera_file:file r_file_perms;
|
||||||
|
allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms;
|
||||||
|
allow hal_camera_default vendor_camera_data_file:file create_file_perms;
|
||||||
|
allow hal_camera_default vendor_camera_tuning_file:dir r_dir_perms;
|
||||||
|
allow hal_camera_default vendor_camera_tuning_file:file r_file_perms;
|
||||||
|
|
||||||
|
# Allow creating dump files for debugging in non-release builds
|
||||||
|
userdebug_or_eng(`
|
||||||
|
allow hal_camera_default vendor_camera_data_file:dir create_dir_perms;
|
||||||
|
allow hal_camera_default vendor_camera_data_file:file create_file_perms;
|
||||||
|
')
|
||||||
|
|
||||||
|
# tmpfs is used by google3 prebuilts linked by the HAL to unpack data files
|
||||||
|
# compiled into the shared libraries with cc_embed_data rules
|
||||||
|
tmpfs_domain(hal_camera_default);
|
||||||
|
|
||||||
|
# Allow access to camera-related system properties
|
||||||
|
get_prop(hal_camera_default, vendor_camera_prop);
|
||||||
|
get_prop(hal_camera_default, vendor_camera_debug_prop);
|
||||||
|
userdebug_or_eng(`
|
||||||
|
set_prop(hal_camera_default, vendor_camera_fatp_prop);
|
||||||
|
set_prop(hal_camera_default, vendor_camera_debug_prop);
|
||||||
|
')
|
||||||
|
|
||||||
|
|
||||||
|
# For camera hal to talk with rlsservice
|
||||||
|
allow hal_camera_default rls_service:service_manager find;
|
||||||
|
binder_call(hal_camera_default, rlsservice)
|
||||||
|
|
||||||
|
hal_client_domain(hal_camera_default, hal_graphics_allocator);
|
||||||
|
hal_client_domain(hal_camera_default, hal_graphics_composer)
|
||||||
|
hal_client_domain(hal_camera_default, hal_power);
|
||||||
|
hal_client_domain(hal_camera_default, hal_thermal);
|
||||||
|
|
||||||
|
# Allow access to sensor service for sensor_listener
|
||||||
|
binder_call(hal_camera_default, system_server);
|
||||||
|
|
||||||
|
# Allow Binder calls to ECO service, needed by Entropy-Aware Filtering
|
||||||
|
allow hal_camera_default eco_service:service_manager find;
|
||||||
|
binder_call(hal_camera_default, mediacodec);
|
||||||
|
|
||||||
|
# Allow camera HAL to query preferred camera frequencies from the radio HAL
|
||||||
|
# extensions to avoid interference with cellular antennas.
|
||||||
|
allow hal_camera_default hal_radioext_hwservice:hwservice_manager find;
|
||||||
|
binder_call(hal_camera_default, hal_radioext_default);
|
||||||
|
|
||||||
|
# Allow camera HAL to connect to the stats service.
|
||||||
|
allow hal_camera_default fwk_stats_service:service_manager find;
|
||||||
13
whitechapel/vendor/google/hal_confirmationui.te
vendored
Normal file
13
whitechapel/vendor/google/hal_confirmationui.te
vendored
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
allow hal_confirmationui_default tee_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
binder_call(hal_confirmationui_default, keystore)
|
||||||
|
|
||||||
|
vndbinder_use(hal_confirmationui_default)
|
||||||
|
binder_call(hal_confirmationui_default, citadeld)
|
||||||
|
allow hal_confirmationui_default citadeld_service:service_manager find;
|
||||||
|
|
||||||
|
allow hal_confirmationui_default input_device:chr_file rw_file_perms;
|
||||||
|
allow hal_confirmationui_default input_device:dir r_dir_perms;
|
||||||
|
|
||||||
|
allow hal_confirmationui_default dmabuf_system_heap_device:chr_file r_file_perms;
|
||||||
|
allow hal_confirmationui_default ion_device:chr_file r_file_perms;
|
||||||
3
whitechapel/vendor/google/hal_contexthub.te
vendored
Normal file
3
whitechapel/vendor/google/hal_contexthub.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
# Allow context hub HAL to communicate with daemon via socket
|
||||||
|
allow hal_contexthub_default chre:unix_stream_socket connectto;
|
||||||
|
allow hal_contexthub_default chre_socket:sock_file write;
|
||||||
5
whitechapel/vendor/google/hal_drm_clearkey.te
vendored
Normal file
5
whitechapel/vendor/google/hal_drm_clearkey.te
vendored
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
type hal_drm_clearkey, domain;
|
||||||
|
type hal_drm_clearkey_exec, vendor_file_type, exec_type, file_type;
|
||||||
|
init_daemon_domain(hal_drm_clearkey)
|
||||||
|
|
||||||
|
hal_server_domain(hal_drm_clearkey, hal_drm)
|
||||||
6
whitechapel/vendor/google/hal_drm_default.te
vendored
Normal file
6
whitechapel/vendor/google/hal_drm_default.te
vendored
Normal file
|
|
@ -0,0 +1,6 @@
|
||||||
|
# L3
|
||||||
|
allow hal_drm_default mediadrm_vendor_data_file:file create_file_perms;
|
||||||
|
allow hal_drm_default mediadrm_vendor_data_file:dir create_dir_perms;
|
||||||
|
|
||||||
|
# L1
|
||||||
|
allow hal_drm_default dmabuf_system_heap_device:chr_file r_file_perms;
|
||||||
192
whitechapel/vendor/google/hal_dumpstate_default.te
vendored
Normal file
192
whitechapel/vendor/google/hal_dumpstate_default.te
vendored
Normal file
|
|
@ -0,0 +1,192 @@
|
||||||
|
allow hal_dumpstate_default sysfs_exynos_bts:dir search;
|
||||||
|
allow hal_dumpstate_default sysfs_exynos_bts_stats:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default sysfs_bcmdhd:dir search;
|
||||||
|
allow hal_dumpstate_default sysfs_bcmdhd:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default sysfs_memory:file r_file_perms;
|
||||||
|
allow hal_dumpstate_default sysfs_cpu:file r_file_perms;
|
||||||
|
|
||||||
|
vndbinder_use(hal_dumpstate_default)
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_gps_file:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default vendor_gps_file:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default sysfs_wlc:dir search;
|
||||||
|
allow hal_dumpstate_default sysfs_wlc:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default shell_data_file:file getattr;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms;
|
||||||
|
allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_rfsd_log_file:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default vendor_rfsd_log_file:file r_file_perms;
|
||||||
|
|
||||||
|
# camera debugging dump file access
|
||||||
|
allow hal_dumpstate_default vendor_camera_data_file:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default vendor_camera_data_file:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_log_file:dir search;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_usf_stats:file execute_no_trans;
|
||||||
|
allow hal_dumpstate_default vendor_usf_reg_edit:file execute_no_trans;
|
||||||
|
allow hal_dumpstate_default vendor_dumpsys:file execute_no_trans;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default sysfs_acpm_stats:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default sysfs_acpm_stats:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default sysfs_spi:dir search;
|
||||||
|
allow hal_dumpstate_default sysfs_spi:file rw_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default device:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default logbuffer_device:chr_file r_file_perms;
|
||||||
|
allow hal_dumpstate_default aoc_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default sysfs_wifi:dir search;
|
||||||
|
allow hal_dumpstate_default sysfs_wifi:file r_file_perms;
|
||||||
|
|
||||||
|
# Touch sysfs interface
|
||||||
|
allow hal_dumpstate_default sysfs_touch:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default sysfs_touch:file rw_file_perms;
|
||||||
|
allow hal_dumpstate_default proc_touch:file rw_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default sysfs_thermal:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default sysfs_thermal:file r_file_perms;
|
||||||
|
allow hal_dumpstate_default sysfs_thermal:lnk_file read;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default touch_context_service:service_manager find;
|
||||||
|
binder_call(hal_dumpstate_default, twoshay)
|
||||||
|
|
||||||
|
# Modem logs
|
||||||
|
allow hal_dumpstate_default modem_efs_file:dir search;
|
||||||
|
allow hal_dumpstate_default modem_efs_file:file r_file_perms;
|
||||||
|
allow hal_dumpstate_default modem_stat_data_file:file r_file_perms;
|
||||||
|
allow hal_dumpstate_default vendor_slog_file:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default block_device:dir r_dir_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default proc_f2fs:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default proc_f2fs:file r_file_perms;
|
||||||
|
allow hal_dumpstate_default proc_touch:file rw_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default sysfs_batteryinfo:dir search;
|
||||||
|
allow hal_dumpstate_default sysfs_batteryinfo:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default sysfs_batteryinfo:file r_file_perms;
|
||||||
|
allow hal_dumpstate_default sysfs_chip_id:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans;
|
||||||
|
allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default sysfs_scsi_devices_0000:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default sysfs_scsi_devices_0000:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default citadeld_service:service_manager find;
|
||||||
|
allow hal_dumpstate_default citadel_updater_exec:file execute_no_trans;
|
||||||
|
binder_call(hal_dumpstate_default, citadeld);
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_displaycolor_service:service_manager find;
|
||||||
|
binder_call(hal_dumpstate_default, hal_graphics_composer_default);
|
||||||
|
|
||||||
|
userdebug_or_eng(`
|
||||||
|
allow hal_dumpstate_default mnt_vendor_file:dir search;
|
||||||
|
allow hal_dumpstate_default ramdump_vendor_mnt_file:dir search;
|
||||||
|
allow hal_dumpstate_default ramdump_vendor_mnt_file:file r_file_perms;
|
||||||
|
')
|
||||||
|
|
||||||
|
get_prop(hal_dumpstate_default, boottime_public_prop)
|
||||||
|
get_prop(hal_dumpstate_default, vendor_gps_prop)
|
||||||
|
set_prop(hal_dumpstate_default, vendor_modem_prop)
|
||||||
|
get_prop(hal_dumpstate_default, vendor_rild_prop)
|
||||||
|
|
||||||
|
userdebug_or_eng(`
|
||||||
|
allow hal_dumpstate_default vendor_ion_debugfs:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default vendor_ion_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_page_pinner_debugfs:dir search;
|
||||||
|
allow hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_dri_debugfs:file r_file_perms;
|
||||||
|
allow hal_dumpstate_default vendor_dri_debugfs:dir search;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_pm_genpd_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_usb_debugfs:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default vendor_usb_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_dmabuf_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_regmap_debugfs:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default vendor_regmap_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_maxfg_debugfs:dir search;
|
||||||
|
