Merge "restart domains"
This commit is contained in:
TreeHugger Robot
Android (Google) Code Review
commit
8ddedfa7fa
11 changed files with 22 additions and 163 deletions
|
|
@ -13,13 +13,10 @@
|
|||
/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0
|
||||
/vendor/bin/hw/samsung\.hardware\.media\.c2@1\.2-service u:object_r:mediacodec_samsung_exec:s0
|
||||
/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0
|
||||
/vendor/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0
|
||||
/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0
|
||||
|
||||
|
|
|
|||
|
|
@ -1,104 +0,0 @@
|
|||
type hal_camera_default_tmpfs, file_type;
|
||||
|
||||
allow hal_camera_default self:global_capability_class_set sys_nice;
|
||||
allow hal_camera_default kernel:process setsched;
|
||||
|
||||
binder_use(hal_camera_default);
|
||||
vndbinder_use(hal_camera_default);
|
||||
|
||||
allow hal_camera_default lwis_device:chr_file rw_file_perms;
|
||||
allow hal_camera_default gpu_device:chr_file rw_file_perms;
|
||||
allow hal_camera_default sysfs_chip_id:file r_file_perms;
|
||||
|
||||
# Face authentication code that is part of the camera HAL needs to allocate
|
||||
# dma_bufs and access the Trusted Execution Environment device node
|
||||
allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms;
|
||||
allow hal_camera_default tee_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow the camera hal to access the EdgeTPU service and the
|
||||
# Android shared memory allocated by the EdgeTPU service for
|
||||
# on-device compilation.
|
||||
allow hal_camera_default edgetpu_device:chr_file rw_file_perms;
|
||||
allow hal_camera_default sysfs_edgetpu:dir r_dir_perms;
|
||||
allow hal_camera_default sysfs_edgetpu:file r_file_perms;
|
||||
allow hal_camera_default edgetpu_vendor_service:service_manager find;
|
||||
binder_call(hal_camera_default, edgetpu_vendor_server)
|
||||
|
||||
# Allow the camera hal to access the GXP device.
|
||||
allow hal_camera_default gxp_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow access to data files used by the camera HAL
|
||||
allow hal_camera_default mnt_vendor_file:dir search;
|
||||
allow hal_camera_default persist_file:dir search;
|
||||
allow hal_camera_default persist_camera_file:dir rw_dir_perms;
|
||||
allow hal_camera_default persist_camera_file:file create_file_perms;
|
||||
allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms;
|
||||
allow hal_camera_default vendor_camera_data_file:file create_file_perms;
|
||||
|
||||
# Allow creating dump files for debugging in non-release builds
|
||||
userdebug_or_eng(`
|
||||
allow hal_camera_default vendor_camera_data_file:dir create_dir_perms;
|
||||
allow hal_camera_default vendor_camera_data_file:file create_file_perms;
|
||||
')
|
||||
|
||||
# tmpfs is used by google3 prebuilts linked by the HAL to unpack data files
|
||||
# compiled into the shared libraries with cc_embed_data rules
|
||||
tmpfs_domain(hal_camera_default);
|
||||
|
||||
# Allow access to camera-related system properties
|
||||
set_prop(hal_camera_default, vendor_camera_prop);
|
||||
set_prop(hal_camera_default, log_tag_prop);
|
||||
get_prop(hal_camera_default, vendor_camera_debug_prop);
|
||||
userdebug_or_eng(`
|
||||
set_prop(hal_camera_default, vendor_camera_fatp_prop);
|
||||
set_prop(hal_camera_default, vendor_camera_debug_prop);
|
||||
')
|
||||
|
||||
# For camera hal to talk with rlsservice
|
||||
allow hal_camera_default rls_service:service_manager find;
|
||||
binder_call(hal_camera_default, rlsservice)
|
||||
|
||||
hal_client_domain(hal_camera_default, hal_graphics_allocator);
|
||||
hal_client_domain(hal_camera_default, hal_graphics_composer)
|
||||
hal_client_domain(hal_camera_default, hal_power);
|
||||
hal_client_domain(hal_camera_default, hal_thermal);
|
||||
|
||||
# Allow access to sensor service for sensor_listener
|
||||
binder_call(hal_camera_default, system_server);
|
||||
|
||||
# Allow Binder calls to ECO service, needed by Entropy-Aware Filtering
|
||||
allow hal_camera_default eco_service:service_manager find;
|
||||
binder_call(hal_camera_default, mediacodec);
|
||||
binder_call(hal_camera_default, mediacodec_samsung);
|
||||
|
||||
# Allow camera HAL to query preferred camera frequencies from the radio HAL
|
||||
# extensions to avoid interference with cellular antennas.
|
||||
allow hal_camera_default hal_radioext_hwservice:hwservice_manager find;
|
||||
binder_call(hal_camera_default, hal_radioext_default);
|
||||
|
||||
# Allow camera HAL to connect to the stats service.
|
||||
allow hal_camera_default fwk_stats_service:service_manager find;
|
||||
|
||||
# For observing apex file changes
|
||||
allow hal_camera_default apex_info_file:file r_file_perms;
|
||||
|
||||
# Allow camera HAL to query current device clock frequencies.
|
||||
allow hal_camera_default sysfs_devfreq_cur:file r_file_perms;
|
||||
|
||||
# Allow camera HAL to read backlight of display
|
||||
allow hal_camera_default sysfs_leds:dir r_dir_perms;
|
||||
allow hal_camera_default sysfs_leds:file r_file_perms;
|
||||
|
||||
# Allow camera HAL to send trace packets to Perfetto
|
||||
userdebug_or_eng(`perfetto_producer(hal_camera_default)')
|
||||
|
||||
# Some file searches attempt to access system data and are denied.
|
||||
# This is benign and can be ignored.
|
||||
dontaudit hal_camera_default system_data_file:dir { search };
|
||||
|
||||
# google3 prebuilts attempt to connect to the wrong trace socket, ignore them.
|
||||
dontaudit hal_camera_default traced:unix_stream_socket { connectto };
|
||||
dontaudit hal_camera_default traced_producer_socket:sock_file { write };
|
||||
|
||||
# Allow access to always-on compute device node
|
||||
allow hal_camera_default aoc_device:chr_file rw_file_perms;
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
type hal_secure_element_uicc, domain;
|
||||
type hal_secure_element_uicc_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
hal_server_domain(hal_secure_element_uicc, hal_secure_element)
|
||||
init_daemon_domain(hal_secure_element_uicc)
|
||||
|
||||
# Allow hal_secure_element_uicc to access rild
|
||||
binder_call(hal_secure_element_uicc, rild);
|
||||
allow hal_secure_element_uicc hal_exynos_rild_hwservice:hwservice_manager find;
|
||||
|
||||
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow hal_thermal_default sysfs_iio_devices:dir r_dir_perms;
|
||||
allow hal_thermal_default sysfs_odpm:file r_file_perms;
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
type hal_usb_gadget_impl, domain;
|
||||
hal_server_domain(hal_usb_gadget_impl, hal_usb)
|
||||
hal_server_domain(hal_usb_gadget_impl, hal_usb_gadget)
|
||||
|
||||
type hal_usb_gadget_impl_exec, vendor_file_type, exec_type, file_type;
|
||||
init_daemon_domain(hal_usb_gadget_impl)
|
||||
|
||||
allow hal_usb_gadget_impl configfs:dir { create rmdir };
|
||||
allow hal_usb_gadget_impl functionfs:dir { watch watch_reads };
|
||||
set_prop(hal_usb_gadget_impl, vendor_usb_config_prop)
|
||||
|
||||
# parser the number of dwc3 irq
|
||||
allow hal_usb_gadget_impl proc_interrupts:file r_file_perms;
|
||||
|
||||
# change irq to other cores
|
||||
allow hal_usb_gadget_impl proc_irq:dir r_dir_perms;
|
||||
allow hal_usb_gadget_impl proc_irq:file w_file_perms;
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
type hal_usb_impl, domain;
|
||||
|
||||
type hal_usb_impl_exec, vendor_file_type, exec_type, file_type;
|
||||
init_daemon_domain(hal_usb_impl)
|
||||
hal_server_domain(hal_usb_impl, hal_usb)
|
||||
hal_server_domain(hal_usb_impl, hal_usb_gadget)
|
||||
|
||||
set_prop(hal_usb_impl, vendor_usb_config_prop)
|
||||
allow hal_usb_impl functionfs:dir { watch watch_reads };
|
||||
|
||||
allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms;
|
||||
allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms;
|
||||
|
||||
# Needed for reporting Usb Overheat suez event through statsd
|
||||
allow hal_usb_impl fwk_stats_service:service_manager find;
|
||||
binder_call(hal_usb_impl, servicemanager)
|
||||
|
||||
# Needed for monitoring usb port temperature
|
||||
allow hal_usb_impl self:capability2 wake_alarm;
|
||||
wakelock_use(hal_usb_impl);
|
||||
|
||||
# For interfacing with ThermalHAL
|
||||
hal_client_domain(hal_usb_impl, hal_thermal);
|
||||
|
||||
# For reading the usb-c throttling stats
|
||||
allow hal_usb_impl sysfs_usbc_throttling_stats:file r_file_perms;
|
||||
|
|
@ -21,4 +21,9 @@ userdebug_or_eng(`
|
|||
permissive con_monitor_app;
|
||||
permissive hal_secure_element_st54spi;
|
||||
permissive ofl_app;
|
||||
permissive hal_thermal_default;
|
||||
permissive hal_secure_element_uicc;
|
||||
permissive hal_usb_gadget_impl;
|
||||
permissive hal_usb_impl;
|
||||
permissive hal_camera_default;
|
||||
')
|
||||
|
|
|
|||
3
vendor/file_contexts
vendored
3
vendor/file_contexts
vendored
|
|
@ -5,6 +5,9 @@
|
|||
/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_st54spi_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0
|
||||
|
||||
# Vendor Firmwares
|
||||
/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
|
||||
|
|
|
|||
5
vendor/hal_secure_element_uicc.te
vendored
Normal file
5
vendor/hal_secure_element_uicc.te
vendored
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
type hal_secure_element_uicc, domain;
|
||||
type hal_secure_element_uicc_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(hal_secure_element_uicc)
|
||||
|
||||
5
vendor/hal_usb_gadget_impl.te
vendored
Normal file
5
vendor/hal_usb_gadget_impl.te
vendored
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
type hal_usb_gadget_impl, domain;
|
||||
|
||||
type hal_usb_gadget_impl_exec, vendor_file_type, exec_type, file_type;
|
||||
init_daemon_domain(hal_usb_gadget_impl)
|
||||
|
||||
4
vendor/hal_usb_impl.te
vendored
Normal file
4
vendor/hal_usb_impl.te
vendored
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
type hal_usb_impl, domain;
|
||||
|
||||
type hal_usb_impl_exec, vendor_file_type, exec_type, file_type;
|
||||
init_daemon_domain(hal_usb_impl)
|
||||
Loading…
Add table
Add a link
Reference in a new issue