restart other domains
Bug: 254378739 Test: boot to home Change-Id: Iddd16a969514e9e74f20793a1b7a02d328d6afbf
This commit is contained in:
Adam Shih
parent
f5fc404dca
commit
f1bdfb4013
9 changed files with 16 additions and 111 deletions
|
|
@ -23,7 +23,6 @@
|
|||
/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0
|
||||
/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0
|
||||
|
||||
# Vendor Firmwares
|
||||
/vendor/firmware/mali_csffw\.bin u:object_r:same_process_hal_file:s0
|
||||
|
|
|
|||
|
|
@ -1,9 +0,0 @@
|
|||
type gxp_logging, domain;
|
||||
type gxp_logging_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(gxp_logging)
|
||||
|
||||
# The logging service accesses /dev/gxp
|
||||
allow gxp_logging gxp_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow gxp tracing service to send packets to Perfetto
|
||||
userdebug_or_eng(`perfetto_producer(gxp_logging)')
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
# Allow context hub HAL to communicate with daemon via socket
|
||||
allow hal_contexthub_default chre:unix_stream_socket connectto;
|
||||
allow hal_contexthub_default chre_socket:sock_file write;
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
|
||||
allow hal_fingerprint_default dmabuf_system_heap_device:chr_file r_file_perms;
|
||||
|
||||
allow hal_fingerprint_default fwk_stats_service:service_manager find;
|
||||
get_prop(hal_fingerprint_default, fingerprint_ghbm_prop)
|
||||
set_prop(hal_fingerprint_default, vendor_fingerprint_prop)
|
||||
add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice)
|
||||
|
||||
# allow fingerprint to access power hal
|
||||
hal_client_domain(hal_fingerprint_default, hal_power);
|
||||
|
||||
# Allow access to the files of CDT information.
|
||||
r_dir_file(hal_fingerprint_default, sysfs_chosen)
|
||||
|
||||
# Allow fingerprint to access calibration blk device.
|
||||
allow hal_fingerprint_default mfg_data_block_device:blk_file rw_file_perms;
|
||||
allow hal_fingerprint_default block_device:dir search;
|
||||
|
||||
# Allow fingerprint to access fwk_sensor_hwservice
|
||||
allow hal_fingerprint_default fwk_sensor_hwservice:hwservice_manager find;
|
||||
|
||||
# Allow fingerprint to read sysfs_display
|
||||
allow hal_fingerprint_default sysfs_display:file r_file_perms;
|
||||
|
|
@ -1,68 +0,0 @@
|
|||
#
|
||||
# USF sensor HAL SELinux type enforcements.
|
||||
#
|
||||
|
||||
# Allow access to the AoC communication driver.
|
||||
allow hal_sensors_default aoc_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow access to CHRE socket to connect to nanoapps.
|
||||
allow hal_sensors_default chre:unix_stream_socket connectto;
|
||||
allow hal_sensors_default chre_socket:sock_file write;
|
||||
|
||||
# Allow create thread to watch AOC's device.
|
||||
allow hal_sensors_default device:dir r_dir_perms;
|
||||
|
||||
# Allow access for dynamic sensor properties.
|
||||
get_prop(hal_sensors_default, vendor_dynamic_sensor_prop)
|
||||
|
||||
# Allow access to raw HID devices for dynamic sensors.
|
||||
allow hal_sensors_default hidraw_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow SensorSuez to connect AIDL stats.
|
||||
allow hal_sensors_default fwk_stats_service:service_manager find;
|
||||
|
||||
# Allow reading of sensor registry persist files and camera persist files.
|
||||
allow hal_sensors_default mnt_vendor_file:dir search;
|
||||
allow hal_sensors_default persist_file:dir search;
|
||||
allow hal_sensors_default persist_file:file r_file_perms;
|
||||
allow hal_sensors_default persist_sensor_reg_file:dir r_dir_perms;
|
||||
allow hal_sensors_default persist_sensor_reg_file:file r_file_perms;
|
||||
r_dir_file(hal_sensors_default, persist_camera_file)
|
||||
|
||||
# Allow creation and writing of sensor registry data files.
|
||||
allow hal_sensors_default sensor_reg_data_file:dir r_dir_perms;
|
||||
allow hal_sensors_default sensor_reg_data_file:file r_file_perms;
|
||||
|
||||
# Allow access to the display info for ALS.
|
||||
allow hal_sensors_default sysfs_display:file rw_file_perms;
|
||||
|
||||
# Allow access to the AoC clock and kernel boot time sys FS node. This is needed
|
||||
# to synchronize the AP and AoC clock timestamps.
|
||||
allow hal_sensors_default sysfs_aoc:dir search;
|
||||
allow hal_sensors_default sysfs_aoc_boottime:file r_file_perms;
|
||||
|
||||
# Allow access to the files of CDT information.
|
||||
allow hal_sensors_default sysfs_chosen:dir search;
|
||||
allow hal_sensors_default sysfs_chosen:file r_file_perms;
|
||||
|
||||
# Allow access to sensor service for sensor_listener.
|
||||
binder_call(hal_sensors_default, system_server);
|
||||
|
||||
# Allow sensor HAL to reset AOC.
|
||||
allow hal_sensors_default sysfs_aoc_reset:file rw_file_perms;
|
||||
|
||||
# Allow sensor HAL to read AoC dumpstate.
|
||||
allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms;
|
||||
|
||||
# Allow sensor HAL to access the display service HAL
|
||||
allow hal_sensors_default hal_pixel_display_service:service_manager find;
|
||||
|
||||
# Allow display_info_service access to the backlight driver.
|
||||
allow hal_sensors_default sysfs_leds:dir search;
|
||||
allow hal_sensors_default sysfs_leds:file r_file_perms;
|
||||
|
||||
# Allow sensor HAL to access the graphics composer.
|
||||
binder_call(hal_sensors_default, hal_graphics_composer_default);
|
||||
|
||||
# Allow display_info_service access to the backlight driver.
|
||||
allow hal_sensors_default sysfs_write_leds:file rw_file_perms;
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
recovery_only(`
|
||||
allow recovery sysfs_ota:file rw_file_perms;
|
||||
allow recovery citadel_device:chr_file rw_file_perms;
|
||||
allow recovery st54spi_device:chr_file rw_file_perms;
|
||||
')
|
||||
|
|
@ -8,4 +8,15 @@ userdebug_or_eng(`
|
|||
permissive charger_vendor;
|
||||
permissive chre;
|
||||
permissive kernel;
|
||||
permissive bootanim;
|
||||
permissive hal_graphics_allocator_default;
|
||||
permissive hal_graphics_composer_default;
|
||||
permissive hal_health_storage_default;
|
||||
permissive hal_nfc_default;
|
||||
permissive hal_power_stats_default;
|
||||
permissive hal_fingerprint_default;
|
||||
permissive gxp_logging;
|
||||
permissive hal_contexthub_default;
|
||||
permissive hal_sensors_default;
|
||||
permissive recovery;
|
||||
')
|
||||
|
|
|
|||
1
vendor/file_contexts
vendored
1
vendor/file_contexts
vendored
|
|
@ -2,6 +2,7 @@
|
|||
/vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.dumpstate-service\.zuma u:object_r:hal_dumpstate_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zuma u:object_r:hal_bootctl_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0
|
||||
|
||||
# Vendor Firmwares
|
||||
/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
|
||||
|
|
|
|||
4
vendor/gxp_logging.te
vendored
Normal file
4
vendor/gxp_logging.te
vendored
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
type gxp_logging, domain;
|
||||
type gxp_logging_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(gxp_logging)
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue