Evolution-X-Tensor/device_google_raviole
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

raviole: Rework sepolicy

Browse Source 
Change-Id: Idb0636bce2392beb720e420055a7bcb838725a18
This commit is contained in:
Michael Bestas
2025-12-02 04:24:25 +02:00
parent b6e3a9bab5
commit 244d247b70
32 changed files with 95 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
BoardConfigCommon.mk
View File

@@ -24,5 +24,11 @@ BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES_LOAD_RAW := $(strip $(shell cat $(DEV
BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES_LOAD += $(BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES_LOAD_RAW) BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES_LOAD += $(BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES_LOAD_RAW)
BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES += $(addprefix $(KERNEL_MODULE_DIR)/, $(notdir $(BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES_LOAD_RAW))) BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES += $(addprefix $(KERNEL_MODULE_DIR)/, $(notdir $(BOARD_VENDOR_KERNEL_RAMDISK_KERNEL_MODULES_LOAD_RAW)))
# SEPolicy
BOARD_VENDOR_SEPOLICY_DIRS += \
$(DEVICE_PATH)/sepolicy/vendor \
hardware/google/pixel-sepolicy/vibrator/common \
hardware/google/pixel-sepolicy/vibrator/cs40l25
# WiFi # WiFi
include device/google/gs101/wifi/BoardConfig-wifi.mk include device/google/gs101/wifi/BoardConfig-wifi.mk

3
oriole/BoardConfig.mk
View File

@@ -10,7 +10,8 @@ TARGET_BOOTLOADER_BOARD_NAME := $(DEVICE_CODENAME)
TARGET_SCREEN_DENSITY := 420 TARGET_SCREEN_DENSITY := 420
# SEPolicy # SEPolicy
include device/google/raviole/sepolicy/oriole-sepolicy.mk BOARD_VENDOR_SEPOLICY_DIRS += \
$(DEVICE_PATH)/sepolicy/$(DEVICE_CODENAME)/vendor
include $(DEVICE_PATH)/BoardConfigCommon.mk include $(DEVICE_PATH)/BoardConfigCommon.mk

3
raven/BoardConfig.mk
View File

@@ -10,7 +10,8 @@ TARGET_BOOTLOADER_BOARD_NAME := $(DEVICE_CODENAME)
TARGET_SCREEN_DENSITY := 560 TARGET_SCREEN_DENSITY := 560
# SEPolicy # SEPolicy
include device/google/raviole/sepolicy/raven-sepolicy.mk BOARD_VENDOR_SEPOLICY_DIRS += \
$(DEVICE_PATH)/sepolicy/$(DEVICE_CODENAME)/vendor
include $(DEVICE_PATH)/BoardConfigCommon.mk include $(DEVICE_PATH)/BoardConfigCommon.mk

11
sepolicy/oriole-sepolicy.mk
View File

@@ -1,11 +0,0 @@
# Oriole only sepolicy
BOARD_SEPOLICY_DIRS += device/google/gs101/sepolicy/oriole
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/bcmbt/sepolicy
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/modem_svc_sit/sepolicy
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/stm/sepolicy
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/wireless_charger/sepolicy
BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/vibrator/common
BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/vibrator/cs40l25

6
sepolicy/oriole/euiccpixel_app.te
View File

@@ -1,6 +0,0 @@
# EuiccSupportPixel app
userdebug_or_eng(`
allow euiccpixel_app sysfs_touch:dir search;
')

1
sepolicy/oriole/grilservice_app.te
View File

@@ -1 +0,0 @@
allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;

8
sepolicy/oriole/vendor/dump_stm.te vendored Normal file
View File

@@ -0,0 +1,8 @@
get_prop(dump_stm, vendor_touch_dump_path_prop)
pixel_bugreport(dump_stm)
allow dump_stm proc_touch:file rw_file_perms;
allow dump_stm sysfs_touch:dir search;
allow dump_stm sysfs_touch:file rw_file_perms;
allow dump_stm vendor_toolbox_exec:file execute_no_trans;

1
sepolicy/oriole/vendor/file.te vendored Normal file
View File

@@ -0,0 +1 @@
type proc_touch, fs_type, proc_type;

1
sepolicy/oriole/vendor/file_contexts vendored Normal file
View File

@@ -0,0 +1 @@
/vendor/bin/dump/dump_stm\.sh u:object_r:dump_stm_exec:s0

5
sepolicy/oriole/vendor/genfs_contexts vendored Normal file
View File

@@ -0,0 +1,5 @@
genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0
genfscon proc /fts/driver_test u:object_r:proc_touch:s0
genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0 u:object_r:sysfs_touch:s0
genfscon sysfs /devices/platform/10d40000.spi/spi_master/spi11/spi11.0 u:object_r:sysfs_touch:s0
genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0 u:object_r:sysfs_touch:s0

1
sepolicy/oriole/vendor/init.te vendored Normal file
View File

@@ -0,0 +1 @@
set_prop(vendor_init, vendor_touch_dump_path_prop)

1
sepolicy/oriole/vendor/property.te vendored Normal file
View File

@@ -0,0 +1 @@
vendor_internal_prop(vendor_touch_dump_path_prop)

1
sepolicy/oriole/vendor/property_contexts vendored Normal file
View File

@@ -0,0 +1 @@
ro.vendor.touch.dump. u:object_r:vendor_touch_dump_path_prop:s0

11
sepolicy/raven-sepolicy.mk
View File

@@ -1,11 +0,0 @@
# Ravne only sepolicy
BOARD_SEPOLICY_DIRS += device/google/gs101/sepolicy/raven
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/bcmbt/sepolicy
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/modem_svc_sit/sepolicy
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/lsi/sepolicy
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/wireless_charger/sepolicy
BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/vibrator/common
BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/vibrator/cs40l25

6
sepolicy/raven/euiccpixel_app.te
View File

@@ -1,6 +0,0 @@
# EuiccSupportPixel app
userdebug_or_eng(`
allow euiccpixel_app sysfs_touch:dir search;
')

1
sepolicy/raven/grilservice_app.te
View File

@@ -1 +0,0 @@
allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;

0
sepolicy/raven/cccdk_timesync_app.te → sepolicy/raven/vendor/cccdktimesync_app.te vendored
View File

5
sepolicy/raven/vendor/dump_lsi.te vendored Normal file
View File

@@ -0,0 +1,5 @@
pixel_bugreport(dump_lsi)
allow dump_lsi sysfs_touch:dir r_dir_perms;
allow dump_lsi sysfs_touch:file rw_file_perms;
allow dump_lsi vendor_toolbox_exec:file execute_no_trans;

1
sepolicy/raven/vendor/file_contexts vendored Normal file
View File

@@ -0,0 +1 @@
/vendor/bin/dump/dump_lsi\.sh u:object_r:dump_lsi_exec:s0

1
sepolicy/raven/vendor/genfs_contexts vendored Normal file
View File

@@ -0,0 +1 @@
genfscon sysfs /devices/virtual/sec/tsp u:object_r:sysfs_touch:s0

1
sepolicy/vendor/dumpstate.te vendored Normal file
View File

@@ -0,0 +1 @@
binder_call(dumpstate, hal_wlcservice)

1
sepolicy/vendor/file.te vendored Normal file
View File

@@ -0,0 +1 @@
type vendor_wlc_file, data_file_type, file_type;

4
sepolicy/vendor/file_contexts vendored Normal file
View File

@@ -0,0 +1,4 @@
/data/vendor/wireless_charger(/.*)? u:object_r:vendor_wlc_file:s0
/vendor/bin/hw/vendor\.dolby\.media\.c2@1\.0-service u:object_r:mediacodec_exec:s0
/vendor/bin/hw/vendor\.google\.wireless_charger-default u:object_r:hal_wireless_charger_exec:s0
/vendor/bin/hw/vendor\.google\.wireless_charger\.service-default u:object_r:hal_wlcservice_exec:s0

3
sepolicy/vendor/hal_dumpstate.te vendored Normal file
View File

@@ -0,0 +1,3 @@
allow hal_dumpstate_default sysfs_wlc:dir r_dir_perms;
allow hal_dumpstate_default sysfs_wlc:dir search;
allow hal_dumpstate_default sysfs_wlc:file r_file_perms;

5
sepolicy/vendor/hal_googlebattery.te vendored Normal file
View File

@@ -0,0 +1,5 @@
r_dir_file(hal_googlebattery, sysfs_wlc)
set_prop(hal_googlebattery, vendor_wlcservice_prop)
allow hal_googlebattery sysfs_wlc:file rw_file_perms;

1
sepolicy/vendor/hal_health.te vendored Normal file
View File

@@ -0,0 +1 @@
binder_call(hal_health_default, hal_wlcservice)

17
sepolicy/vendor/hal_wireless_charger.te vendored Normal file
View File

@@ -0,0 +1,17 @@
type hal_wireless_charger_exec, exec_type, file_type, vendor_file_type;
add_service(hal_wireless_charger, hal_wireless_charger_service)
binder_call(hal_wireless_charger, hal_wlcservice)
binder_call(hal_wireless_charger, platform_app)
binder_call(hal_wireless_charger, servicemanager)
binder_call(hal_wireless_charger, system_app)
init_daemon_domain(hal_wireless_charger)
r_dir_file(hal_wireless_charger, sysfs_batteryinfo)
set_prop(hal_wireless_charger, vendor_wlcservice_prop)
allow hal_wireless_charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow hal_wireless_charger sysfs_batteryinfo:file rw_file_perms;

22
sepolicy/vendor/hal_wlcservice.te vendored Normal file
View File

@@ -0,0 +1,22 @@
type hal_wlcservice, domain;
type hal_wlcservice_exec, exec_type, file_type, vendor_file_type;
type hal_wlcservice_service, hal_service_type, protected_service, service_manager_type;
add_service(hal_wlcservice, hal_wlcservice_service)
binder_call(hal_wlcservice, hal_health_default)
binder_call(hal_wlcservice, hal_wireless_charger)
binder_call(hal_wlcservice, servicemanager)
binder_use(hal_wlcservice)
hal_client_domain(hal_wlcservice, hal_health)
init_daemon_domain(hal_wlcservice)
set_prop(hal_wlcservice, vendor_wlcservice_prop)
allow hal_wlcservice hal_wireless_charger_service:service_manager find;
allow hal_wlcservice kmsg_device:chr_file { getattr w_file_perms };
allow hal_wlcservice vendor_wlc_file:dir create_dir_perms;
allow hal_wlcservice vendor_wlc_file:file create_file_perms;

1
sepolicy/vendor/property.te vendored Normal file
View File

@@ -0,0 +1 @@
vendor_internal_prop(vendor_wlcservice_prop)

3
sepolicy/vendor/property_contexts vendored Normal file
View File

@@ -0,0 +1,3 @@
vendor.wlcservice.fwupdate.tx u:object_r:vendor_wlcservice_prop:s0 exact enum 0 1 2 3
vendor.wlcservice.start u:object_r:vendor_wlcservice_prop:s0 exact bool
vendor.wlcservice.test.authentication u:object_r:vendor_wlcservice_prop:s0 exact bool

1
sepolicy/vendor/service_contexts vendored Normal file
View File

@@ -0,0 +1 @@
vendor.google.wireless_charger.service.IWlcService/default u:object_r:hal_wlcservice_service:s0

1
sepolicy/vendor/servicemanager.te vendored Normal file
View File

@@ -0,0 +1 @@
binder_call(servicemanager, hal_wlcservice)