allow hal_dumpstate_default vendor_maxfg_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_charger_debugfs:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default vendor_charger_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default debugfs:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default vendor_battery_debugfs:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default vendor_battery_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default vendor_votable_debugfs:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default vendor_votable_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_dumpstate_default sysfs_bcl:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default sysfs_bcl:file r_file_perms;
|
||||||
|
allow hal_dumpstate_default sysfs_bcl:lnk_file read;
|
||||||
|
allow hal_dumpstate_default tcpdump_vendor_data_file:dir create_dir_perms;
|
||||||
|
allow hal_dumpstate_default tcpdump_vendor_data_file:file create_file_perms;
|
||||||
|
allow hal_dumpstate_default debugfs_f2fs:dir r_dir_perms;
|
||||||
|
allow hal_dumpstate_default debugfs_f2fs:file r_file_perms;
|
||||||
|
|
||||||
|
set_prop(hal_dumpstate_default, vendor_tcpdump_log_prop)
|
||||||
|
')
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default vendor_ion_debugfs:dir r_dir_perms;
|
||||||
|
dontaudit hal_dumpstate_default vendor_ion_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:dir search;
|
||||||
|
dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default vendor_dri_debugfs:file r_file_perms;
|
||||||
|
dontaudit hal_dumpstate_default vendor_dri_debugfs:dir search;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default vendor_pm_genpd_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default vendor_usb_debugfs:dir r_dir_perms;
|
||||||
|
dontaudit hal_dumpstate_default vendor_usb_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default vendor_dmabuf_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default vendor_regmap_debugfs:dir r_dir_perms;
|
||||||
|
dontaudit hal_dumpstate_default vendor_regmap_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default vendor_maxfg_debugfs:dir search;
|
||||||
|
dontaudit hal_dumpstate_default vendor_maxfg_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default vendor_charger_debugfs:dir r_dir_perms;
|
||||||
|
dontaudit hal_dumpstate_default vendor_charger_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default debugfs:dir r_dir_perms;
|
||||||
|
dontaudit hal_dumpstate_default vendor_battery_debugfs:dir r_dir_perms;
|
||||||
|
dontaudit hal_dumpstate_default vendor_battery_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default vendor_votable_debugfs:dir r_dir_perms;
|
||||||
|
dontaudit hal_dumpstate_default vendor_votable_debugfs:file r_file_perms;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default mnt_vendor_file:dir r_dir_perms;
|
||||||
|
dontaudit hal_dumpstate_default ramdump_vendor_mnt_file:dir search;
|
||||||
|
dontaudit hal_dumpstate_default ramdump_vendor_mnt_file:file r_file_perms;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default sysfs_bcl:dir r_dir_perms;
|
||||||
|
dontaudit hal_dumpstate_default sysfs_bcl:file r_file_perms;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default rootfs:dir r_dir_perms;
|
||||||
|
|
||||||
|
dontaudit hal_dumpstate_default tcpdump_vendor_data_file:dir create_dir_perms;
|
||||||
|
dontaudit hal_dumpstate_default tcpdump_vendor_data_file:file create_file_perms;
|
||||||
|
dontaudit hal_dumpstate_default vendor_tcpdump_log_prop:file r_file_perms;
|
||||||
14
whitechapel/vendor/google/hal_fingerprint_default.te
vendored
Normal file
14
whitechapel/vendor/google/hal_fingerprint_default.te
vendored
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
|
||||||
|
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
||||||
|
allow hal_fingerprint_default sysfs_batteryinfo:file r_file_perms;
|
||||||
|
allow hal_fingerprint_default sysfs_batteryinfo:dir search;
|
||||||
|
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
|
||||||
|
allow hal_fingerprint_default dmabuf_system_heap_device:chr_file r_file_perms;
|
||||||
|
allow hal_fingerprint_default sysfs_fingerprint:dir r_dir_perms;
|
||||||
|
allow hal_fingerprint_default sysfs_fingerprint:file rw_file_perms;
|
||||||
|
allow hal_fingerprint_default fwk_stats_service:service_manager find;
|
||||||
|
get_prop(hal_fingerprint_default, fingerprint_ghbm_prop)
|
||||||
|
userdebug_or_eng(`
|
||||||
|
get_prop(hal_fingerprint_default, vendor_fingerprint_fake_prop)
|
||||||
|
')
|
||||||
|
add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice)
|
||||||
4
whitechapel/vendor/google/hal_gnss_default.te
vendored
Normal file
4
whitechapel/vendor/google/hal_gnss_default.te
vendored
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
# Allow hal_gnss_default access data vendor gps files
|
||||||
|
allow hal_gnss_default vendor_gps_file:dir create_dir_perms;
|
||||||
|
allow hal_gnss_default vendor_gps_file:file create_file_perms;
|
||||||
|
allow hal_gnss_default vendor_gps_file:fifo_file create_file_perms;
|
||||||
4
whitechapel/vendor/google/hal_graphics_allocator_default.te
vendored
Normal file
4
whitechapel/vendor/google/hal_graphics_allocator_default.te
vendored
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms;
|
||||||
|
allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms;
|
||||||
|
allow hal_graphics_allocator_default vframe_heap_device:chr_file r_file_perms;
|
||||||
|
allow hal_graphics_allocator_default vscaler_heap_device:chr_file r_file_perms;
|
||||||
6
whitechapel/vendor/google/hal_graphics_composer_default.te
vendored
Normal file
6
whitechapel/vendor/google/hal_graphics_composer_default.te
vendored
Normal file
|
|
@ -0,0 +1,6 @@
|
||||||
|
allow hal_graphics_composer_default sysfs_display:dir search;
|
||||||
|
allow hal_graphics_composer_default sysfs_display:file rw_file_perms;
|
||||||
|
|
||||||
|
# allow HWC to access power hal
|
||||||
|
binder_call(hal_graphics_composer_default, hal_power_default);
|
||||||
|
hal_client_domain(hal_graphics_composer_default, hal_power);
|
||||||
14
whitechapel/vendor/google/hal_health_default.te
vendored
Normal file
14
whitechapel/vendor/google/hal_health_default.te
vendored
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
allow hal_health_default mnt_vendor_file:dir search;
|
||||||
|
allow hal_health_default persist_file:dir search;
|
||||||
|
allow hal_health_default persist_battery_file:file create_file_perms;
|
||||||
|
allow hal_health_default persist_battery_file:dir rw_dir_perms;
|
||||||
|
|
||||||
|
set_prop(hal_health_default, vendor_battery_defender_prop)
|
||||||
|
r_dir_file(hal_health_default, sysfs_scsi_devices_0000)
|
||||||
|
|
||||||
|
allow hal_health_default sysfs_wlc:dir search;
|
||||||
|
allow hal_health_default sysfs_batteryinfo:file w_file_perms;
|
||||||
|
allow hal_health_default sysfs_thermal:dir search;
|
||||||
|
allow hal_health_default sysfs_thermal:file w_file_perms;
|
||||||
|
allow hal_health_default sysfs_thermal:lnk_file read;
|
||||||
|
allow hal_health_default thermal_link_device:dir search;
|
||||||
3
whitechapel/vendor/google/hal_health_storage_default.te
vendored
Normal file
3
whitechapel/vendor/google/hal_health_storage_default.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
# Access to /sys/devices/platform/14700000.ufs/*
|
||||||
|
allow hal_health_storage_default sysfs_scsi_devices_0000:dir r_dir_perms;
|
||||||
|
allow hal_health_storage_default sysfs_scsi_devices_0000:file rw_file_perms;
|
||||||
9
whitechapel/vendor/google/hal_neuralnetworks_armnn.te
vendored
Normal file
9
whitechapel/vendor/google/hal_neuralnetworks_armnn.te
vendored
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
type hal_neuralnetworks_armnn, domain;
|
||||||
|
hal_server_domain(hal_neuralnetworks_armnn, hal_neuralnetworks)
|
||||||
|
|
||||||
|
type hal_neuralnetworks_armnn_exec, vendor_file_type, exec_type, file_type;
|
||||||
|
|
||||||
|
allow hal_neuralnetworks_armnn gpu_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
init_daemon_domain(hal_neuralnetworks_armnn)
|
||||||
|
|
||||||
35
whitechapel/vendor/google/hal_neuralnetworks_darwinn.te
vendored
Normal file
35
whitechapel/vendor/google/hal_neuralnetworks_darwinn.te
vendored
Normal file
|
|
@ -0,0 +1,35 @@
|
||||||
|
type hal_neuralnetworks_darwinn, domain;
|
||||||
|
hal_server_domain(hal_neuralnetworks_darwinn, hal_neuralnetworks)
|
||||||
|
|
||||||
|
type hal_neuralnetworks_darwinn_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(hal_neuralnetworks_darwinn)
|
||||||
|
|
||||||
|
# The TPU HAL looks for TPU instance in /dev/abrolhos
|
||||||
|
allow hal_neuralnetworks_darwinn edgetpu_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow DawriNN service to use a client-provided fd residing in /vendor/etc/.
