diff --git a/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te index ffc8f9a8..be9279b8 100644 --- a/legacy/whitechapel_pro/device.te +++ b/legacy/whitechapel_pro/device.te @@ -10,10 +10,6 @@ type faceauth_heap_device, dmabuf_heap_device_type, dev_type; type vframe_heap_device, dmabuf_heap_device_type, dev_type; type vscaler_heap_device, dmabuf_heap_device_type, dev_type; -# SecureElement SPI device -type st54spi_device, dev_type; -type st33spi_device, dev_type; - # Raw HID device type hidraw_device, dev_type; diff --git a/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te index fa3ce33e..672be660 100644 --- a/legacy/whitechapel_pro/file.te +++ b/legacy/whitechapel_pro/file.te @@ -60,10 +60,6 @@ type proc_f2fs, proc_type, fs_type; # Vendor tools type vendor_dumpsys, vendor_file_type, file_type; -# SecureElement -type sysfs_st33spi, sysfs_type, fs_type; -typeattribute sysfs_st33spi mlstrustedobject; - # USB-C throttling stats type sysfs_usbc_throttling_stats, sysfs_type, fs_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index df755e96..de0d4ef1 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -99,8 +99,6 @@ /dev/trusty-ipc-dev0 u:object_r:tee_device:s0 /dev/sg1 u:object_r:sg_device:s0 /dev/st21nfc u:object_r:nfc_device:s0 -/dev/st54spi u:object_r:st54spi_device:s0 -/dev/st33spi u:object_r:st33spi_device:s0 /dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 /dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0 /dev/socket/chre u:object_r:chre_socket:s0 diff --git a/legacy/whitechapel_pro/genfs_contexts b/legacy/whitechapel_pro/genfs_contexts index b594dacd..9d21f598 100644 --- a/legacy/whitechapel_pro/genfs_contexts +++ b/legacy/whitechapel_pro/genfs_contexts @@ -150,9 +150,6 @@ genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -#SecureElement -genfscon sysfs /devices/platform/181c0000.spi/spi_master/spi17/spi17.0/st33spi u:object_r:sysfs_st33spi:s0 - # Thermal genfscon sysfs /devices/platform/100a0000.LITTLE u:object_r:sysfs_thermal:s0 genfscon sysfs /devices/platform/100a0000.MID u:object_r:sysfs_thermal:s0 diff --git a/legacy/whitechapel_pro/vendor_init.te b/legacy/whitechapel_pro/vendor_init.te index f4769976..00c3a387 100644 --- a/legacy/whitechapel_pro/vendor_init.te +++ b/legacy/whitechapel_pro/vendor_init.te @@ -14,7 +14,6 @@ allow vendor_init proc_sched:file w_file_perms; set_prop(vendor_init, vendor_nfc_prop) # SecureElement vendor property set_prop(vendor_init, vendor_secure_element_prop) -allow vendor_init sysfs_st33spi:file w_file_perms; # Fingerprint property set_prop(vendor_init, vendor_fingerprint_prop) diff --git a/tracking_denials/hal_secure_element_st54spi.te b/tracking_denials/hal_secure_element_st54spi.te deleted file mode 100644 index fb44b62c..00000000 --- a/tracking_denials/hal_secure_element_st54spi.te +++ /dev/null @@ -1,13 +0,0 @@ -# b/261519145 -dontaudit hal_secure_element_st54spi hwservicemanager:binder { call }; -dontaudit hal_secure_element_st54spi hwservicemanager:binder { transfer }; -dontaudit hal_secure_element_st54spi hwservicemanager_prop:file { getattr }; -dontaudit hal_secure_element_st54spi hwservicemanager_prop:file { map }; -dontaudit hal_secure_element_st54spi hwservicemanager_prop:file { open }; -dontaudit hal_secure_element_st54spi hwservicemanager_prop:file { read }; -dontaudit hal_secure_element_st54spi init:unix_stream_socket { connectto }; -dontaudit hal_secure_element_st54spi property_socket:sock_file { write }; -dontaudit hal_secure_element_st54spi secure_element:binder { call }; -dontaudit hal_secure_element_st54spi st54spi_device:chr_file { open }; -dontaudit hal_secure_element_st54spi st54spi_device:chr_file { read write }; -dontaudit hal_secure_element_st54spi vendor_secure_element_prop:property_service { set }; diff --git a/tracking_denials/secure_element.te b/tracking_denials/secure_element.te index 91937c0d..6d834ef7 100644 --- a/tracking_denials/secure_element.te +++ b/tracking_denials/secure_element.te @@ -2,9 +2,6 @@ dontaudit secure_element euiccpixel_app:binder { transfer }; # b/260922187 dontaudit secure_element euiccpixel_app:binder { transfer }; -# b/261519169 -dontaudit secure_element hal_secure_element_st54spi:binder { call }; -dontaudit secure_element hal_secure_element_st54spi:binder { transfer }; # b/261651095 dontaudit secure_element hal_secure_element_uicc:binder { call }; dontaudit secure_element hal_secure_element_uicc:binder { transfer }; diff --git a/vendor/device.te b/vendor/device.te index ec7e51db..2e4cc203 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -3,3 +3,6 @@ type custom_ab_block_device, dev_type; type devinfo_block_device, dev_type; type mfg_data_block_device, dev_type; type logbuffer_device, dev_type; + +# SecureElement SPI device +type st54spi_device, dev_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 2d618c08..a9a8f36d 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -63,3 +63,4 @@ /dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 +/dev/st54spi u:object_r:st54spi_device:s0 diff --git a/vendor/hal_secure_element_st54spi.te b/vendor/hal_secure_element_st54spi.te index cc4a29b4..7f0de314 100644 --- a/vendor/hal_secure_element_st54spi.te +++ b/vendor/hal_secure_element_st54spi.te @@ -1,4 +1,6 @@ type hal_secure_element_st54spi, domain; type hal_secure_element_st54spi_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(hal_secure_element_st54spi) - +hal_server_domain(hal_secure_element_st54spi, hal_secure_element) +allow hal_secure_element_st54spi st54spi_device:chr_file rw_file_perms; +set_prop(hal_secure_element_st54spi, vendor_secure_element_prop)