b05c0902ad
01-01 20:00:07.579 419 419 E SELinux : avc: denied { find } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto_ese2:s0 pid=748 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.595 419 419 E SELinux : avc: denied { add } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto_ese2:s0 pid=748 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.596 419 419 E SELinux : avc: denied { add } for interface=android.hidl.base::IBase sid=u:r:hal_secure_element_gto_ese2:s0 pid=748 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.597 419 419 E SELinux : avc: denied { find } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto:s0 pid=749 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.597 419 419 E SELinux : avc: denied { find } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.599 419 419 E SELinux : avc: denied { add } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.600 419 419 E SELinux : avc: denied { add } for interface=android.hidl.base::IBase sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.601 419 419 E SELinux : avc: denied { add } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto:s0 pid=749 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.602 419 419 E SELinux : avc: denied { add } for interface=android.hidl.base::IBase sid=u:r:hal_secure_element_gto:s0 pid=749 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1
09-03 10:51:44.574 419 419 E SELinux : avc: denied { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=1
Bug: 198713948
Test: boot with secure_element started
Change-Id: Ie79b80f3c0fbe21c898e6a67384d98a2cc282f93
Change-Id: I14d9f01b6ef901fd87e8927d691ce96a9b174ed3
286 lines
18 KiB
Text
286 lines
18 KiB
Text
#
|
|
# Exynos HAL
|
|
#
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.4-service\.widevine u:object_r:hal_drm_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service32 u:object_r:hal_usb_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.ExynosHWCServiceTW@1\.0-service u:object_r:hal_vendor_hwcservice_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.configstore@1\.0-service u:object_r:hal_configstore_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.3-service\.gs201 u:object_r:hal_usb_impl_exec:s0
|
|
/(vendor|system/vendor)/lib(64)?/libion_exynos\.so u:object_r:same_process_hal_file:s0
|
|
|
|
/(vendor|system/vendor)/lib(64)?/libOpenCL\.so u:object_r:same_process_hal_file:s0
|
|
/(vendor|system/vendor)/lib(64)?/libOpenCL-pixel\.so u:object_r:same_process_hal_file:s0
|
|
/(vendor|system/vendor)/lib(64)?/libdmabufheap\.so u:object_r:same_process_hal_file:s0
|
|
/(vendor|system/vendor)/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0
|
|
|
|
/vendor/bin/usf_stats u:object_r:vendor_usf_stats:s0
|
|
/vendor/bin/usf_reg_edit u:object_r:vendor_usf_reg_edit:s0
|
|
/vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0
|
|
|
|
#
|
|
# HALs
|
|
#
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-2]-service-gs201 u:object_r:hal_bootctl_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.1-service\.gs201 u:object_r:hal_dumpstate_default_exec:s0
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service\.gs201 u:object_r:hal_power_stats_default_exec:s0
|
|
# Wireless charger HAL
|
|
/(vendor|system/vendor)/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0
|
|
|
|
#
|
|
# Exynos Devices
|
|
#
|
|
/dev/bbd_pwrstat u:object_r:power_stats_device:s0
|
|
/dev/nanohub u:object_r:vendor_nanohub_device:s0
|
|
/dev/nanohub_comms u:object_r:vendor_nanohub_device:s0
|
|
/dev/m2m1shot_scaler0 u:object_r:vendor_m2m1shot_device:s0
|
|
/dev/dri/card0 u:object_r:graphics_device:s0
|
|
/dev/fimg2d u:object_r:graphics_device:s0
|
|
/dev/g2d u:object_r:graphics_device:s0
|
|
/dev/tsmux u:object_r:video_device:s0
|
|
/dev/repeater u:object_r:video_device:s0
|
|
/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0
|
|
/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0
|
|
/dev/logbuffer_wireless u:object_r:logbuffer_device:s0
|
|
/dev/logbuffer_ttf u:object_r:logbuffer_device:s0
|
|
/dev/logbuffer_maxq u:object_r:logbuffer_device:s0
|
|
/dev/logbuffer_rtx u:object_r:logbuffer_device:s0
|
|
/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0
|
|
/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0
|
|
/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0
|
|
/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0
|
|
|
|
# DM tools device
|
|
|
|
|
|
# SIPC RIL device
|
|
/dev/watchdog0 u:object_r:watchdog_device:s0
|
|
|
|
# GPU device
|
|
/dev/mali0 u:object_r:gpu_device:s0
|
|
/dev/s5p-smem u:object_r:vendor_secmem_device:s0
|
|
|
|
/persist/sensorcal\.json u:object_r:sensors_cal_file:s0
|
|
|
|
# data files
|
|
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
|
|
|
|
# Camera
|
|
/vendor/bin/hw/android\.hardware\.camera\.provider@2\.7-service-google u:object_r:hal_camera_default_exec:s0
|
|
/vendor/lib64/camera u:object_r:vendor_camera_tuning_file:s0
|
|
/vendor/lib64/camera/ghawb_para_lut\.bin u:object_r:vendor_camera_tuning_file:s0
|
|
/vendor/lib64/camera/slider_.*\.binarypb u:object_r:vendor_camera_tuning_file:s0
|
|
/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0
|
|
/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0
|
|
/data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0
|
|
/vendor/lib(64)?/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0
|
|
/vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0
|
|
|
|
/dev/stmvl53l1_ranging u:object_r:rls_device:s0
|
|
|
|
/dev/lwis-act0 u:object_r:lwis_device:s0
|
|
/dev/lwis-act1 u:object_r:lwis_device:s0
|
|
/dev/lwis-act-ak7377 u:object_r:lwis_device:s0
|
|
/dev/lwis-act-lc898129 u:object_r:lwis_device:s0
|
|
/dev/lwis-act-sem1215sa u:object_r:lwis_device:s0
|
|
/dev/lwis-csi u:object_r:lwis_device:s0
|
|
/dev/lwis-dpm u:object_r:lwis_device:s0
|
|
/dev/lwis-eeprom0 u:object_r:lwis_device:s0
|
|
/dev/lwis-eeprom1 u:object_r:lwis_device:s0
|
|
/dev/lwis-eeprom2 u:object_r:lwis_device:s0
|
|
/dev/lwis-eeprom-lc898128 u:object_r:lwis_device:s0
|
|
/dev/lwis-eeprom-lc898129 u:object_r:lwis_device:s0
|
|
/dev/lwis-eeprom-m24c64s u:object_r:lwis_device:s0
|
|
/dev/lwis-eeprom-m24c64s-imx355-inner u:object_r:lwis_device:s0
|
|
/dev/lwis-eeprom-m24c64s-imx355-outer u:object_r:lwis_device:s0
|
|
/dev/lwis-eeprom-m24c64x u:object_r:lwis_device:s0
|
|
/dev/lwis-eeprom-m24c64x-imx386 u:object_r:lwis_device:s0
|
|
/dev/lwis-eeprom-m24c64x-imx663 u:object_r:lwis_device:s0
|
|
/dev/lwis-eeprom-sem1215sa u:object_r:lwis_device:s0
|
|
/dev/lwis-flash0 u:object_r:lwis_device:s0
|
|
/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0
|
|
/dev/lwis-g3aa u:object_r:lwis_device:s0
|
|
/dev/lwis-gdc0 u:object_r:lwis_device:s0
|
|
/dev/lwis-gdc1 u:object_r:lwis_device:s0
|
|
/dev/lwis-gtnr-align u:object_r:lwis_device:s0
|
|
/dev/lwis-gtnr-merge u:object_r:lwis_device:s0
|
|
/dev/lwis-ipp u:object_r:lwis_device:s0
|
|
/dev/lwis-itp u:object_r:lwis_device:s0
|
|
/dev/lwis-mcsc u:object_r:lwis_device:s0
|
|
/dev/lwis-ois-lc898128 u:object_r:lwis_device:s0
|
|
/dev/lwis-ois-lc898129 u:object_r:lwis_device:s0
|
|
/dev/lwis-ois-sem1215sa u:object_r:lwis_device:s0
|
|
/dev/lwis-pdp u:object_r:lwis_device:s0
|
|
/dev/lwis-scsc u:object_r:lwis_device:s0
|
|
/dev/lwis-sensor0 u:object_r:lwis_device:s0
|
|
/dev/lwis-sensor1 u:object_r:lwis_device:s0
|
|
/dev/lwis-sensor2 u:object_r:lwis_device:s0
|
|
/dev/lwis-sensor-gn1 u:object_r:lwis_device:s0
|
|
/dev/lwis-sensor-imx355 u:object_r:lwis_device:s0
|
|
/dev/lwis-sensor-imx355-inner u:object_r:lwis_device:s0
|
|
/dev/lwis-sensor-imx355-outer u:object_r:lwis_device:s0
|
|
/dev/lwis-sensor-imx363 u:object_r:lwis_device:s0
|
|
/dev/lwis-sensor-imx386 u:object_r:lwis_device:s0
|
|
/dev/lwis-sensor-imx586 u:object_r:lwis_device:s0
|
|
/dev/lwis-sensor-imx663 u:object_r:lwis_device:s0
|
|
/dev/lwis-slc u:object_r:lwis_device:s0
|
|
/dev/lwis-top u:object_r:lwis_device:s0
|
|
/dev/lwis-votf u:object_r:lwis_device:s0
|
|
|
|
# VIDEO
|
|
/vendor/bin/hw/samsung\.hardware\.media\.c2@1\.0-service u:object_r:mediacodec_exec:s0
|
|
/vendor/bin/hw/google\.hardware\.media\.c2@1\.0-service u:object_r:mediacodec_exec:s0
|
|
/data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0
|
|
|
|
# thermal sysfs files
|
|
/sys/class/thermal(/.*)? u:object_r:sysfs_thermal:s0
|
|
/sys/devices/virtual/thermal(/.*)? u:object_r:sysfs_thermal:s0
|
|
|
|
|
|
# IMS VoWiFi
|
|
/data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0
|
|
/data/vendor/VoWiFi(/.*)? u:object_r:vendor_ims_data_file:s0
|
|
|
|
# Sensors
|
|
/data/vendor/sensor(/.*)? u:object_r:sensor_vendor_data_file:s0
|
|
|
|
# Contexthub
|
|
/vendor/bin/hw/android\.hardware\.contexthub@1\.2-service\.generic u:object_r:hal_contexthub_default_exec:s0
|
|
|
|
# TCP logging
|
|
/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0
|
|
/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0
|
|
|
|
# Kernel modules related
|
|
/vendor/bin/init\.insmod\.sh u:object_r:init-insmod-sh_exec:s0
|
|
|
|
# NFC
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0
|
|
/dev/st21nfc u:object_r:nfc_device:s0
|
|
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
|
|
|
|
# Bluetooth
|
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.1-service\.bcmbtlinux u:object_r:hal_bluetooth_btlinux_exec:s0
|
|
/dev/wbrc u:object_r:wb_coexistence_dev:s0
|
|
/dev/ttySAC18 u:object_r:hci_attach_dev:s0
|
|
/dev/logbuffer_btlpm u:object_r:logbuffer_device:s0
|
|
/dev/logbuffer_tty16 u:object_r:logbuffer_device:s0
|
|
|
|
# AudioMetric
|
|
/(vendor|system/vendor)/bin/hw/vendor\.google\.audiometricext@1\.0-service-vendor u:object_r:hal_audiometricext_default_exec:s0
|
|
|
|
|
|
# Trusty
|
|
/vendor/bin/securedpud.slider u:object_r:securedpud_slider_exec:s0
|
|
/vendor/bin/storageproxyd u:object_r:tee_exec:s0
|
|
/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0
|
|
/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0
|
|
/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0
|
|
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0
|
|
/dev/trusty-ipc-dev0 u:object_r:tee_device:s0
|
|
/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0
|
|
/mnt/vendor/persist/ss(/.*)? u:object_r:tee_data_file:s0
|
|
/dev/sg1 u:object_r:sg_device:s0
|
|
/dev/trusty-log0 u:object_r:logbuffer_device:s0
|
|
|
|
# Battery
|
|
/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0
|
|
|
|
# NeuralNetworks file contexts
|
|
/vendor/bin/hw/android\.hardware\.neuralnetworks@1\.3-service-armnn u:object_r:hal_neuralnetworks_armnn_exec:s0
|
|
|
|
# GRIL
|
|
/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0
|
|
|
|
# Uwb
|
|
# R4
|
|
/vendor/bin/hw/hardware\.qorvo\.uwb-service u:object_r:hal_uwb_vendor_default_exec:s0
|
|
|
|
# Citadel StrongBox
|
|
/dev/gsc0 u:object_r:citadel_device:s0
|
|
|
|
# Tetheroffload Service
|
|
/dev/dit2 u:object_r:vendor_toe_device:s0
|
|
/vendor/bin/hw/vendor\.samsung_slsi\.hardware\.tetheroffload@1\.0-service u:object_r:hal_tetheroffload_default_exec:s0
|
|
|
|
# pixelstats binary
|
|
/vendor/bin/pixelstats-vendor u:object_r:pixelstats_vendor_exec:s0
|
|
|
|
# Vendor_kernel_modules
|
|
/vendor_dlkm/lib/modules/.*\.ko u:object_r:vendor_kernel_modules:s0
|
|
|
|
# Display
|
|
/vendor/lib(64)?/libion_google\.so u:object_r:same_process_hal_file:s0
|
|
/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0
|
|
/vendor/lib(64)?/hw/gralloc\.gs201\.so u:object_r:same_process_hal_file:s0
|
|
/vendor/lib(64)?/hw/vulkan\.gs201\.so u:object_r:same_process_hal_file:s0
|
|
/vendor/lib(64)?/arm\.graphics-V1-ndk\.so u:object_r:same_process_hal_file:s0
|
|
/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0
|
|
|
|
# Touch
|
|
/dev/touch_offload u:object_r:touch_offload_device:s0
|
|
/vendor/bin/twoshay u:object_r:twoshay_exec:s0
|
|
|
|
# Fingerprint
|
|
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
|
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
|
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:hal_fingerprint_default_exec:s0
|
|
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.fpc u:object_r:hal_fingerprint_default_exec:s0
|
|
|
|
# ECC List
|
|
/vendor/bin/init\.radio\.sh u:object_r:init_radio_exec:s0
|
|
|
|
# Zram
|
|
/data/per_boot(/.*)? u:object_r:per_boot_file:s0
|
|
|
|
# cpuctl
|
|
/dev/cpuctl(/.*)? u:object_r:cpuctl_device:s0
|
|
|
|
# ODPM
|
|
/data/vendor/powerstats(/.*)? u:object_r:odpm_config_file:s0
|
|
|
|
# sensor direct DMA-BUF heap
|
|
/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0
|
|
|
|
# Console
|
|
/dev/ttySAC0 u:object_r:tty_device:s0
|
|
|
|
# faceauth DMA-BUF heaps
|
|
/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0
|
|
/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0
|
|
/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0
|
|
/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0
|
|
/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0
|
|
|
|
# vframe-secure DMA-BUF heap
|
|
/dev/dma_heap/vframe-secure u:object_r:vframe_heap_device:s0
|
|
|
|
# vscaler-secure DMA-BUF heap
|
|
/dev/dma_heap/vscaler-secure u:object_r:vscaler_heap_device:s0
|
|
|
|
# vstream-secure DMA-BUF heap
|
|
/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0
|
|
|
|
# BigOcean
|
|
/dev/bigocean u:object_r:video_device:s0
|
|
|
|
# Fingerprint
|
|
/dev/goodix_fp u:object_r:fingerprint_device:s0
|
|
|
|
# Wifi Firmware config update
|
|
/data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0
|
|
|
|
# WLC FW update
|
|
/vendor/bin/wlc_upt/p9412_mtp u:object_r:vendor_wlc_fwupdata_file:s0
|
|
/vendor/bin/wlc_upt/wlc_fw_update\.sh u:object_r:wlcfwupdate_exec:s0
|
|
#
|
|
# USF SELinux file security contexts.
|
|
#
|
|
|
|
# Sensor registry persist files.
|
|
/mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0
|
|
|
|
# Sensor registry data files.
|
|
/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0
|
|
|