Merge 24Q3 to AOSP main
Bug: 357762254 Merged-In: I9181b2344f2448b9debe1522528545ce90de8768 Change-Id: Ic5351ce6b46a46820c6d73d4f924c6b92d30b06d
This commit is contained in:
Xin Li
commit
39d96988e3
33 changed files with 149 additions and 124 deletions
|
|
@ -64,13 +64,14 @@ genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/cleared_time
|
|||
genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time u:object_r:sysfs_usbc_throttling_stats:s0
|
||||
genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time u:object_r:sysfs_usbc_throttling_stats:s0
|
||||
|
||||
# Coresight ETM
|
||||
genfscon sysfs /devices/platform/2b840000.etm u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/2b940000.etm u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/2ba40000.etm u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/2bb40000.etm u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/2bc40000.etm u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/2bd40000.etm u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/2be40000.etm u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/2bf40000.etm u:object_r:sysfs_devices_cs_etm:s0
|
||||
# ARM ETE
|
||||
genfscon sysfs /devices/platform/ete0 u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/ete1 u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/ete2 u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/ete3 u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/ete4 u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/ete5 u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/ete6 u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/ete7 u:object_r:sysfs_devices_cs_etm:s0
|
||||
genfscon sysfs /devices/platform/ete8 u:object_r:sysfs_devices_cs_etm:s0
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ vendor_internal_prop(vendor_camera_fatp_prop)
|
|||
vendor_internal_prop(vendor_ro_sys_default_prop)
|
||||
vendor_internal_prop(vendor_persist_sys_default_prop)
|
||||
vendor_internal_prop(vendor_display_prop)
|
||||
vendor_internal_prop(vendor_persist_prop)
|
||||
|
||||
# UWB calibration
|
||||
system_vendor_config_prop(vendor_uwb_calibration_prop)
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
rlsservice u:object_r:rls_service:s0
|
||||
|
|
@ -5,6 +5,7 @@ init_daemon_domain(cbd)
|
|||
set_prop(cbd, vendor_modem_prop)
|
||||
set_prop(cbd, vendor_cbd_prop)
|
||||
set_prop(cbd, vendor_rild_prop)
|
||||
get_prop(cbd, telephony_modem_prop)
|
||||
|
||||
allow cbd mnt_vendor_file:dir r_dir_perms;
|
||||
|
||||
|
|
|
|||
60
radio/copy_efs_files_to_data.te
Normal file
60
radio/copy_efs_files_to_data.te
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
type copy_efs_files_to_data, domain;
|
||||
type copy_efs_files_to_data_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(copy_efs_files_to_data);
|
||||
|
||||
|
||||
|
||||
# Allow creating files on /data/vendor/copied
|
||||
allow copy_efs_files_to_data modem_efs_image_file:dir { create_dir_perms };
|
||||
allow copy_efs_files_to_data modem_efs_image_file:file { create_file_perms };
|
||||
allow copy_efs_files_to_data modem_efs_image_file:lnk_file { create_file_perms };
|
||||
|
||||
|
||||
# Allow execute binaries from /vendor/bin
|
||||
allow copy_efs_files_to_data vendor_toolbox_exec:file rx_file_perms;
|
||||
allow copy_efs_files_to_data vendor_shell_exec:file rx_file_perms;
|
||||
|
||||
# Allow execute /vendor/bin/dump.f2fs
|
||||
allow copy_efs_files_to_data vendor_file:file { getattr execute_no_trans };
|
||||
|
||||
# Allow execute dump.f2fs to dump files from /dev/block/by-name/efs
|
||||
allow copy_efs_files_to_data block_device:dir search;
|
||||
allow copy_efs_files_to_data efs_block_device:blk_file r_file_perms;
|
||||
allow copy_efs_files_to_data modem_userdata_block_device:blk_file r_file_perms;
|
||||
allow copy_efs_files_to_data persist_block_device:blk_file r_file_perms;
|
||||
|
||||
# Allow checking if /data/vendor/copied/[efs/efs_backup/persist] exist
|
||||
allow copy_efs_files_to_data modem_efs_file:dir getattr;
|
||||
allow copy_efs_files_to_data modem_userdata_file:dir getattr;
|
||||
allow copy_efs_files_to_data persist_file:dir getattr;
|
||||
|
||||
|
||||
allow copy_efs_files_to_data sysfs_scsi_devices_0000:dir r_dir_perms;
|
||||
allow copy_efs_files_to_data sysfs_scsi_devices_0000:file r_file_perms;
|
||||
|
||||
# dump.f2fs need to restore file permissions after dumping
|
||||
# files from an f2fs image
|
||||
allow copy_efs_files_to_data self:capability chown;
|
||||
allow copy_efs_files_to_data self:capability fowner;
|
||||
|
||||
|
||||
allow copy_efs_files_to_data kmsg_debug_device:chr_file { w_file_perms ioctl getattr };
|
||||
|
||||
|
||||
|
||||
# Should not write to any block devices. Only read from block device
|
||||
# and dump files to /data/vendor/copied
|
||||
dontaudit copy_efs_files_to_data dev_type:blk_file write;
|
||||
# Setting xattr requires sys_admin
|
||||
dontaudit copy_efs_files_to_data self:capability sys_admin;
|
||||
# dump.f2fs would attempt to restore selinux on dumped files, but we
|
||||
# will use restorecon to do the job.
|
||||
dontaudit copy_efs_files_to_data modem_efs_image_file:dir relabelfrom;
|
||||
dontaudit copy_efs_files_to_data modem_efs_image_file:file relabelfrom;
|
||||
dontaudit copy_efs_files_to_data modem_efs_file:dir relabelto;
|
||||
dontaudit copy_efs_files_to_data modem_efs_file:file relabelto;
|
||||
dontaudit copy_efs_files_to_data modem_userdata_file:dir relabelto;
|
||||
dontaudit copy_efs_files_to_data modem_userdata_file:file relabelto;
|
||||
dontaudit copy_efs_files_to_data vendor_persist_type:dir relabelto;
|
||||
dontaudit copy_efs_files_to_data vendor_persist_type:file relabelto;
|
||||
|
|
@ -1,5 +1,6 @@
|
|||
# Data
|
||||
type rild_vendor_data_file, file_type, data_file_type;
|
||||
type modem_efs_image_file, file_type, data_file_type;
|
||||
type vendor_gps_file, file_type, data_file_type;
|
||||
type modem_ml_data_file, file_type, data_file_type;
|
||||
type modem_stat_data_file, file_type, data_file_type;
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@
|
|||
/vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0
|
||||
/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0
|
||||
/vendor/bin/liboemservice_proxy_default u:object_r:liboemservice_proxy_default_exec:s0
|
||||
/vendor/bin/copy_efs_files_to_data u:object_r:copy_efs_files_to_data_exec:s0
|
||||
|
||||
# Config files
|
||||
/vendor/etc/modem_ml_models\.conf u:object_r:modem_config_file:s0
|
||||
|
|
@ -23,6 +24,7 @@
|
|||
/data/vendor/modem_ml(/.*)? u:object_r:modem_ml_data_file:s0
|
||||
/data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0
|
||||
/data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0
|
||||
/data/vendor/copied(/.*)? u:object_r:modem_efs_image_file:s0
|
||||
|
||||
# vendor extra images
|
||||
/mnt/vendor/efs(/.*)? u:object_r:modem_efs_file:s0
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@ allow modem_diagnostic_app app_api_service:service_manager find;
|
|||
allow modem_diagnostic_app radio_service:service_manager find;
|
||||
|
||||
userdebug_or_eng(`
|
||||
allow modem_diagnostic_app sysfs_modem_state:file r_file_perms;
|
||||
|
||||
hal_client_domain(modem_diagnostic_app, hal_power_stats);
|
||||
|
||||
allow modem_diagnostic_app hal_exynos_rild_hwservice:hwservice_manager find;
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ allow modem_svc_sit modem_stat_data_file:file create_file_perms;
|
|||
allow modem_svc_sit vendor_fw_file:dir search;
|
||||
allow modem_svc_sit vendor_fw_file:file r_file_perms;
|
||||
|
||||
allow modem_svc_sit mnt_vendor_file:dir search;
|
||||
allow modem_svc_sit mnt_vendor_file:dir r_dir_perms;
|
||||
allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
|
||||
allow modem_svc_sit modem_userdata_file:file create_file_perms;
|
||||
|
||||
|
|
@ -36,3 +36,12 @@ get_prop(modem_svc_sit, hwservicemanager_prop)
|
|||
|
||||
# logging property
|
||||
get_prop(modem_svc_sit, vendor_logger_prop)
|
||||
|
||||
# Write trace data to the Perfetto traced daemon. This requires connecting to
|
||||
# its producer socket and obtaining a (per-process) tmpfs fd.
|
||||
perfetto_producer(modem_svc_sit)
|
||||
|
||||
# Allow modem_svc_sit to access modem image file/dir
|
||||
allow modem_svc_sit modem_img_file:dir r_dir_perms;
|
||||
allow modem_svc_sit modem_img_file:file r_file_perms;
|
||||
allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
|
||||
|
|
@ -29,6 +29,7 @@ allow rfsd radio_device:chr_file rw_file_perms;
|
|||
# Allow to set rild and modem property
|
||||
set_prop(rfsd, vendor_modem_prop)
|
||||
set_prop(rfsd, vendor_rild_prop)
|
||||
set_prop(rfsd, vendor_cbd_prop)
|
||||
|
||||
# Allow rfsd to access modem image file/dir
|
||||
allow rfsd modem_img_file:dir r_dir_perms;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,3 @@
|
|||
# Sub System Ramdump
|
||||
user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user
|
||||
|
||||
# CBRS setup app
|
||||
user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user
|
||||
|
||||
|
|
|
|||
|
|
@ -1,24 +0,0 @@
|
|||
type ssr_detector_app, domain;
|
||||
|
||||
app_domain(ssr_detector_app)
|
||||
allow ssr_detector_app app_api_service:service_manager find;
|
||||
allow ssr_detector_app radio_service:service_manager find;
|
||||
|
||||
allow ssr_detector_app system_app_data_file:dir create_dir_perms;
|
||||
allow ssr_detector_app system_app_data_file:file create_file_perms;
|
||||
|
||||
allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
|
||||
allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms;
|
||||
userdebug_or_eng(`
|
||||
allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms;
|
||||
allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms;
|
||||
get_prop(ssr_detector_app, vendor_aoc_prop)
|
||||
allow ssr_detector_app sysfs_sjtag:dir r_dir_perms;
|
||||
allow ssr_detector_app sysfs_sjtag:file rw_file_perms;
|
||||
allow ssr_detector_app proc_vendor_sched:dir search;
|
||||
allow ssr_detector_app proc_vendor_sched:file rw_file_perms;
|
||||
allow ssr_detector_app cgroup:file write;
|
||||
')
|
||||
|
||||
get_prop(ssr_detector_app, vendor_ssrdump_prop)
|
||||
get_prop(ssr_detector_app, vendor_wifi_version)
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
set_prop(vendor_init, vendor_cbd_prop)
|
||||
get_prop(vendor_init, telephony_modem_prop)
|
||||
set_prop(vendor_init, vendor_carrier_prop)
|
||||
set_prop(vendor_init, vendor_modem_prop)
|
||||
set_prop(vendor_init, vendor_rild_prop)
|
||||
|
|
|
|||
5
system_ext/private/pixelntnservice_app.te
Normal file
5
system_ext/private/pixelntnservice_app.te
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
typeattribute pixelntnservice_app coredomain;
|
||||
|
||||
app_domain(pixelntnservice_app);
|
||||
allow pixelntnservice_app app_api_service:service_manager find;
|
||||
set_prop(pixelntnservice_app, telephony_modem_prop)
|
||||
|
|
@ -1,2 +1,6 @@
|
|||
# Telephony
|
||||
telephony.TnNtn.image_switch u:object_r:telephony_modem_prop:s0 exact enum ntn tn
|
||||
telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool
|
||||
|
||||
# HDCP setting of the display connected via USB port
|
||||
persist.sys.hdcp_checking u:object_r:usb_control_prop:s0 exact string
|
||||
|
|
|
|||
|
|
@ -4,3 +4,6 @@ user=_app seinfo=platform name=com.android.systemui:* domain=systemui_app type=a
|
|||
|
||||
# PixelDisplayService
|
||||
user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all
|
||||
|
||||
# PixelNtnService
|
||||
user=system seinfo=platform name=com.google.android.satellite domain=pixelntnservice_app type=app_data_file levelFrom=all
|
||||
|
|
|
|||
1
system_ext/public/pixelntnservice_app.te
Normal file
1
system_ext/public/pixelntnservice_app.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
type pixelntnservice_app, domain;
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
# Telephony
|
||||
system_public_prop(telephony_ril_prop)
|
||||
system_restricted_prop(telephony_modem_prop)
|
||||
|
||||
userdebug_or_eng(`
|
||||
set_prop(shell, telephony_ril_prop)
|
||||
')
|
||||
')
|
||||
|
|
|
|||
|
|
@ -7,7 +7,8 @@ insmod-sh insmod-sh key b/274374722
|
|||
kernel dm_device blk_file b/319403445
|
||||
mtectrl unlabeled dir b/264483752
|
||||
pixelstats_vendor sysfs file b/299553682
|
||||
rfsd vendor_cbd_prop file b/323086582
|
||||
shell sysfs_net file b/330081782
|
||||
ssr_detector_app default_prop file b/340722729
|
||||
system_server sysfs_batteryinfo file b/294967729
|
||||
system_suspend sysfs_batteryinfo dir b/317316633
|
||||
vendor_init default_prop file b/315104235
|
||||
|
|
|
|||
2
vendor/file_contexts
vendored
2
vendor/file_contexts
vendored
|
|
@ -13,7 +13,6 @@
|
|||
/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0
|
||||
/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0
|
||||
/vendor/bin/dump/dump_power u:object_r:dump_power_exec:s0
|
||||
/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0
|
||||
/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0
|
||||
/vendor/bin/storageproxyd u:object_r:tee_exec:s0
|
||||
/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0
|
||||
|
|
@ -43,6 +42,7 @@
|
|||
/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0
|
||||
/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0
|
||||
/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0
|
||||
/data/vendor/fingerprint(/.*)? u:object_r:fingerprint_vendor_data_file:s0
|
||||
|
||||
# persist
|
||||
/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0
|
||||
|
|
|
|||
10
vendor/genfs_contexts
vendored
10
vendor/genfs_contexts
vendored
|
|
@ -77,6 +77,7 @@ genfscon sysfs /devices/platform/19470000.drmdecon/counters
|
|||
genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/power_state u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0
|
||||
|
|
@ -243,11 +244,11 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/main
|
|||
genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb1 u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2 u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb1 u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2 u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
|
@ -274,6 +275,7 @@ genfscon sysfs /devices/virtual/wakeup/wakeup
|
|||
genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/wakeup/ u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/wakeup/ u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
||||
# Trusty
|
||||
genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0
|
||||
|
|
|
|||
11
vendor/hal_camera_default.te
vendored
11
vendor/hal_camera_default.te
vendored
|
|
@ -43,10 +43,6 @@ userdebug_or_eng(`
|
|||
set_prop(hal_camera_default, vendor_camera_debug_prop);
|
||||
')
|
||||
|
||||
# For camera hal to talk with rlsservice
|
||||
allow hal_camera_default rls_service:service_manager find;
|
||||
binder_call(hal_camera_default, rlsservice)
|
||||
|
||||
hal_client_domain(hal_camera_default, hal_graphics_allocator);
|
||||
hal_client_domain(hal_camera_default, hal_graphics_composer)
|
||||
hal_client_domain(hal_camera_default, hal_power);
|
||||
|
|
@ -68,9 +64,10 @@ allow hal_camera_default apex_info_file:file r_file_perms;
|
|||
# Allow camera HAL to query current device clock frequencies.
|
||||
allow hal_camera_default sysfs_devfreq_cur:file r_file_perms;
|
||||
|
||||
# Allow camera HAL to read backlight of display
|
||||
# Allow camera HAL to read display info, including backlight
|
||||
allow hal_camera_default sysfs_leds:dir r_dir_perms;
|
||||
allow hal_camera_default sysfs_leds:file r_file_perms;
|
||||
allow hal_camera_default sysfs_display:file r_file_perms;
|
||||
|
||||
# Allow camera HAL to query preferred camera frequencies from the radio HAL
|
||||
# extensions to avoid interference with cellular antennas.
|
||||
|
|
@ -80,10 +77,6 @@ binder_call(hal_camera_default, hal_radioext_default);
|
|||
# Allows camera HAL to access the hw_jpeg /dev/video12.
|
||||
allow hal_camera_default hw_jpg_device:chr_file rw_file_perms;
|
||||
|
||||
# For camera hal to talk with rlsservice
|
||||
allow hal_camera_default rls_service:service_manager find;
|
||||
binder_call(hal_camera_default, rlsservice)
|
||||
|
||||
# Allow access to always-on compute device node
|
||||
allow hal_camera_default aoc_device:chr_file rw_file_perms;
|
||||
|
||||
|
|
|
|||
6
vendor/hal_fingerprint_default.te
vendored
6
vendor/hal_fingerprint_default.te
vendored
|
|
@ -41,3 +41,9 @@ allow hal_fingerprint_default sysfs_leds:dir r_dir_perms;
|
|||
# Allow fingerprint to access sysfs_aoc_udfps
|
||||
allow hal_fingerprint_default sysfs_aoc:dir search;
|
||||
allow hal_fingerprint_default sysfs_aoc_udfps:file rw_file_perms;
|
||||
|
||||
# Allow fingerprint to read nsp file
|
||||
allow hal_fingerprint_default modem_efs_image_file:dir search;
|
||||
allow hal_fingerprint_default persist_file:dir search;
|
||||
allow hal_fingerprint_default persist_ss_file:dir search;
|
||||
allow hal_fingerprint_default persist_ss_file:file r_file_perms;
|
||||
|
|
|
|||
5
vendor/hal_gnss_pixel.te
vendored
Normal file
5
vendor/hal_gnss_pixel.te
vendored
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
type hal_gnss_pixel, domain;
|
||||
init_daemon_domain(hal_gnss_pixel)
|
||||
type hal_gnss_pixel_exec, exec_type, vendor_file_type, file_type;
|
||||
hal_server_domain(hal_gnss_pixel, hal_gnss)
|
||||
|
||||
15
vendor/kernel.te
vendored
15
vendor/kernel.te
vendored
|
|
@ -8,19 +8,16 @@ allow kernel per_boot_file:file r_file_perms;
|
|||
allow kernel self:capability2 perfmon;
|
||||
allow kernel self:perf_event cpu;
|
||||
|
||||
no_debugfs_restriction(`
|
||||
userdebug_or_eng(`
|
||||
allow kernel vendor_battery_debugfs:dir search;
|
||||
allow kernel vendor_regmap_debugfs:dir search;
|
||||
allow kernel vendor_usb_debugfs:dir search;
|
||||
allow kernel vendor_votable_debugfs:dir search;
|
||||
allow kernel vendor_charger_debugfs:dir search;
|
||||
allow kernel vendor_maxfg_debugfs:dir search;
|
||||
')
|
||||
|
||||
dontaudit kernel vendor_maxfg_debugfs:dir search;
|
||||
dontaudit kernel sepolicy_file:file getattr;
|
||||
dontaudit kernel system_bootstrap_lib_file:dir getattr;
|
||||
dontaudit kernel system_bootstrap_lib_file:file getattr;
|
||||
dontaudit kernel system_dlkm_file:dir getattr;
|
||||
dontaudit kernel vendor_battery_debugfs:dir search;
|
||||
dontaudit kernel vendor_charger_debugfs:dir search;
|
||||
dontaudit kernel vendor_votable_debugfs:dir search;
|
||||
dontaudit kernel vendor_usb_debugfs:dir search;
|
||||
|
||||
allow kernel vendor_regmap_debugfs:dir search;
|
||||
|
||||
|
|
|
|||
1
vendor/pixelstats_vendor.te
vendored
1
vendor/pixelstats_vendor.te
vendored
|
|
@ -1,5 +1,6 @@
|
|||
# Battery history
|
||||
allow pixelstats_vendor battery_history_device:chr_file r_file_perms;
|
||||
allow pixelstats_vendor logbuffer_device:chr_file r_file_perms;
|
||||
|
||||
# BCL
|
||||
allow pixelstats_vendor sysfs_bcl:dir search;
|
||||
|
|
|
|||
6
vendor/property_contexts
vendored
6
vendor/property_contexts
vendored
|
|
@ -24,6 +24,10 @@ vendor.mali. u:object_r:vendor_arm_runtime_option_
|
|||
# Display
|
||||
persist.vendor.primarydisplay. u:object_r:vendor_display_prop:s0 prefix
|
||||
ro.vendor.primarydisplay.preferred_mode u:object_r:vendor_display_prop:s0 exact string
|
||||
ro.vendor.primarydisplay.vrr.enabled u:object_r:vendor_display_prop:s0 exact bool
|
||||
ro.vendor.primarydisplay.xrr.version u:object_r:vendor_display_prop:s0 exact string
|
||||
ro.vendor.primarydisplay.blocking_zone.min_refresh_rate_by_nits u:object_r:vendor_display_prop:s0 exact string
|
||||
ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int
|
||||
ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int
|
||||
|
||||
# For checking if persist partition is mounted
|
||||
ro.vendor.persist.status u:object_r:vendor_persist_prop:s0 exact string
|
||||
|
|
|
|||
24
vendor/ramdump_app.te
vendored
24
vendor/ramdump_app.te
vendored
|
|
@ -1,24 +0,0 @@
|
|||
type ramdump_app, domain;
|
||||
|
||||
userdebug_or_eng(`
|
||||
app_domain(ramdump_app)
|
||||
|
||||
allow ramdump_app app_api_service:service_manager find;
|
||||
|
||||
allow ramdump_app ramdump_vendor_data_file:file create_file_perms;
|
||||
allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms;
|
||||
|
||||
set_prop(ramdump_app, vendor_ramdump_prop)
|
||||
get_prop(ramdump_app, system_boot_reason_prop)
|
||||
|
||||
# To access ramdumpfs.
|
||||
allow ramdump_app mnt_vendor_file:dir search;
|
||||
allow ramdump_app ramdump_vendor_mnt_file:dir create_dir_perms;
|
||||
allow ramdump_app ramdump_vendor_mnt_file:file create_file_perms;
|
||||
|
||||
# To access subsystem ramdump files and dirs.
|
||||
allow ramdump_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
|
||||
allow ramdump_app sscoredump_vendor_data_crashinfo_file:file r_file_perms;
|
||||
allow ramdump_app sscoredump_vendor_data_coredump_file:dir r_dir_perms;
|
||||
allow ramdump_app sscoredump_vendor_data_coredump_file:file r_file_perms;
|
||||
')
|
||||
32
vendor/rlsservice.te
vendored
32
vendor/rlsservice.te
vendored
|
|
@ -1,32 +0,0 @@
|
|||
type rlsservice, domain;
|
||||
type rlsservice_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(rlsservice)
|
||||
vndbinder_use(rlsservice)
|
||||
add_service(rlsservice, rls_service)
|
||||
|
||||
# access rainbow sensor calibration files
|
||||
allow rlsservice persist_file:dir search;
|
||||
allow rlsservice persist_camera_file:dir search;
|
||||
allow rlsservice persist_camera_file:file r_file_perms;
|
||||
allow rlsservice mnt_vendor_file:dir search;
|
||||
|
||||
# access device files
|
||||
allow rlsservice rls_device:chr_file rw_file_perms;
|
||||
|
||||
binder_call(rlsservice, hal_camera_default)
|
||||
|
||||
# Allow access to display backlight information
|
||||
allow rlsservice sysfs_leds:dir search;
|
||||
allow rlsservice sysfs_leds:file r_file_perms;
|
||||
|
||||
# Allow access to always-on compute device node
|
||||
allow rlsservice device:dir r_file_perms;
|
||||
allow rlsservice aoc_device:chr_file rw_file_perms;
|
||||
|
||||
# For observing apex file changes
|
||||
allow rlsservice apex_info_file:file r_file_perms;
|
||||
|
||||
# Allow read camera property
|
||||
get_prop(rlsservice, vendor_camera_prop);
|
||||
|
||||
3
vendor/seapp_contexts
vendored
3
vendor/seapp_contexts
vendored
|
|
@ -1,9 +1,6 @@
|
|||
# Domain for EuiccSupportPixel
|
||||
user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
|
||||
|
||||
# coredump/ramdump
|
||||
user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
|
||||
|
||||
# Domain for connectivity monitor
|
||||
user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
|
||||
|
||||
|
|
|
|||
2
vendor/service_contexts
vendored
2
vendor/service_contexts
vendored
|
|
@ -3,3 +3,5 @@ com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_
|
|||
vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0
|
||||
|
||||
arm.mali.platform.ICompression/default u:object_r:arm_mali_platform_service:s0
|
||||
|
||||
android.hardware.media.c2.IComponentStore/default1 u:object_r:hal_codec2_service:s0
|
||||
|
|
|
|||
5
vendor/tee.te
vendored
5
vendor/tee.te
vendored
|
|
@ -10,6 +10,11 @@ allow tee tee_data_file:lnk_file r_file_perms;
|
|||
allow tee tee_persist_block_device:blk_file rw_file_perms;
|
||||
allow tee block_device:dir search;
|
||||
|
||||
|
||||
# /mnt/vendor/persist/ss/0 sometimes gets labeled as persist_ss_file,
|
||||
# depending on the order of restorecon (b/336314247)
|
||||
allow tee persist_ss_file:lnk_file read;
|
||||
|
||||
# Allow storageproxyd access to gsi_public_metadata_file
|
||||
read_fstab(tee)
|
||||
|
||||
|
|
|
|||
5
vendor/vendor_init.te
vendored
5
vendor/vendor_init.te
vendored
|
|
@ -34,4 +34,7 @@ set_prop(vendor_init, vendor_ssrdump_prop)
|
|||
|
||||
# MM
|
||||
allow vendor_init proc_watermark_scale_factor:file w_file_perms;
|
||||
allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms;
|
||||
|
||||
# Allow vendor_init to read ro.vendor.persist.status
|
||||
# to process init.rc actions
|
||||
set_prop(vendor_init, vendor_persist_prop)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue