From e759711bf5945df1c6d72bc6a8d27aa71eb51774 Mon Sep 17 00:00:00 2001 From: Rick Chen Date: Fri, 3 Nov 2023 20:10:49 +0800 Subject: [PATCH] sensors: Move USF related sepolicy to gs-common. Bug: 305120274 Test: Compile pass. Change-Id: Id2d47bcf49d21bc7144145d07fd54bddf3e9033c Signed-off-by: Rick Chen --- legacy/whitechapel_pro/file.te | 1 - legacy/whitechapel_pro/file_contexts | 4 -- legacy/whitechapel_pro/te_macros | 14 ------ legacy/zuma/vendor/file.te | 2 - legacy/zuma/vendor/hal_sensors_default.te | 60 ++++++----------------- 5 files changed, 14 insertions(+), 67 deletions(-) delete mode 100644 legacy/whitechapel_pro/te_macros diff --git a/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te index db0b31f..786e5f4 100644 --- a/legacy/whitechapel_pro/file.te +++ b/legacy/whitechapel_pro/file.te @@ -3,7 +3,6 @@ type updated_wifi_firmware_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; type powerstats_vendor_data_file, file_type, data_file_type; -type sensor_debug_data_file, file_type, data_file_type; # sysfs type bootdevice_sysdev, dev_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index 50db736..8da8ce1 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -40,12 +40,8 @@ /data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0 /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 -/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 /dev/battery_history u:object_r:battery_history_device:s0 /data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 -# Persist -/mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 - # Raw HID device /dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/legacy/whitechapel_pro/te_macros b/legacy/whitechapel_pro/te_macros deleted file mode 100644 index 01ac13c..0000000 --- a/legacy/whitechapel_pro/te_macros +++ /dev/null @@ -1,14 +0,0 @@ -# -# USF SELinux type enforcement macros. -# - -# -# usf_low_latency_transport(domain) -# -# Allows domain use of the USF low latency transport. -# -define(`usf_low_latency_transport', ` - allow $1 hal_graphics_mapper_hwservice:hwservice_manager find; - hal_client_domain($1, hal_graphics_allocator) -') - diff --git a/legacy/zuma/vendor/file.te b/legacy/zuma/vendor/file.te index 4c01d25..87308f3 100644 --- a/legacy/zuma/vendor/file.te +++ b/legacy/zuma/vendor/file.te @@ -2,7 +2,6 @@ type persist_display_file, file_type, vendor_persist_type; type persist_battery_file, file_type, vendor_persist_type; type persist_camera_file, file_type, vendor_persist_type; -type persist_sensor_reg_file, file_type, vendor_persist_type; type persist_fingerprint_file, file_type, vendor_persist_type; #sysfs @@ -35,7 +34,6 @@ type chre_socket, file_type; type vendor_bt_data_file, file_type, data_file_type; # Data -type sensor_reg_data_file, file_type, data_file_type; type chre_data_file, file_type, data_file_type; type vendor_fingerprint_data_file, file_type, data_file_type; diff --git a/legacy/zuma/vendor/hal_sensors_default.te b/legacy/zuma/vendor/hal_sensors_default.te index b9f6a72..7267dd3 100644 --- a/legacy/zuma/vendor/hal_sensors_default.te +++ b/legacy/zuma/vendor/hal_sensors_default.te @@ -1,58 +1,26 @@ -# Allow access to the AoC communication driver. -allow hal_sensors_default aoc_device:chr_file rw_file_perms; - -# Allow create thread to watch AOC's device. -allow hal_sensors_default device:dir r_dir_perms; - -# Allow access to CHRE socket to connect to nanoapps. -allow hal_sensors_default chre:unix_stream_socket connectto; -allow hal_sensors_default chre_socket:sock_file write; - -# Allow SensorSuez to connect AIDL stats. -allow hal_sensors_default fwk_stats_service:service_manager find; - -# Allow sensor HAL to access the graphics composer. -binder_call(hal_sensors_default, hal_graphics_composer_default); - -# Allow sensor HAL to access the display service HAL -allow hal_sensors_default hal_pixel_display_service:service_manager find; - -# Allow reading of sensor registry persist files and camera persist files. -allow hal_sensors_default mnt_vendor_file:dir search; -allow hal_sensors_default persist_file:dir search; -allow hal_sensors_default persist_file:file r_file_perms; -allow hal_sensors_default persist_sensor_reg_file:dir r_dir_perms; -allow hal_sensors_default persist_sensor_reg_file:file r_file_perms; +# Allow reading of camera persist files. r_dir_file(hal_sensors_default, persist_camera_file) -# Allow creation and writing of sensor registry data files. -allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms; -allow hal_sensors_default sensor_reg_data_file:file create_file_perms; +# Allow access to the files of CDT information. +r_dir_file(hal_sensors_default, sysfs_chosen) -# Allow access to the sysfs_aoc. -allow hal_sensors_default sysfs_aoc:dir search; -allow hal_sensors_default sysfs_aoc:file r_file_perms; - -# Allow access to the AoC clock and kernel boot time sys FS node. This is needed -# to synchronize the AP and AoC clock timestamps. -allow hal_sensors_default sysfs_aoc_boottime:file r_file_perms; +# Allow sensor HAL to access the thermal service HAL +hal_client_domain(hal_sensors_default, hal_thermal); # Allow display_info_service access to the backlight driver. allow hal_sensors_default sysfs_write_leds:file rw_file_perms; -# Allow access to sensor service for sensor_listener. -binder_call(hal_sensors_default, system_server); - # Allow access for dynamic sensor properties. get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) -# Allow access to the display info for ALS. -allow hal_sensors_default sysfs_display:file rw_file_perms; +# Allow access to raw HID devices for dynamic sensors. +allow hal_sensors_default hidraw_device:chr_file rw_file_perms; -# Allow access to the files of CDT information. -allow hal_sensors_default sysfs_chosen:dir search; -allow hal_sensors_default sysfs_chosen:file r_file_perms; +# Allow sensor HAL to access the display service HAL +allow hal_sensors_default hal_pixel_display_service:service_manager find; -# Allow display_info_service access to the backlight driver. -allow hal_sensors_default sysfs_leds:dir search; -allow hal_sensors_default sysfs_leds:file r_file_perms; +# Allow sensor HAL to access the graphics composer. +binder_call(hal_sensors_default, hal_graphics_composer_default) + +# Allow access to the power supply files for MagCC. +allow hal_sensors_default sysfs_wlc:dir r_dir_perms;