Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Sync with device/google/zuma-sepolicy a89fbcc4aa1ae

Browse source 
fix build breakage:
device/google/zumapro-sepolicy/legacy/whitechapel_pro/file.te:4:ERROR 'Duplicate declaration of type' at token ';' on line 104436:
type tcpdump_vendor_data_file, file_type, data_file_type;
type updated_wifi_firmware_data_file, file_type, data_file_type;

Bug: 272725898
Change-Id: Ic17d18409c28760d172a4ee7a5beb6c90016a381
This commit is contained in:
Robin Peng 2023-04-30 00:59:33 +00:00
parent 129741a269
commit 30ab759177
59 changed files with 160 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

1
vendor/bootanim.te vendored
View file

@ -1 +1,2 @@
allow bootanim arm_mali_platform_service:service_manager find;
dontaudit bootanim system_data_file:dir { search };

7
vendor/charger_vendor.te vendored Normal file
View file

@ -0,0 +1,7 @@
# charger_vendor for battery in off-mode charging
allow charger_vendor mnt_vendor_file:dir search;
allow charger_vendor persist_file:dir search;
allow charger_vendor sysfs_batteryinfo:file w_file_perms;
allow charger_vendor sysfs_scsi_devices_0000:file r_file_perms;
dontaudit charger_vendor default_prop:file r_file_perms;
set_prop(charger_vendor, vendor_battery_defender_prop)

4
vendor/device.te vendored
View file

@ -13,6 +13,10 @@ type uci_device, dev_type;
type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type;
type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type;
# SecureElement SPI device
type st54spi_device, dev_type;
# OTA
type sda_block_device, dev_type;

0
vendor/dump_cma.te vendored
View file

2
vendor/dumpstate.te vendored
View file

@ -3,6 +3,8 @@ dump_hal(hal_graphics_composer)
dump_hal(hal_health)
dump_hal(hal_telephony)
dump_hal(hal_confirmationui)
binder_call(dumpstate, hal_wireless_charger)

3
vendor/file.te vendored
View file

@ -30,6 +30,9 @@ type sysfs_wlc, sysfs_type, fs_type;
# CHRE
type chre_socket, file_type;
# BT
type vendor_bt_data_file, file_type, data_file_type;
# Data
type sensor_reg_data_file, file_type, data_file_type;

34
vendor/file_contexts vendored
View file

@ -3,7 +3,7 @@
/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0
/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0
/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_st54spi_exec:s0
/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0
@ -12,6 +12,7 @@
/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0
/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0
/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0
/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0
/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0
/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0
/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0
@ -26,6 +27,7 @@
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0
/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0
/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0
# Vendor Firmwares
/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
@ -34,6 +36,8 @@
# Vendor libraries
/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0
# Vendor
/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0
# persist
/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0
@ -44,6 +48,7 @@
# Devices
/dev/bbd_pwrstat u:object_r:power_stats_device:s0
/dev/edgetpu-soc u:object_r:edgetpu_device:s0
/dev/block/sda u:object_r:sda_block_device:s0
/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0
/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0
/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0
@ -99,23 +104,29 @@
/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0
/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0
/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0
/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0
/dev/logbuffer_bd u:object_r:logbuffer_device:s0
/dev/lwis-act-jotnar u:object_r:lwis_device:s0
/dev/lwis-act-slenderman u:object_r:lwis_device:s0
/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0
/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0
/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0
/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0
/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0
/dev/lwis-act-jotnar u:object_r:lwis_device:s0
/dev/lwis-act-nessie u:object_r:lwis_device:s0
/dev/lwis-act-slenderman u:object_r:lwis_device:s0
/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0
/dev/lwis-be-core u:object_r:lwis_device:s0
/dev/lwis-csi u:object_r:lwis_device:s0
/dev/lwis-dpm u:object_r:lwis_device:s0
/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0
/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0
/dev/lwis-eeprom-gt24p64e-imentet u:object_r:lwis_device:s0
/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0
/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0
/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0
/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0
/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0
/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0
/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0
/dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0
/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0
/dev/lwis-g3aa u:object_r:lwis_device:s0
@ -129,27 +140,31 @@
/dev/lwis-isp-fe u:object_r:lwis_device:s0
/dev/lwis-lme u:object_r:lwis_device:s0
/dev/lwis-mcsc u:object_r:lwis_device:s0
/dev/lwis-ois-djinn u:object_r:lwis_device:s0
/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0
/dev/lwis-ois-humbaba u:object_r:lwis_device:s0
/dev/lwis-ois-jotnar u:object_r:lwis_device:s0
/dev/lwis-ois-djinn u:object_r:lwis_device:s0
/dev/lwis-ois-nessie u:object_r:lwis_device:s0
/dev/lwis-pdp u:object_r:lwis_device:s0
/dev/lwis-scsc u:object_r:lwis_device:s0
/dev/lwis-sensor-boitata u:object_r:lwis_device:s0
/dev/lwis-sensor-buraq u:object_r:lwis_device:s0
/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0
/dev/lwis-sensor-imentet u:object_r:lwis_device:s0
/dev/lwis-sensor-kraken u:object_r:lwis_device:s0
/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0
/dev/lwis-sensor-leshen u:object_r:lwis_device:s0
/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0
/dev/lwis-sensor-nagual u:object_r:lwis_device:s0
/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0
/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0
/dev/lwis-slc u:object_r:lwis_device:s0
/dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0
/dev/lwis-top u:object_r:lwis_device:s0
/dev/lwis-tof-vl53l8 u:object_r:lwis_device:s0
# Although stmvl53l1_ranging is not a real lwis_device but we treat it as an abstract lwis_device.
# Binding it here with lwis-tof-vl53l8 for a better maintenance instead of creating another device type.
/dev/stmvl53l1_ranging u:object_r:lwis_device:s0
/dev/lwis-tof-tarasque u:object_r:lwis_device:s0
# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device.
# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type.
/dev/ispolin_ranging u:object_r:lwis_device:s0
/dev/lwis-votf u:object_r:lwis_device:s0
/dev/st54spi u:object_r:st54spi_device:s0
/dev/trusty-ipc-dev0 u:object_r:tee_device:s0
@ -160,6 +175,7 @@
/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0
/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0
/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0
/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0
/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0
/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0
/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0

6
vendor/genfs_contexts vendored
View file

@ -11,6 +11,8 @@ genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo
# Fabric
genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0
genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0
genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0
genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0
# EdgeTPU
genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0
@ -446,6 +448,7 @@ genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup/wakeup
genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0
# Trusty
genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0
@ -456,6 +459,9 @@ genfscon sysfs /kernel/pixel_em/active_profile u:obje
# GPU
genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0
genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0
genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0
genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0
# GSA logs
genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0

21
vendor/google_camera_app.te vendored
View file

@ -1,15 +1,24 @@
type google_camera_app, domain, coredomain;
app_domain(google_camera_app)
net_domain(google_camera_app)
# Allows camera app to access the GXP device.
allow google_camera_app app_api_service:service_manager find;
allow google_camera_app audioserver_service:service_manager find;
allow google_camera_app cameraserver_service:service_manager find;
allow google_camera_app mediaextractor_service:service_manager find;
allow google_camera_app mediametrics_service:service_manager find;
allow google_camera_app mediaserver_service:service_manager find;
# Allows GCA to acccess the GXP device and search for the firmware file.
allow google_camera_app gxp_device:chr_file rw_file_perms;
allow google_camera_app vendor_fw_file:dir search;
# Allows camera app to access the PowerHAL.
# Allows GCA to access the PowerHAL.
hal_client_domain(google_camera_app, hal_power)
# Allow camera app to access the a subset of app services.
allow google_camera_app app_api_service:service_manager find;
# Allows GCA to access the EdgeTPU device.
# Allows GCA to find and access the EdgeTPU.
allow google_camera_app edgetpu_app_service:service_manager find;
allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
# Library code may try to access vendor properties, but should be denied
dontaudit google_camera_app vendor_default_prop:file { getattr map open };

3
vendor/hal_bluetooth_btlinux.te vendored
View file

@ -2,5 +2,8 @@
allow hal_bluetooth_btlinux aoc_device:chr_file rw_file_perms;
allow hal_bluetooth_btlinux device:dir r_dir_perms;
allow hal_bluetooth_btlinux vendor_bt_data_file:dir rw_dir_perms;
allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms;
# allow the HAL to call cccdktimesync registered callbacks
binder_call(hal_bluetooth_btlinux, vendor_cccdktimesync_app)

5
vendor/hal_camera_default.te vendored
View file

@ -7,6 +7,8 @@ allow hal_camera_default lwis_device:chr_file rw_file_perms;
# Face authentication code that is part of the camera HAL needs to allocate
# dma_bufs and access the Trusted Execution Environment device node
allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms;
allow hal_camera_default tee_device:chr_file rw_file_perms;
# Allow the camera hal to access the EdgeTPU service and the
# Android shared memory allocated by the EdgeTPU service for
@ -82,6 +84,9 @@ binder_call(hal_camera_default, hal_radioext_default);
allow hal_camera_default rls_service:service_manager find;
binder_call(hal_camera_default, rlsservice)
# Allow access to always-on compute device node
allow hal_camera_default aoc_device:chr_file rw_file_perms;
# Allow camera HAL to send trace packets to Perfetto
userdebug_or_eng(`perfetto_producer(hal_camera_default)')

2
vendor/hal_contexthub_default.te vendored Normal file
View file

@ -0,0 +1,2 @@
# Allow context hub HAL to communicate with daemon via socket
unix_socket_connect(hal_contexthub_default, chre, chre)

1
vendor/hal_graphics_allocator_default.te vendored
View file

@ -2,3 +2,4 @@ allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_p
allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms;
allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms;
allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms;
allow hal_graphics_allocator_default framebuffer_secure_heap_device:chr_file r_file_perms;

1
vendor/hal_memtrack_default.te vendored Normal file
View file

@ -0,0 +1 @@
r_dir_file(hal_memtrack_default, sysfs_gpu)

7
vendor/hal_secure_element_st54spi.te vendored
View file

@ -1,7 +0,0 @@
type hal_secure_element_st54spi, domain;
type hal_secure_element_st54spi_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_secure_element_st54spi)
hal_server_domain(hal_secure_element_st54spi, hal_secure_element)
allow hal_secure_element_st54spi st54spi_device:chr_file rw_file_perms;
allow hal_secure_element_st54spi nfc_device:chr_file rw_file_perms;
set_prop(hal_secure_element_st54spi, vendor_secure_element_prop)

7
vendor/hal_secure_element_st54spi_aidl.te vendored Normal file
View file

@ -0,0 +1,7 @@
type hal_secure_element_st54spi_aidl, domain;
type hal_secure_element_st54spi_aidl_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_secure_element_st54spi_aidl)
hal_server_domain(hal_secure_element_st54spi_aidl, hal_secure_element)
allow hal_secure_element_st54spi_aidl st54spi_device:chr_file rw_file_perms;
allow hal_secure_element_st54spi_aidl nfc_device:chr_file rw_file_perms;
set_prop(hal_secure_element_st54spi_aidl, vendor_secure_element_prop)

1
vendor/installd.te vendored Normal file
View file

@ -0,0 +1 @@
dontaudit installd modem_img_file:filesystem quotaget;

17
vendor/ofl_app.te vendored
View file

@ -1,17 +0,0 @@
# OFLBasicAgent app
type ofl_app, domain;
userdebug_or_eng(`
app_domain(ofl_app)
net_domain(ofl_app)
allow ofl_app app_api_service:service_manager find;
allow ofl_app nfc_service:service_manager find;
allow ofl_app radio_service:service_manager find;
allow ofl_app surfaceflinger_service:service_manager find;
# Access to directly update firmware on st54spi_device
typeattribute st54spi_device mlstrustedobject;
allow ofl_app st54spi_device:chr_file rw_file_perms;
')

4
vendor/pixelstats_vendor.te vendored
View file

@ -21,3 +21,7 @@ allow pixelstats_vendor sysfs_pcie:dir search;
allow pixelstats_vendor sysfs_pcie:file rw_file_perms;
allow pixelstats_vendor sysfs_pixelstats:file r_file_perms;
#Thermal
r_dir_file(pixelstats_vendor, sysfs_thermal)
allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms;

5
vendor/property.te vendored
View file

@ -11,3 +11,8 @@ vendor_internal_prop(vendor_usb_config_prop)
# Dynamic sensor
vendor_internal_prop(vendor_dynamic_sensor_prop)
# Mali Integration
vendor_restricted_prop(vendor_arm_runtime_option_prop)
# ArmNN
vendor_internal_prop(vendor_armnn_config_prop)

5
vendor/property_contexts vendored
View file

@ -18,3 +18,8 @@ vendor.usb. u:object_r:vendor_usb_config_prop:s0
# Dynamic sensor
vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0
# Mali GPU driver configuration and debug options
vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix
# ArmNN configuration
ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix

8
vendor/recovery.te vendored Normal file
View file

@ -0,0 +1,8 @@
recovery_only(`
allow recovery sysfs_ota:file rw_file_perms;
allow recovery st54spi_device:chr_file rw_file_perms;
allow recovery tee_device:chr_file rw_file_perms;
allow recovery sysfs_scsi_devices_0000:file r_file_perms;
allow recovery sysfs_scsi_devices_0000:dir r_dir_perms;
set_prop(recovery, boottime_prop)
')

3
vendor/seapp_contexts vendored
View file

@ -4,9 +4,6 @@ user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel dom
# coredump/ramdump
user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
# Domain for OFLBasicAgentApp to support NFC/eSIM fw upgrade
user=_app isPrivApp=true seinfo=platform name=com.thales.device.ofl.app.omapi_agent domain=ofl_app type=app_data_file levelFrom=user
# Domain for connectivity monitor
user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all

4
vendor/systemui_app.te vendored
View file

@ -7,10 +7,14 @@ allow systemui_app color_display_service:service_manager find;
allow systemui_app audioserver_service:service_manager find;
allow systemui_app cameraserver_service:service_manager find;
allow systemui_app mediaserver_service:service_manager find;
allow systemui_app mediaextractor_service:service_manager find;
allow systemui_app mediametrics_service:service_manager find;
allow systemui_app radio_service:service_manager find;
allow systemui_app vr_manager_service:service_manager find;
get_prop(systemui_app, keyguard_config_prop)
set_prop(systemui_app, bootanim_system_prop)
get_prop(systemui_app, qemu_hw_prop)
allow systemui_app pixel_battery_service_type:service_manager find;
binder_call(systemui_app, pixel_battery_domain)

18
vendor/tcpdump_logger.te vendored
View file

@ -1,5 +1,21 @@
type tcpdump_logger, domain;
type tcpdump_logger_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(tcpdump_logger)
userdebug_or_eng(`
# make transition from init to its domain
init_daemon_domain(tcpdump_logger)
allow tcpdump_logger self:capability net_raw;
allow tcpdump_logger self:packet_socket create_socket_perms;
allowxperm tcpdump_logger self:packet_socket ioctl 0x8933;
allow tcpdump_logger tcpdump_exec:file rx_file_perms;
allow tcpdump_logger tcpdump_vendor_data_file:dir create_dir_perms;
allow tcpdump_logger tcpdump_vendor_data_file:file create_file_perms;
allow tcpdump_logger tcpdump_vendor_data_file:dir search;
allow tcpdump_logger radio_vendor_data_file:file create_file_perms;
allow tcpdump_logger radio_vendor_data_file:dir create_dir_perms;
allow tcpdump_logger wifi_logging_data_file:file create_file_perms;
allow tcpdump_logger wifi_logging_data_file:dir create_dir_perms;
set_prop(tcpdump_logger, vendor_tcpdump_log_prop)
')

1
vendor/update_engine.te vendored
View file

@ -1,2 +1,3 @@
allow update_engine custom_ab_block_device:blk_file rw_file_perms;
allow update_engine modem_block_device:blk_file rw_file_perms;
allow update_engine proc_bootconfig:file r_file_perms;

6
vendor/vendor_init.te vendored
View file

@ -29,3 +29,9 @@ set_prop(vendor_init, vendor_usb_config_prop)
# Mali
set_prop(vendor_init, vendor_arm_runtime_option_prop)
set_prop(vendor_init, vendor_ssrdump_prop)
# ArmNN
set_prop(vendor_init, vendor_armnn_config_prop)
# MM
allow vendor_init proc_watermark_scale_factor:file w_file_perms;