|
||||||
|
allow hal_neuralnetworks_darwinn vendor_configs_file:file r_file_perms;
|
||||||
|
|
||||||
|
# Allow DarwiNN service to access data files.
|
||||||
|
allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:file create_file_perms;
|
||||||
|
allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:dir rw_dir_perms;
|
||||||
|
|
||||||
|
# Allow DarwiNN service to access unix sockets for IPC.
|
||||||
|
allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:sock_file { create unlink rw_file_perms };
|
||||||
|
|
||||||
|
# Register to hwbinder service.
|
||||||
|
# add_hwservice() is granted by hal_server_domain + hal_neuralnetworks.te
|
||||||
|
hwbinder_use(hal_neuralnetworks_darwinn)
|
||||||
|
get_prop(hal_neuralnetworks_darwinn, hwservicemanager_prop)
|
||||||
|
|
||||||
|
# Allow TPU HAL to read the kernel version.
|
||||||
|
# This is done inside the InitGoogle.
|
||||||
|
allow hal_neuralnetworks_darwinn proc_version:file r_file_perms;
|
||||||
|
|
||||||
|
# Allow TPU NNAPI HAL to log to stats service. (metrics)
|
||||||
|
allow hal_neuralnetworks_darwinn fwk_stats_service:service_manager find;
|
||||||
|
binder_call(hal_neuralnetworks_darwinn, system_server);
|
||||||
|
binder_use(hal_neuralnetworks_darwinn)
|
||||||
|
|
||||||
|
# TPU NNAPI to register the service to service_manager.
|
||||||
|
add_service(hal_neuralnetworks_darwinn, edgetpu_nnapi_service);
|
||||||
9
whitechapel/vendor/google/hal_nfc_default.te
vendored
Normal file
9
whitechapel/vendor/google/hal_nfc_default.te
vendored
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
# NFC property
|
||||||
|
set_prop(hal_nfc_default, vendor_nfc_prop)
|
||||||
|
|
||||||
|
# SecureElement property
|
||||||
|
set_prop(hal_nfc_default, vendor_secure_element_prop)
|
||||||
|
|
||||||
|
# Modem property
|
||||||
|
set_prop(hal_nfc_default, vendor_modem_prop)
|
||||||
|
|
||||||
12
whitechapel/vendor/google/hal_power_default.te
vendored
Normal file
12
whitechapel/vendor/google/hal_power_default.te
vendored
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
allow hal_power_default sysfs_scsi_devices_0000:file rw_file_perms;
|
||||||
|
allow hal_power_default sysfs_fs_f2fs:dir r_dir_perms;
|
||||||
|
allow hal_power_default sysfs_fs_f2fs:file rw_file_perms;
|
||||||
|
allow hal_power_default sysfs_vendor_sched:file rw_file_perms;
|
||||||
|
allow hal_power_default cpuctl_device:file rw_file_perms;
|
||||||
|
allow hal_power_default sysfs_gpu:file rw_file_perms;
|
||||||
|
allow hal_power_default sysfs_devfreq_dir:dir r_dir_perms;
|
||||||
|
allow hal_power_default sysfs_fabric:file rw_file_perms;
|
||||||
|
allow hal_power_default sysfs_display:file rw_file_perms;
|
||||||
|
set_prop(hal_power_default, vendor_camera_prop)
|
||||||
|
set_prop(hal_power_default, vendor_camera_debug_prop)
|
||||||
|
set_prop(hal_power_default, vendor_camera_fatp_prop)
|
||||||
20
whitechapel/vendor/google/hal_power_stats_default.te
vendored
Normal file
20
whitechapel/vendor/google/hal_power_stats_default.te
vendored
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
allow hal_power_stats_default sysfs_scsi_devices_0000:dir r_dir_perms;
|
||||||
|
allow hal_power_stats_default sysfs_scsi_devices_0000:file r_file_perms;
|
||||||
|
|
||||||
|
# getStats AIDL callback to each power entry
|
||||||
|
binder_call(hal_power_stats_default, hal_bluetooth_btlinux)
|
||||||
|
|
||||||
|
r_dir_file(hal_power_stats_default, sysfs_iio_devices)
|
||||||
|
allow hal_power_stats_default odpm_config_file:dir search;
|
||||||
|
allow hal_power_stats_default odpm_config_file:file r_file_perms;
|
||||||
|
allow hal_power_stats_default sysfs_odpm:dir search;
|
||||||
|
allow hal_power_stats_default sysfs_odpm:file rw_file_perms;
|
||||||
|
|
||||||
|
binder_call(hal_power_stats_default, citadeld)
|
||||||
|
r_dir_file(hal_power_stats_default, sysfs_aoc)
|
||||||
|
r_dir_file(hal_power_stats_default, sysfs_cpu)
|
||||||
|
r_dir_file(hal_power_stats_default, sysfs_leds)
|
||||||
|
r_dir_file(hal_power_stats_default, sysfs_acpm_stats)
|
||||||
|
r_dir_file(hal_power_stats_default, sysfs_wifi)
|
||||||
|
r_dir_file(hal_power_stats_default, sysfs_backlight)
|
||||||
|
r_dir_file(hal_power_stats_default, sysfs_scsi_devices_0000)
|
||||||
21
whitechapel/vendor/google/hal_radioext_default.te
vendored
Normal file
21
whitechapel/vendor/google/hal_radioext_default.te
vendored
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
type hal_radioext_default, domain;
|
||||||
|
type hal_radioext_default_exec, vendor_file_type, exec_type, file_type;
|
||||||
|
init_daemon_domain(hal_radioext_default)
|
||||||
|
|
||||||
|
hwbinder_use(hal_radioext_default)
|
||||||
|
get_prop(hal_radioext_default, hwservicemanager_prop)
|
||||||
|
add_hwservice(hal_radioext_default, hal_radioext_hwservice)
|
||||||
|
|
||||||
|
binder_call(hal_radioext_default, grilservice_app)
|
||||||
|
binder_call(hal_radioext_default, hal_bluetooth_btlinux)
|
||||||
|
|
||||||
|
# RW /dev/oem_ipc0
|
||||||
|
allow hal_radioext_default radio_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# RW MIPI Freq files
|
||||||
|
allow hal_radioext_default radio_vendor_data_file:dir create_dir_perms;
|
||||||
|
allow hal_radioext_default radio_vendor_data_file:file create_file_perms;
|
||||||
|
allow hal_radioext_default sysfs_display:file rw_file_perms;
|
||||||
|
|
||||||
|
# Bluetooth
|
||||||
|
allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find;
|
||||||
10
whitechapel/vendor/google/hal_secure_element_default.te
vendored
Normal file
10
whitechapel/vendor/google/hal_secure_element_default.te
vendored
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
|
||||||
|
allow hal_secure_element_default nfc_device:chr_file rw_file_perms;
|
||||||
|
set_prop(hal_secure_element_default, vendor_secure_element_prop)
|
||||||
|
set_prop(hal_secure_element_default, vendor_nfc_prop)
|
||||||
|
set_prop(hal_secure_element_default, vendor_modem_prop)
|
||||||
|
|
||||||
|
# Allow hal_secure_element_default to access rild
|
||||||
|
binder_call(hal_secure_element_default, rild);
|
||||||
|
allow hal_secure_element_default hal_exynos_rild_hwservice:hwservice_manager find;
|
||||||
|
|
||||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue