Add sensor boot-to-home required policy am: d0105abe01
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21552482 Change-Id: I95c23468276681b97969e2fe6376e914aed2fe1f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Wilson Sung
Automerger Merge Worker
commit
8fa2055112
10 changed files with 91 additions and 79 deletions
9
vendor/file.te
vendored
9
vendor/file.te
vendored
|
|
@ -1,11 +1,14 @@
|
|||
# persist
|
||||
type persist_display_file, file_type, vendor_persist_type;
|
||||
type persist_battery_file, file_type, vendor_persist_type;
|
||||
type persist_camera_file, file_type, vendor_persist_type;
|
||||
type persist_sensor_reg_file, file_type, vendor_persist_type;
|
||||
|
||||
#sysfs
|
||||
type sysfs_mfc, sysfs_type, fs_type;
|
||||
type sysfs_power_dump, sysfs_type, fs_type;
|
||||
type sysfs_acpm_stats, sysfs_type, fs_type;
|
||||
type sysfs_write_leds, sysfs_type, fs_type;
|
||||
|
||||
# Trusty
|
||||
type sysfs_trusty, sysfs_type, fs_type;
|
||||
|
|
@ -26,6 +29,12 @@ type vendor_cma_debugfs, fs_type, debugfs_type;
|
|||
# WLC
|
||||
type sysfs_wlc, sysfs_type, fs_type;
|
||||
|
||||
# CHRE
|
||||
type chre_socket, file_type;
|
||||
|
||||
# Data
|
||||
type sensor_reg_data_file, file_type, data_file_type;
|
||||
|
||||
# Vendor sched files
|
||||
userdebug_or_eng(`
|
||||
typeattribute proc_vendor_sched mlstrustedobject;
|
||||
|
|
|
|||
18
vendor/genfs_contexts
vendored
18
vendor/genfs_contexts
vendored
|
|
@ -398,3 +398,21 @@ genfscon sysfs /kernel/pixel_em/active_profile u:obje
|
|||
|
||||
# GPU
|
||||
genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0
|
||||
|
||||
# AOC
|
||||
genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0
|
||||
genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0
|
||||
|
|
|
|||
58
vendor/hal_sensors_default.te
vendored
Normal file
58
vendor/hal_sensors_default.te
vendored
Normal file
|
|
@ -0,0 +1,58 @@
|
|||
# Allow access to the AoC communication driver.
|
||||
allow hal_sensors_default aoc_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow create thread to watch AOC's device.
|
||||
allow hal_sensors_default device:dir r_dir_perms;
|
||||
|
||||
# Allow access to CHRE socket to connect to nanoapps.
|
||||
allow hal_sensors_default chre:unix_stream_socket connectto;
|
||||
allow hal_sensors_default chre_socket:sock_file write;
|
||||
|
||||
# Allow SensorSuez to connect AIDL stats.
|
||||
allow hal_sensors_default fwk_stats_service:service_manager find;
|
||||
|
||||
# Allow sensor HAL to access the graphics composer.
|
||||
binder_call(hal_sensors_default, hal_graphics_composer_default);
|
||||
|
||||
# Allow sensor HAL to access the display service HAL
|
||||
allow hal_sensors_default hal_pixel_display_service:service_manager find;
|
||||
|
||||
# Allow reading of sensor registry persist files and camera persist files.
|
||||
allow hal_sensors_default mnt_vendor_file:dir search;
|
||||
allow hal_sensors_default persist_file:dir search;
|
||||
allow hal_sensors_default persist_file:file r_file_perms;
|
||||
allow hal_sensors_default persist_sensor_reg_file:dir r_dir_perms;
|
||||
allow hal_sensors_default persist_sensor_reg_file:file r_file_perms;
|
||||
r_dir_file(hal_sensors_default, persist_camera_file)
|
||||
|
||||
# Allow creation and writing of sensor registry data files.
|
||||
allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms;
|
||||
allow hal_sensors_default sensor_reg_data_file:file create_file_perms;
|
||||
|
||||
# Allow access to the sysfs_aoc.
|
||||
allow hal_sensors_default sysfs_aoc:dir search;
|
||||
allow hal_sensors_default sysfs_aoc:file r_file_perms;
|
||||
|
||||
# Allow access to the AoC clock and kernel boot time sys FS node. This is needed
|
||||
# to synchronize the AP and AoC clock timestamps.
|
||||
allow hal_sensors_default sysfs_aoc_boottime:file r_file_perms;
|
||||
|
||||
# Allow display_info_service access to the backlight driver.
|
||||
allow hal_sensors_default sysfs_write_leds:file rw_file_perms;
|
||||
|
||||
# Allow access to sensor service for sensor_listener.
|
||||
binder_call(hal_sensors_default, system_server);
|
||||
|
||||
# Allow access for dynamic sensor properties.
|
||||
get_prop(hal_sensors_default, vendor_dynamic_sensor_prop)
|
||||
|
||||
# Allow access to the display info for ALS.
|
||||
allow hal_sensors_default sysfs_display:file rw_file_perms;
|
||||
|
||||
# Allow access to the files of CDT information.
|
||||
allow hal_sensors_default sysfs_chosen:dir search;
|
||||
allow hal_sensors_default sysfs_chosen:file r_file_perms;
|
||||
|
||||
# Allow display_info_service access to the backlight driver.
|
||||
allow hal_sensors_default sysfs_leds:dir search;
|
||||
allow hal_sensors_default sysfs_leds:file r_file_perms;
|
||||
3
vendor/property.te
vendored
3
vendor/property.te
vendored
|
|
@ -7,3 +7,6 @@ vendor_internal_prop(vendor_shutdown_prop)
|
|||
|
||||
# USB
|
||||
vendor_internal_prop(vendor_usb_config_prop)
|
||||
|
||||
# Dynamic sensor
|
||||
vendor_internal_prop(vendor_dynamic_sensor_prop)
|
||||
|
|
|
|||
3
vendor/property_contexts
vendored
3
vendor/property_contexts
vendored
|
|
@ -15,3 +15,6 @@ persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0
|
|||
# USB
|
||||
persist.vendor.usb. u:object_r:vendor_usb_config_prop:s0
|
||||
vendor.usb. u:object_r:vendor_usb_config_prop:s0
|
||||
|
||||
# Dynamic sensor
|
||||
vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue