9687d162bc
1. Add init-check_ap_pd_auth-sh for the vendor daemon script
`/vendor/bin/init.check_ap_pd_auth.sh`.
2. Add policy for properties `ro.vendor.sjtag_{ap,gsa}_is_unlocked` for
init, init-check_ap_pd_auth-sh and ssr_detector to access them.
SjtagService: type=1400 audit(0.0:1005): avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1
SjtagService: type=1400 audit(0.0:1006): avc: denied { getattr } for path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1
SjtagService: type=1400 audit(0.0:1007): avc: denied { map } for path="/dev/__properties__/u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=379 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=1
SjtagService: type=1400 audit(0.0:1008): avc: denied { write } for name="property_service" dev="tmpfs" ino=446 scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
SjtagService: type=1400 audit(0.0:1009): avc: denied { connectto } for path="/dev/socket/property_service" scontext=u:r:ssr_detector_app:s0:c512,c768 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
Bug: 299043634
Change-Id: I6b2abf69fca9b4765f2dfb7ed82e6546159e96e9
43 lines
3.6 KiB
Text
43 lines
3.6 KiB
Text
# Binaries
|
|
/vendor/bin/init\.radio\.sh u:object_r:init_radio_exec:s0
|
|
/vendor/bin/bipchmgr u:object_r:bipchmgr_exec:s0
|
|
/vendor/bin/vcd u:object_r:vcd_exec:s0
|
|
/vendor/bin/dmd u:object_r:dmd_exec:s0
|
|
/vendor/bin/sced u:object_r:sced_exec:s0
|
|
/vendor/bin/rfsd u:object_r:rfsd_exec:s0
|
|
/vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0
|
|
/vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0
|
|
/vendor/bin/modem_ml_svc_sit u:object_r:modem_ml_svc_sit_exec:s0
|
|
/vendor/bin/cbd u:object_r:cbd_exec:s0
|
|
/vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0
|
|
/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0
|
|
/vendor/bin/init\.check_ap_pd_auth\.sh u:object_r:init-check_ap_pd_auth-sh_exec:s0
|
|
|
|
# Config files
|
|
/vendor/etc/modem_ml_models\.conf u:object_r:modem_config_file:s0
|
|
|
|
# Data
|
|
/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0
|
|
/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
|
|
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
|
|
/data/vendor/modem_ml(/.*)? u:object_r:modem_ml_data_file:s0
|
|
/data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0
|
|
/data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0
|
|
|
|
# vendor extra images
|
|
/mnt/vendor/efs(/.*)? u:object_r:modem_efs_file:s0
|
|
/mnt/vendor/efs_backup(/.*)? u:object_r:modem_efs_file:s0
|
|
/mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0
|
|
/mnt/vendor/modem_userdata(/.*)? u:object_r:modem_userdata_file:s0
|
|
/mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0
|
|
|
|
# Devices
|
|
/dev/ttyGS[0-3] u:object_r:serial_device:s0
|
|
/dev/oem_ipc[0-7] u:object_r:radio_device:s0
|
|
/dev/oem_test u:object_r:radio_device:s0
|
|
/dev/umts_boot0 u:object_r:radio_device:s0
|
|
/dev/umts_ipc0 u:object_r:radio_device:s0
|
|
/dev/umts_ipc1 u:object_r:radio_device:s0
|
|
/dev/umts_rfs0 u:object_r:radio_device:s0
|
|
/dev/umts_dm0 u:object_r:radio_device:s0
|
|
/dev/umts_router u:object_r:radio_device:s0
|