Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

isolate samsung modem related sepolicy

Browse source 
Bug: 254378739
Test: boot with relevant binary launched
Change-Id: Ia18fce855bee17b93d97d1aa29a40d834a81fe09
This commit is contained in:
Adam Shih 2022-11-09 10:39:05 +08:00
parent a91e557579
commit d55543c288
40 changed files with 45 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

1
legacy/whitechapel_pro/file_contexts
View file

@ -1,5 +1,4 @@
# Binaries # Binaries
/vendor/bin/dmd u:object_r:dmd_exec:s0
/vendor/bin/vcd u:object_r:vcd_exec:s0 /vendor/bin/vcd u:object_r:vcd_exec:s0
/vendor/bin/chre u:object_r:chre_exec:s0 /vendor/bin/chre u:object_r:chre_exec:s0
/vendor/bin/bipchmgr u:object_r:bipchmgr_exec:s0 /vendor/bin/bipchmgr u:object_r:bipchmgr_exec:s0

0
vendor/cbd.te → radio/cbd.te
View file

0
vendor/cbrs_setup.te → radio/cbrs_setup.te
View file

0
vendor/certs/com_google_mds.x509.pem → radio/certs/com_google_mds.x509.pem
View file

0
vendor/device.te → radio/device.te
View file

0
vendor/dmd.te → radio/dmd.te
View file

0
vendor/file.te → radio/file.te
View file

35
radio/file_contexts Normal file
View file

@ -0,0 +1,35 @@
# Binaries
/vendor/bin/dmd u:object_r:dmd_exec:s0
/vendor/bin/sced u:object_r:sced_exec:s0
/vendor/bin/rfsd u:object_r:rfsd_exec:s0
/vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0
/vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0
/vendor/bin/cbd u:object_r:cbd_exec:s0
/vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0
/vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0
# Data
/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0
/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
/data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0
/data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0
# vendor extra images
/mnt/vendor/efs(/.*)? u:object_r:modem_efs_file:s0
/mnt/vendor/efs_backup(/.*)? u:object_r:modem_efs_file:s0
/mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0
/mnt/vendor/modem_userdata(/.*)? u:object_r:modem_userdata_file:s0
/mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0
# Devices
/dev/ttyGS[0-3] u:object_r:serial_device:s0
/dev/oem_ipc[0-7] u:object_r:radio_device:s0
/dev/umts_boot0 u:object_r:radio_device:s0
/dev/umts_ipc0 u:object_r:radio_device:s0
/dev/umts_ipc1 u:object_r:radio_device:s0
/dev/umts_rfs0 u:object_r:radio_device:s0
/dev/umts_dm0 u:object_r:radio_device:s0
/dev/umts_router u:object_r:radio_device:s0
/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0

6
radio/genfs_contexts Normal file
View file

@ -0,0 +1,6 @@
# SJTAG
genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0
genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_r:sysfs_sjtag:s0
genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0

0
vendor/gpsd.te → radio/gpsd.te
View file

0
vendor/grilservice_app.te → radio/grilservice_app.te
View file

0
vendor/hwservice.te → radio/hwservice.te
View file

0
vendor/hwservice_contexts → radio/hwservice_contexts
View file

0
vendor/init.te → radio/init.te
View file

3
radio/keys.conf Normal file
View file

@ -0,0 +1,3 @@
[@MDS]
ALL : device/google/zuma-sepolicy/radio/certs/com_google_mds.x509.pem

0
vendor/mac_permissions.xml → radio/mac_permissions.xml
View file

0
vendor/modem_diagnostic_app.te → radio/modem_diagnostic_app.te
View file

0
vendor/modem_logging_control.te → radio/modem_logging_control.te
View file

0
vendor/modem_svc_sit.te → radio/modem_svc_sit.te
View file

0
vendor/oemrilservice_app.te → radio/oemrilservice_app.te
View file

0
vendor/property.te → radio/property.te
View file

0
vendor/property_contexts → radio/property_contexts
View file

0
vendor/rfsd.te → radio/rfsd.te
View file

0
vendor/rild.te → radio/rild.te
View file

0
vendor/sced.te → radio/sced.te
View file

0
vendor/seapp_contexts → radio/seapp_contexts
View file

0
vendor/ssr_detector.te → radio/ssr_detector.te
View file

0
vendor/vendor_engineermode_app.te → radio/vendor_engineermode_app.te
View file

0
vendor/vendor_ims_app.te → radio/vendor_ims_app.te
View file

0
vendor/vendor_init.te → radio/vendor_init.te
View file

0
vendor/vendor_qualifiednetworks_app.te → radio/vendor_qualifiednetworks_app.te
View file

0
vendor/vendor_rcs_app.te → radio/vendor_rcs_app.te
View file

0
vendor/vendor_silentlogging_remote_app.te → radio/vendor_silentlogging_remote_app.te
View file

0
vendor/vendor_telephony_debug_app.te → radio/vendor_telephony_debug_app.te
View file

0
vendor/vendor_telephony_silentlogging_app.te → radio/vendor_telephony_silentlogging_app.te
View file

0
vendor/vendor_telephony_test_app.te → radio/vendor_telephony_test_app.te
View file

34
vendor/file_contexts vendored
View file

@ -1,37 +1,3 @@
# Binaries
/vendor/bin/sced u:object_r:sced_exec:s0
/vendor/bin/rfsd u:object_r:rfsd_exec:s0
/vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0
/vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0
/vendor/bin/cbd u:object_r:cbd_exec:s0
/vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0
/vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0
# Data
/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0
/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
/data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0
/data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0
# vendor extra images
/mnt/vendor/efs(/.*)? u:object_r:modem_efs_file:s0
/mnt/vendor/efs_backup(/.*)? u:object_r:modem_efs_file:s0
/mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0
/mnt/vendor/modem_userdata(/.*)? u:object_r:modem_userdata_file:s0
/mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0
# Vendor Firmwares # Vendor Firmwares
/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
# Devices
/dev/ttyGS[0-3] u:object_r:serial_device:s0
/dev/oem_ipc[0-7] u:object_r:radio_device:s0
/dev/umts_boot0 u:object_r:radio_device:s0
/dev/umts_ipc0 u:object_r:radio_device:s0
/dev/umts_ipc1 u:object_r:radio_device:s0
/dev/umts_rfs0 u:object_r:radio_device:s0
/dev/umts_dm0 u:object_r:radio_device:s0
/dev/umts_router u:object_r:radio_device:s0
/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0

6
vendor/genfs_contexts vendored
View file

@ -1,9 +1,3 @@
# SJTAG
genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0
genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_r:sysfs_sjtag:s0
genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0
# wake up nodes # wake up nodes
genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0

3
vendor/keys.conf vendored
View file

@ -1,3 +0,0 @@
[@MDS]
ALL : device/google/zuma-sepolicy/vendor/certs/com_google_mds.x509.pem

1
zuma-sepolicy.mk
View file

@ -1,5 +1,6 @@
# sepolicy that are shared among devices using whitechapel # sepolicy that are shared among devices using whitechapel
BOARD_SEPOLICY_DIRS += device/google/zuma-sepolicy/vendor BOARD_SEPOLICY_DIRS += device/google/zuma-sepolicy/vendor
BOARD_SEPOLICY_DIRS += device/google/zuma-sepolicy/radio
# unresolved SELinux error log with bug tracking # unresolved SELinux error log with bug tracking
BOARD_SEPOLICY_DIRS += device/google/zuma-sepolicy/tracking_denials BOARD_SEPOLICY_DIRS += device/google/zuma-sepolicy/tracking_denials