diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index b8e22b66..af8f0b6c 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -1,10 +1,5 @@ # Binaries -/vendor/bin/chre u:object_r:chre_exec:s0 -/vendor/bin/storageproxyd u:object_r:tee_exec:s0 -/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 -/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 /vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0 -/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 /vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 diff --git a/legacy/whitechapel_pro/tee.te b/legacy/whitechapel_pro/tee.te deleted file mode 100644 index 811dcbbc..00000000 --- a/legacy/whitechapel_pro/tee.te +++ /dev/null @@ -1,19 +0,0 @@ -# Handle wake locks -wakelock_use(tee) - -allow tee persist_ss_file:file create_file_perms; -allow tee persist_ss_file:dir create_dir_perms; -allow tee persist_file:dir r_dir_perms; -allow tee mnt_vendor_file:dir r_dir_perms; -allow tee tee_data_file:dir rw_dir_perms; -allow tee tee_data_file:lnk_file r_file_perms; -allow tee sg_device:chr_file rw_file_perms; - -# Allow storageproxyd access to gsi_public_metadata_file -read_fstab(tee) - -# storageproxyd starts before /data is mounted. It handles /data not being there -# gracefully. However, attempts to access /data trigger a denial. -dontaudit tee unlabeled:dir { search }; - -set_prop(tee, vendor_trusty_storage_prop) diff --git a/legacy/whitechapel_pro/trusty_apploader.te b/legacy/whitechapel_pro/trusty_apploader.te deleted file mode 100644 index 983e3a03..00000000 --- a/legacy/whitechapel_pro/trusty_apploader.te +++ /dev/null @@ -1,7 +0,0 @@ -type trusty_apploader, domain; -type trusty_apploader_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(trusty_apploader) - -allow trusty_apploader ion_device:chr_file r_file_perms; -allow trusty_apploader tee_device:chr_file rw_file_perms; -allow trusty_apploader dmabuf_system_heap_device:chr_file r_file_perms; diff --git a/legacy/whitechapel_pro/trusty_metricsd.te b/legacy/whitechapel_pro/trusty_metricsd.te deleted file mode 100644 index 63fc85b6..00000000 --- a/legacy/whitechapel_pro/trusty_metricsd.te +++ /dev/null @@ -1,11 +0,0 @@ -type trusty_metricsd, domain; -type trusty_metricsd_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(trusty_metricsd) - -allow trusty_metricsd tee_device:chr_file rw_file_perms; - -# For Suez metrics collection -binder_use(trusty_metricsd) -binder_call(trusty_metricsd, system_server) -allow trusty_metricsd fwk_stats_service:service_manager find; diff --git a/legacy/whitechapel_pro/vendor_uwb_init.te b/legacy/whitechapel_pro/vendor_uwb_init.te deleted file mode 100644 index f317b253..00000000 --- a/legacy/whitechapel_pro/vendor_uwb_init.te +++ /dev/null @@ -1,10 +0,0 @@ -type vendor_uwb_init, domain; -type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(vendor_uwb_init) - -allow vendor_uwb_init vendor_shell_exec:file rx_file_perms; -allow vendor_uwb_init vendor_toolbox_exec:file rx_file_perms; - -allow vendor_uwb_init uwb_data_vendor:file create_file_perms; -allow vendor_uwb_init uwb_data_vendor:dir w_dir_perms; diff --git a/legacy/whitechapel_pro/vold.te b/legacy/whitechapel_pro/vold.te deleted file mode 100644 index 1306d7ca..00000000 --- a/legacy/whitechapel_pro/vold.te +++ /dev/null @@ -1,7 +0,0 @@ -allow vold modem_efs_file:dir rw_dir_perms; -allow vold modem_userdata_file:dir rw_dir_perms; - -allow vold sysfs_scsi_devices_0000:file rw_file_perms; - -dontaudit vold dumpstate:fifo_file rw_file_perms; -dontaudit vold dumpstate:fd use ; diff --git a/tracking_denials/permissive.te b/tracking_denials/permissive.te index 2f46cefc..970e7d56 100644 --- a/tracking_denials/permissive.te +++ b/tracking_denials/permissive.te @@ -41,4 +41,8 @@ userdebug_or_eng(` permissive system_server; permissive tcpdump_logger; permissive vendor_init; + permissive tee; + permissive trusty_apploader; + permissive trusty_metricsd; + permissive vold; ') diff --git a/vendor/file_contexts b/vendor/file_contexts index 5fc3d5fe..eae7b623 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -16,6 +16,11 @@ /vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 /vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 +/vendor/bin/storageproxyd u:object_r:tee_exec:s0 +/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 +/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 +/vendor/bin/chre u:object_r:chre_exec:s0 +/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 diff --git a/vendor/trusty_apploader.te b/vendor/trusty_apploader.te new file mode 100644 index 00000000..eb2dbcbe --- /dev/null +++ b/vendor/trusty_apploader.te @@ -0,0 +1,4 @@ +type trusty_apploader, domain; +type trusty_apploader_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(trusty_apploader) + diff --git a/vendor/trusty_metricsd.te b/vendor/trusty_metricsd.te new file mode 100644 index 00000000..c007231d --- /dev/null +++ b/vendor/trusty_metricsd.te @@ -0,0 +1,5 @@ +type trusty_metricsd, domain; +type trusty_metricsd_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(trusty_metricsd) + diff --git a/vendor/vendor_uwb_init.te b/vendor/vendor_uwb_init.te new file mode 100644 index 00000000..52160194 --- /dev/null +++ b/vendor/vendor_uwb_init.te @@ -0,0 +1,4 @@ +type vendor_uwb_init, domain; +type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(vendor_uwb_init)