restart domains

Bug: 254378739 Test: boot to home Change-Id: I7d077b7c5edfb3bee07a05fda05e5076e515c7bf
2022-12-20 08:48:39 +08:00 · 2022-12-20 08:48:39 +08:00 · 169b9143fb
commit 169b9143fb
parent be72019a1c
11 changed files with 22 additions and 59 deletions
--- a/legacy/whitechapel_pro/file_contexts
+++ b/legacy/whitechapel_pro/file_contexts
@ -1,10 +1,5 @@
 # Binaries
-/vendor/bin/chre                                                            u:object_r:chre_exec:s0
-/vendor/bin/storageproxyd                                                   u:object_r:tee_exec:s0
-/vendor/bin/trusty_apploader                                                u:object_r:trusty_apploader_exec:s0
-/vendor/bin/trusty_metricsd                                                 u:object_r:trusty_metricsd_exec:s0
 /vendor/bin/dumpsys                                                         u:object_r:vendor_dumpsys:s0
-/vendor/bin/init\.uwb\.calib\.sh                                            u:object_r:vendor_uwb_init_exec:s0
 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty           u:object_r:hal_gatekeeper_default_exec:s0
 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty         u:object_r:hal_keymint_default_exec:s0
 /vendor/bin/hw/android\.hardware\.contexthub-service\.generic               u:object_r:hal_contexthub_default_exec:s0
--- a/legacy/whitechapel_pro/tee.te
+++ b/legacy/whitechapel_pro/tee.te
@ -1,19 +0,0 @@
-# Handle wake locks
-wakelock_use(tee)
-
-allow tee persist_ss_file:file create_file_perms;
-allow tee persist_ss_file:dir create_dir_perms;
-allow tee persist_file:dir r_dir_perms;
-allow tee mnt_vendor_file:dir r_dir_perms;
-allow tee tee_data_file:dir rw_dir_perms;
-allow tee tee_data_file:lnk_file r_file_perms;
-allow tee sg_device:chr_file rw_file_perms;
-
-# Allow storageproxyd access to gsi_public_metadata_file
-read_fstab(tee)
-
-# storageproxyd starts before /data is mounted. It handles /data not being there
-# gracefully. However, attempts to access /data trigger a denial.
-dontaudit tee unlabeled:dir { search };
-
-set_prop(tee, vendor_trusty_storage_prop)
--- a/legacy/whitechapel_pro/trusty_apploader.te
+++ b/legacy/whitechapel_pro/trusty_apploader.te
@ -1,7 +0,0 @@
-type trusty_apploader, domain;
-type trusty_apploader_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(trusty_apploader)
-
-allow trusty_apploader ion_device:chr_file r_file_perms;
-allow trusty_apploader tee_device:chr_file rw_file_perms;
-allow trusty_apploader dmabuf_system_heap_device:chr_file r_file_perms;
--- a/legacy/whitechapel_pro/trusty_metricsd.te
+++ b/legacy/whitechapel_pro/trusty_metricsd.te
@ -1,11 +0,0 @@
-type trusty_metricsd, domain;
-type trusty_metricsd_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(trusty_metricsd)
-
-allow trusty_metricsd tee_device:chr_file rw_file_perms;
-
-# For Suez metrics collection
-binder_use(trusty_metricsd)
-binder_call(trusty_metricsd, system_server)
-allow trusty_metricsd fwk_stats_service:service_manager find;
--- a/legacy/whitechapel_pro/vendor_uwb_init.te
+++ b/legacy/whitechapel_pro/vendor_uwb_init.te
@ -1,10 +0,0 @@
-type vendor_uwb_init, domain;
-type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_uwb_init)
-
-allow vendor_uwb_init vendor_shell_exec:file rx_file_perms;
-allow vendor_uwb_init vendor_toolbox_exec:file rx_file_perms;
-
-allow vendor_uwb_init uwb_data_vendor:file create_file_perms;
-allow vendor_uwb_init uwb_data_vendor:dir w_dir_perms;
--- a/legacy/whitechapel_pro/vold.te
+++ b/legacy/whitechapel_pro/vold.te
@ -1,7 +0,0 @@
-allow vold modem_efs_file:dir rw_dir_perms;
-allow vold modem_userdata_file:dir rw_dir_perms;
-
-allow vold sysfs_scsi_devices_0000:file rw_file_perms;
-
-dontaudit vold dumpstate:fifo_file rw_file_perms;
-dontaudit vold dumpstate:fd use ;
--- a/tracking_denials/permissive.te
+++ b/tracking_denials/permissive.te
@ -41,4 +41,8 @@ userdebug_or_eng(`
  permissive system_server;
  permissive tcpdump_logger;
  permissive vendor_init;
+  permissive tee;
+  permissive trusty_apploader;
+  permissive trusty_metricsd;
+  permissive vold;
 ')
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -16,6 +16,11 @@
 /vendor/bin/dump/dump_wlan\.sh                                              u:object_r:dump_wlan_exec:s0
 /vendor/bin/rlsservice                                                      u:object_r:rlsservice_exec:s0
 /vendor/bin/tcpdump_logger                                                  u:object_r:tcpdump_logger_exec:s0
+/vendor/bin/storageproxyd                                                   u:object_r:tee_exec:s0
+/vendor/bin/trusty_apploader                                                u:object_r:trusty_apploader_exec:s0
+/vendor/bin/trusty_metricsd                                                 u:object_r:trusty_metricsd_exec:s0
+/vendor/bin/chre                                                            u:object_r:chre_exec:s0
+/vendor/bin/init\.uwb\.calib\.sh                                            u:object_r:vendor_uwb_init_exec:s0

 # Vendor Firmwares
 /vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0
--- a/vendor/trusty_apploader.te
+++ b/vendor/trusty_apploader.te
@ -0,0 +1,4 @@
+type trusty_apploader, domain;
+type trusty_apploader_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(trusty_apploader)
+
--- a/vendor/trusty_metricsd.te
+++ b/vendor/trusty_metricsd.te
@ -0,0 +1,5 @@
+type trusty_metricsd, domain;
+type trusty_metricsd_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(trusty_metricsd)
+
--- a/vendor/vendor_uwb_init.te
+++ b/vendor/vendor_uwb_init.te
@ -0,0 +1,4 @@
+type vendor_uwb_init, domain;
+type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(vendor_uwb_init)